dorkbox/Network
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent AES IV leak

Browse Source
This commit is contained in:
nathan 2019-06-15 00:42:38 +02:00
parent 786b00932e
commit 1a63affdcc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/dorkbox/network/connection/KryoExtra.java
View File

@ -17,6 +17,7 @@ package dorkbox.network.connection;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
@ -377,6 +378,8 @@ class KryoExtra extends Kryo {
// write out our IV
buffer.writeBytes(iv, 0, IV_LENGTH_BYTE);
Arrays.fill(iv, (byte) 0); // overwrite the IV with zeros so we can't leak this value
// have to copy over the orig data, because we used the temp buffer
buffer.writeBytes(writer.getBuffer(), 0, encryptedLength);