From af86a9a8b899eeb3c1c464cb0c54218acd788fa6 Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Wed, 10 Oct 2018 15:06:58 -0400
Subject: clear out plaintext buffers in Android SDK where possible

---
 android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java')

diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java
index 03d055a..ea838f1 100644
--- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java
+++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java
@@ -18,6 +18,8 @@ package org.matrix.olm;
 
 import android.util.Log;
 
+import java.util.Arrays;
+
 public class OlmPkDecryption {
     private static final String LOG_TAG = "OlmPkDecryption";
 
@@ -67,7 +69,10 @@ public class OlmPkDecryption {
         }
 
         try {
-            return new String(decryptJni(aMessage), "UTF-8");
+            byte[] plaintextBuffer = decryptJni(aMessage);
+            String plaintext = new String(plaintextBuffer, "UTF-8");
+            Arrays.fill(plaintextBuffer, (byte) 0);
+            return plaintext;
         } catch (Exception e) {
             Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage());
             throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage());
-- 
cgit v1.2.3