Commit 8e554ab5 authored by Richard van der Hoff's avatar Richard van der Hoff
Browse files

Avoid buffer overrun on encryption

Make sure we null-terminate encrypted strings before passing them to
UTF8ToString.

This used to work when we allocated the buffer on the stack, because it turns
out that allocate() zeroinits the returned memory. malloc(), of course, does
not.
parent 7fd63bca
...@@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) { ...@@ -83,6 +83,14 @@ OutboundGroupSession.prototype['encrypt'] = function(plaintext) {
plaintext_buffer, plaintext_length, plaintext_buffer, plaintext_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return Module['UTF8ToString'](message_buffer); return Module['UTF8ToString'](message_buffer);
} finally { } finally {
if (plaintext_buffer !== undefined) { if (plaintext_buffer !== undefined) {
......
...@@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function( ...@@ -335,6 +335,14 @@ Session.prototype['encrypt'] = restore_stack(function(
random, random_length, random, random_length,
message_buffer, message_length message_buffer, message_length
); );
// UTF8ToString requires a null-terminated argument, so add the
// null terminator.
Module['setValue'](
message_buffer+message_length,
0, "i8"
);
return { return {
"type": message_type, "type": message_type,
"body": Module['UTF8ToString'](message_buffer), "body": Module['UTF8ToString'](message_buffer),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment