From 1c7ff7f48d121ea1108eec2247a34aaec2906e61 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 17 Oct 2018 15:50:36 -0400
Subject: more and improved buffer sanitising for Android bindings

---
 .../src/main/java/org/matrix/olm/OlmInboundGroupSession.java       | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java')

diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java
index b41c67a..2fc81ef 100644
--- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java
+++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java
@@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
             Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key");
             throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key");
         } else {
+            byte[] sessionBuffer = null;
             try {
+                sessionBuffer = aSessionKey.getBytes("UTF-8");
                 mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported);
             } catch (Exception e) {
                 throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage());
+            } finally {
+                if (null != sessionBuffer) {
+                    Arrays.fill(sessionBuffer, (byte) 0);
+                }
             }
         }
     }
@@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
 
             if (null != bytesBuffer) {
                 result = new String(bytesBuffer, "UTF-8");
+                Arrays.fill(bytesBuffer, (byte) 0);
             }
         } catch (Exception e) {
             Log.e(LOG_TAG, "## export() failed " + e.getMessage());
-- 
cgit v1.2.3