From af86a9a8b899eeb3c1c464cb0c54218acd788fa6 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 10 Oct 2018 15:06:58 -0400
Subject: clear out plaintext buffers in Android SDK where possible

---
 .../src/main/java/org/matrix/olm/OlmOutboundGroupSession.java       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java')

diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
index 0481824..e4d4a44 100644
--- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
+++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java
@@ -26,6 +26,8 @@ import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
 
+import java.util.Arrays;
+
 /**
  * Class used to create an outbound a <a href="http://matrix.org/docs/guides/e2e_implementation.html#starting-a-megolm-session">Megolm session</a>.<br>
  * To send a first message in an encrypted room, the client should start a new outbound Megolm session.
@@ -166,7 +168,9 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser
 
         if (!TextUtils.isEmpty(aClearMsg)) {
             try {
-                byte[] encryptedBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"));
+                byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8");
+                byte[] encryptedBuffer = encryptMessageJni(clearMsgBuffer);
+                Arrays.fill(clearMsgBuffer, (byte) 0);
 
                 if (null != encryptedBuffer) {
                     retValue = new String(encryptedBuffer , "UTF-8");
-- 
cgit v1.2.3