From 1c7ff7f48d121ea1108eec2247a34aaec2906e61 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 17 Oct 2018 15:50:36 -0400
Subject: more and improved buffer sanitising for Android bindings

---
 android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java')

diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java
index 26c3e60..98a3c5b 100644
--- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java
+++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java
@@ -26,6 +26,7 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.util.Arrays;
 import java.util.Map;
 
 /**
@@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
         String result = null;
 
         if (null != aMessage) {
+            byte[] utf8String = null;
             try {
-                byte[] utf8String = aMessage.getBytes("UTF-8");
-
+                utf8String = aMessage.getBytes("UTF-8");
                 if (null != utf8String) {
                     byte[] signedMessage = signMessageJni(utf8String);
 
@@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
                 }
             } catch (Exception e) {
                 throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage());
+            } finally {
+                if (null != utf8String) {
+                    Arrays.fill(utf8String, (byte) 0);
+                }
             }
         }
 
-- 
cgit v1.2.3