Crypto: Fix use after free (ticket #2797)

2020-12-18 11:05:36 -05:00
parent a9b6b86183
commit 20b413bc67
1 changed files with 1 additions and 1 deletions
--- a/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java
+++ b/router/java/src/net/i2p/router/crypto/ElGamalAESEngine.java
@@ -347,12 +347,12 @@ public final class ElGamalAESEngine {
        //byte iv[] = new byte[16];
        //System.arraycopy(ivHash.getData(), 0, iv, 0, 16);
        byte[] iv = halfHash(preIV);
-        SimpleByteCache.release(preIV);

        //_log.debug("Pre IV for decryptExistingSession: " + DataHelper.toString(preIV, 32));
        //_log.debug("SessionKey for decryptNewSession: " + DataHelper.toString(key.getData(), 32));
        byte decrypted[] = decryptAESBlock(data, 32, data.length-32, key, iv, preIV, foundTags, foundKey);
        SimpleByteCache.release(iv);
+        SimpleByteCache.release(preIV);
        if (decrypted == null) {
            // it begins with a valid session tag, but thats just a coincidence.
            //if (_log.shouldLog(Log.DEBUG))