From 93f764200ef47cf6ad683216c21d98b438897ead Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Tue, 16 Oct 2018 17:50:34 -0400 Subject: zero buffers in the JavaScript bindings --- javascript/olm_inbound_group_session.js | 62 +++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 14 deletions(-) (limited to 'javascript/olm_inbound_group_session.js') diff --git a/javascript/olm_inbound_group_session.js b/javascript/olm_inbound_group_session.js index 7d9e401..dd8e493 100644 --- a/javascript/olm_inbound_group_session.js +++ b/javascript/olm_inbound_group_session.js @@ -29,9 +29,17 @@ InboundGroupSession.prototype['pickle'] = restore_stack(function(key) { )(this.ptr); var key_buffer = stack(key_array); var pickle_buffer = stack(pickle_length + NULL_BYTE_PADDING_LENGTH); - inbound_group_session_method(Module['_olm_pickle_inbound_group_session'])( - this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length - ); + try { + inbound_group_session_method(Module['_olm_pickle_inbound_group_session'])( + this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length + ); + } finally { + // clear out copies of the pickle key + bzero(key_buffer, key_array.length) + for (var i = 0; i < key_array.length; i++) { + key_array[i] = 0; + } + } return Pointer_stringify(pickle_buffer); }); @@ -40,28 +48,52 @@ InboundGroupSession.prototype['unpickle'] = restore_stack(function(key, pickle) var key_buffer = stack(key_array); var pickle_array = array_from_string(pickle); var pickle_buffer = stack(pickle_array); - inbound_group_session_method(Module['_olm_unpickle_inbound_group_session'])( - this.ptr, key_buffer, key_array.length, pickle_buffer, - pickle_array.length - ); + try { + inbound_group_session_method(Module['_olm_unpickle_inbound_group_session'])( + this.ptr, key_buffer, key_array.length, pickle_buffer, + pickle_array.length + ); + } finally { + // clear out copies of the pickle key + bzero(key_buffer, key_array.length) + for (var i = 0; i < key_array.length; i++) { + key_array[i] = 0; + } + } }); InboundGroupSession.prototype['create'] = restore_stack(function(session_key) { var key_array = array_from_string(session_key); var key_buffer = stack(key_array); - inbound_group_session_method(Module['_olm_init_inbound_group_session'])( - this.ptr, key_buffer, key_array.length - ); + try { + inbound_group_session_method(Module['_olm_init_inbound_group_session'])( + this.ptr, key_buffer, key_array.length + ); + } finally { + // clear out copies of the key + bzero(key_buffer, key_array.length) + for (var i = 0; i < key_array.length; i++) { + key_array[i] = 0; + } + } }); InboundGroupSession.prototype['import_session'] = restore_stack(function(session_key) { var key_array = array_from_string(session_key); var key_buffer = stack(key_array); - inbound_group_session_method(Module['_olm_import_inbound_group_session'])( - this.ptr, key_buffer, key_array.length - ); + try { + inbound_group_session_method(Module['_olm_import_inbound_group_session'])( + this.ptr, key_buffer, key_array.length + ); + } finally { + // clear out copies of the key + bzero(key_buffer, key_array.length) + for (var i = 0; i < key_array.length; i++) { + key_array[i] = 0; + } + } }); InboundGroupSession.prototype['decrypt'] = restore_stack(function( @@ -140,7 +172,9 @@ InboundGroupSession.prototype['export_session'] = restore_stack(function(message outbound_group_session_method(Module['_olm_export_inbound_group_session'])( this.ptr, key, key_length, message_index ); - return Pointer_stringify(key); + var key_str = Pointer_stringify(key); + bzero(key, key_length); // clear out a copy of the key + return key_str; }); olm_exports['InboundGroupSession'] = InboundGroupSession; -- cgit v1.2.3