From 93f764200ef47cf6ad683216c21d98b438897ead Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 16 Oct 2018 17:50:34 -0400
Subject: zero buffers in the JavaScript bindings

---
 javascript/olm_outbound_group_session.js | 34 ++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

(limited to 'javascript/olm_outbound_group_session.js')

diff --git a/javascript/olm_outbound_group_session.js b/javascript/olm_outbound_group_session.js
index e232883..f1ccd3d 100644
--- a/javascript/olm_outbound_group_session.js
+++ b/javascript/olm_outbound_group_session.js
@@ -29,9 +29,17 @@ OutboundGroupSession.prototype['pickle'] = restore_stack(function(key) {
     )(this.ptr);
     var key_buffer = stack(key_array);
     var pickle_buffer = stack(pickle_length + NULL_BYTE_PADDING_LENGTH);
-    outbound_group_session_method(Module['_olm_pickle_outbound_group_session'])(
-        this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length
-    );
+    try {
+        outbound_group_session_method(Module['_olm_pickle_outbound_group_session'])(
+            this.ptr, key_buffer, key_array.length, pickle_buffer, pickle_length
+        );
+    } finally {
+        // clear out copies of the pickle key
+        bzero(key_buffer, key_array.length)
+        for (var i = 0; i < key_array.length; i++) {
+            key_array[i] = 0;
+        }
+    }
     return Pointer_stringify(pickle_buffer);
 });
 
@@ -40,10 +48,18 @@ OutboundGroupSession.prototype['unpickle'] = restore_stack(function(key, pickle)
     var key_buffer = stack(key_array);
     var pickle_array = array_from_string(pickle);
     var pickle_buffer = stack(pickle_array);
-    outbound_group_session_method(Module['_olm_unpickle_outbound_group_session'])(
-        this.ptr, key_buffer, key_array.length, pickle_buffer,
-        pickle_array.length
-    );
+    try {
+        outbound_group_session_method(Module['_olm_unpickle_outbound_group_session'])(
+            this.ptr, key_buffer, key_array.length, pickle_buffer,
+            pickle_array.length
+        );
+    } finally {
+        // clear out copies of the pickle key
+        bzero(key_buffer, key_array.length)
+        for (var i = 0; i < key_array.length; i++) {
+            key_array[i] = 0;
+        }
+    }
 });
 
 OutboundGroupSession.prototype['create'] = restore_stack(function() {
@@ -116,7 +132,9 @@ OutboundGroupSession.prototype['session_key'] = restore_stack(function() {
     outbound_group_session_method(Module['_olm_outbound_group_session_key'])(
         this.ptr, key, key_length
     );
-    return Pointer_stringify(key);
+    var key_str = Pointer_stringify(key);
+    bzero(key, key_length); // clear out our copy of the key
+    return key_str;
 });
 
 OutboundGroupSession.prototype['message_index'] = function() {
-- 
cgit v1.2.3