From 20b413bc67f5298c7b7a36cc3499401f38764740 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Fri, 18 Dec 2020 11:05:36 -0500
Subject: [PATCH] Crypto: Fix use after free (ticket #2797)

---
 router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java b/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java
index 8c81c97cb..c7d97fb94 100644
--- a/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java
+++ b/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java
@@ -347,12 +347,12 @@ public final class ElGamalAESEngine {
         //byte iv[] = new byte[16];
         //System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
         byte[] iv = halfHash(preIV);
-        SimpleByteCache.release(preIV);
 
         //_log.debug("Pre IV for decryptExistingSession: " + DataHelper.toString(preIV, 32));
         //_log.debug("SessionKey for decryptNewSession: " + DataHelper.toString(key.getData(), 32));
         byte decrypted[] = decryptAESBlock(data, 32, data.length-32, key, iv, preIV, foundTags, foundKey);
         SimpleByteCache.release(iv);
+        SimpleByteCache.release(preIV);
         if (decrypted == null) {
             // it begins with a valid session tag, but thats just a coincidence.
             //if (_log.shouldLog(Log.DEBUG))