Commit 1c7ff7f4 authored by Hubert Chathi's avatar Hubert Chathi
Browse files

more and improved buffer sanitising for Android bindings

parent c4c3055f
...@@ -26,6 +26,7 @@ import java.io.IOException; ...@@ -26,6 +26,7 @@ import java.io.IOException;
import java.io.ObjectInputStream; import java.io.ObjectInputStream;
import java.io.ObjectOutputStream; import java.io.ObjectOutputStream;
import java.io.Serializable; import java.io.Serializable;
import java.util.Arrays;
import java.util.Map; import java.util.Map;
/** /**
...@@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { ...@@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
String result = null; String result = null;
if (null != aMessage) { if (null != aMessage) {
byte[] utf8String = null;
try { try {
byte[] utf8String = aMessage.getBytes("UTF-8"); utf8String = aMessage.getBytes("UTF-8");
if (null != utf8String) { if (null != utf8String) {
byte[] signedMessage = signMessageJni(utf8String); byte[] signedMessage = signMessageJni(utf8String);
...@@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { ...@@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
} }
} catch (Exception e) { } catch (Exception e) {
throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage());
} finally {
if (null != utf8String) {
Arrays.fill(utf8String, (byte) 0);
}
} }
} }
......
...@@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri ...@@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key"); Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key");
throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key"); throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key");
} else { } else {
byte[] sessionBuffer = null;
try { try {
sessionBuffer = aSessionKey.getBytes("UTF-8");
mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported); mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported);
} catch (Exception e) { } catch (Exception e) {
throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage());
} finally {
if (null != sessionBuffer) {
Arrays.fill(sessionBuffer, (byte) 0);
}
} }
} }
} }
...@@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri ...@@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
if (null != bytesBuffer) { if (null != bytesBuffer) {
result = new String(bytesBuffer, "UTF-8"); result = new String(bytesBuffer, "UTF-8");
Arrays.fill(bytesBuffer, (byte) 0);
} }
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## export() failed " + e.getMessage()); Log.e(LOG_TAG, "## export() failed " + e.getMessage());
......
...@@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser ...@@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser
*/ */
public String sessionKey() throws OlmException { public String sessionKey() throws OlmException {
try { try {
return new String(sessionKeyJni(), "UTF-8"); byte[] sessionKeyBuffer = sessionKeyJni();
String ret = new String(sessionKeyBuffer, "UTF-8");
Arrays.fill(sessionKeyBuffer, (byte) 0);
return ret;
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage()); Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage());
......
...@@ -68,14 +68,15 @@ public class OlmPkDecryption { ...@@ -68,14 +68,15 @@ public class OlmPkDecryption {
return null; return null;
} }
byte[] plaintextBuffer = decryptJni(aMessage);
try { try {
byte[] plaintextBuffer = decryptJni(aMessage);
String plaintext = new String(plaintextBuffer, "UTF-8"); String plaintext = new String(plaintextBuffer, "UTF-8");
Arrays.fill(plaintextBuffer, (byte) 0);
return plaintext; return plaintext;
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage()); Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage());
} finally {
Arrays.fill(plaintextBuffer, (byte) 0);
} }
} }
......
...@@ -73,10 +73,10 @@ public class OlmPkEncryption { ...@@ -73,10 +73,10 @@ public class OlmPkEncryption {
OlmPkMessage encryptedMsgRetValue = new OlmPkMessage(); OlmPkMessage encryptedMsgRetValue = new OlmPkMessage();
byte[] plaintextBuffer = null;
try { try {
byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8"); plaintextBuffer = aPlaintext.getBytes("UTF-8");
byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue); byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue);
Arrays.fill(plaintextBuffer, (byte) 0);
if (null != ciphertextBuffer) { if (null != ciphertextBuffer) {
encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8"); encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8");
...@@ -84,6 +84,10 @@ public class OlmPkEncryption { ...@@ -84,6 +84,10 @@ public class OlmPkEncryption {
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## pkEncrypt(): failed " + e.getMessage()); Log.e(LOG_TAG, "## pkEncrypt(): failed " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_PK_ENCRYPTION_ENCRYPT, e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_ENCRYPTION_ENCRYPT, e.getMessage());
} finally {
if (null != plaintextBuffer) {
Arrays.fill(plaintextBuffer, (byte) 0);
}
} }
return encryptedMsgRetValue; return encryptedMsgRetValue;
......
