From 10a9a0f557213cc6ef70110368a8a59dccb2e533 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Wed, 8 Apr 2020 11:11:16 +0200
Subject: [PATCH] Don't retain references to passed byte slices (#40)

---
 crypto/gopenpgp.go   |  8 ++++++++
 crypto/key.go        |  2 +-
 crypto/message.go    | 14 +++++++-------
 crypto/sessionkey.go |  2 +-
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/crypto/gopenpgp.go b/crypto/gopenpgp.go
index dc51495..72ea800 100644
--- a/crypto/gopenpgp.go
+++ b/crypto/gopenpgp.go
@@ -11,3 +11,11 @@ type GopenPGP struct {
 }
 
 var pgp = GopenPGP{}
+
+// clone returns a clone of the byte slice. Internal function used to make sure
+// we don't retain a reference to external data.
+func clone(input []byte) []byte {
+	data := make([]byte, len(input))
+	copy(data, input)
+	return data
+}
diff --git a/crypto/key.go b/crypto/key.go
index 5e1ee43..1125d3e 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -52,7 +52,7 @@ func NewKeyFromReader(r io.Reader) (key *Key, err error) {
 
 // NewKey creates a new key from the first key in the unarmored binary data
 func NewKey(binKeys []byte) (key *Key, err error) {
-	return NewKeyFromReader(bytes.NewReader(binKeys))
+	return NewKeyFromReader(bytes.NewReader(clone(binKeys)))
 }
 
 // NewKeyFromArmored creates a new key from the first key in an armored
diff --git a/crypto/message.go b/crypto/message.go
index d8d8592..b2cc259 100644
--- a/crypto/message.go
+++ b/crypto/message.go
@@ -61,7 +61,7 @@ type ClearTextMessage struct {
 // signature, or verification from the unencrypted binary data.
 func NewPlainMessage(data []byte) *PlainMessage {
 	return &PlainMessage{
-		Data:     data,
+		Data:     clone(data),
 		TextType: false,
 	}
 }
@@ -78,7 +78,7 @@ func NewPlainMessageFromString(text string) *PlainMessage {
 // NewPGPMessage generates a new PGPMessage from the unarmored binary data.
 func NewPGPMessage(data []byte) *PGPMessage {
 	return &PGPMessage{
-		Data: data,
+		Data: clone(data),
 	}
 }
 
@@ -103,8 +103,8 @@ func NewPGPMessageFromArmored(armored string) (*PGPMessage, error) {
 // datapacket, and encryption algorithm.
 func NewPGPSplitMessage(keyPacket []byte, dataPacket []byte) *PGPSplitMessage {
 	return &PGPSplitMessage{
-		KeyPacket:  keyPacket,
-		DataPacket: dataPacket,
+		KeyPacket:  clone(keyPacket),
+		DataPacket: clone(dataPacket),
 	}
 }
 
@@ -122,7 +122,7 @@ func NewPGPSplitMessageFromArmored(encrypted string) (*PGPSplitMessage, error) {
 // NewPGPSignature generates a new PGPSignature from the unarmored binary data.
 func NewPGPSignature(data []byte) *PGPSignature {
 	return &PGPSignature{
-		Data: data,
+		Data: clone(data),
 	}
 }
 
@@ -146,8 +146,8 @@ func NewPGPSignatureFromArmored(armored string) (*PGPSignature, error) {
 // NewClearTextMessage generates a new ClearTextMessage from data and signature
 func NewClearTextMessage(data []byte, signature []byte) *ClearTextMessage {
 	return &ClearTextMessage{
-		Data:      data,
-		Signature: signature,
+		Data:      clone(data),
+		Signature: clone(signature),
 	}
 }
 
diff --git a/crypto/sessionkey.go b/crypto/sessionkey.go
index c6ac54f..534e426 100644
--- a/crypto/sessionkey.go
+++ b/crypto/sessionkey.go
@@ -80,7 +80,7 @@ func GenerateSessionKey() (*SessionKey, error) {
 
 func NewSessionKeyFromToken(token []byte, algo string) *SessionKey {
 	return &SessionKey{
-		Key:  token,
+		Key:  clone(token),
 		Algo: algo,
 	}
 }