From 1c7ff7f48d121ea1108eec2247a34aaec2906e61 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 17 Oct 2018 15:50:36 -0400
Subject: more and improved buffer sanitising for Android bindings

---
 .../src/main/java/org/matrix/olm/OlmOutboundGroupSession.java        | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java')

diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
index e4d4a44..55732fe 100644
--- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
+++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
@@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser
      */
     public String sessionKey() throws OlmException {
         try {
-            return new String(sessionKeyJni(), "UTF-8");
+            byte[] sessionKeyBuffer = sessionKeyJni();
+            String ret = new String(sessionKeyBuffer, "UTF-8");
+            Arrays.fill(sessionKeyBuffer, (byte) 0);
+            return ret;
         } catch (Exception e) {
             Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage());
             throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage());
-- 
cgit v1.2.3