...@@ -23,6 +23,7 @@ import android.util.Log; ...@@ -23,6 +23,7 @@ import android.util.Log;
import org.json.JSONObject; import org.json.JSONObject;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
...@@ -81,17 +82,23 @@ public class OlmUtility { ...@@ -81,17 +82,23 @@ public class OlmUtility {
*/ */
public void verifyEd25519Signature(String aSignature, String aFingerprintKey, String aMessage) throws OlmException { public void verifyEd25519Signature(String aSignature, String aFingerprintKey, String aMessage) throws OlmException {
String errorMessage; String errorMessage;
byte[] messageBuffer = null;
try { try {
if (TextUtils.isEmpty(aSignature) || TextUtils.isEmpty(aFingerprintKey) || TextUtils.isEmpty(aMessage)) { if (TextUtils.isEmpty(aSignature) || TextUtils.isEmpty(aFingerprintKey) || TextUtils.isEmpty(aMessage)) {
Log.e(LOG_TAG, "## verifyEd25519Signature(): invalid input parameters"); Log.e(LOG_TAG, "## verifyEd25519Signature(): invalid input parameters");
errorMessage = "JAVA sanity check failure - invalid input parameters"; errorMessage = "JAVA sanity check failure - invalid input parameters";
} else { } else {
errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), aMessage.getBytes("UTF-8")); messageBuffer = aMessage.getBytes("UTF-8");
errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), messageBuffer);
} }
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## verifyEd25519Signature(): failed " + e.getMessage()); Log.e(LOG_TAG, "## verifyEd25519Signature(): failed " + e.getMessage());
errorMessage = e.getMessage(); errorMessage = e.getMessage();
} finally {
if (messageBuffer != null) {
Arrays.fill(messageBuffer, (byte) 0);
}
} }
if (!TextUtils.isEmpty(errorMessage)) { if (!TextUtils.isEmpty(errorMessage)) {
...@@ -119,10 +126,16 @@ public class OlmUtility { ...@@ -119,10 +126,16 @@ public class OlmUtility {
String hashRetValue = null; String hashRetValue = null;
if (null != aMessageToHash) { if (null != aMessageToHash) {
byte[] messageBuffer = null;
try { try {
hashRetValue = new String(sha256Jni(aMessageToHash.getBytes("UTF-8")), "UTF-8"); messageBuffer = aMessageToHash.getBytes("UTF-8");
hashRetValue = new String(sha256Jni(messageBuffer), "UTF-8");
} catch (Exception e) { } catch (Exception e) {
Log.e(LOG_TAG, "## sha256(): failed " + e.getMessage()); Log.e(LOG_TAG, "## sha256(): failed " + e.getMessage());
} finally {
if (null != messageBuffer) {
Arrays.fill(messageBuffer, (byte) 0);
}
} }
} }
......
...@@ -528,6 +528,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -528,6 +528,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
const char* errorMessage = NULL; const char* errorMessage = NULL;
jbyteArray pickledDataRetValue = 0; jbyteArray pickledDataRetValue = 0;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyIsCopied = JNI_FALSE;
OlmAccount* accountPtr = NULL; OlmAccount* accountPtr = NULL;
LOGD("## serializeJni(): IN"); LOGD("## serializeJni(): IN");
...@@ -542,7 +543,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -542,7 +543,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
LOGE(" ## serializeJni(): failure - invalid account ptr"); LOGE(" ## serializeJni(): failure - invalid account ptr");
errorMessage = "invalid account ptr"; errorMessage = "invalid account ptr";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, NULL))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
{ {
LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -586,6 +587,9 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -586,6 +587,9 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyIsCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
...@@ -610,6 +614,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, ...@@ -610,6 +614,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
OlmAccount* accountPtr = NULL; OlmAccount* accountPtr = NULL;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyIsCopied = JNI_FALSE;
jbyte* pickledPtr = NULL; jbyte* pickledPtr = NULL;
LOGD("## deserializeJni(): IN"); LOGD("## deserializeJni(): IN");
...@@ -629,7 +634,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, ...@@ -629,7 +634,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
LOGE(" ## deserializeJni(): failure - account failure OOM"); LOGE(" ## deserializeJni(): failure - account failure OOM");
errorMessage = "account failure OOM"; errorMessage = "account failure OOM";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
{ {
LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -665,6 +670,9 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, ...@@ -665,6 +670,9 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyIsCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
...@@ -684,4 +692,4 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, ...@@ -684,4 +692,4 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
} }
return (jlong)(intptr_t)accountPtr; return (jlong)(intptr_t)accountPtr;
} }
\ No newline at end of file
...@@ -62,6 +62,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * ...@@ -62,6 +62,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
const char* errorMessage = NULL; const char* errorMessage = NULL;
OlmInboundGroupSession* sessionPtr = NULL; OlmInboundGroupSession* sessionPtr = NULL;
jbyte* sessionKeyPtr = NULL; jbyte* sessionKeyPtr = NULL;
jboolean sessionWasCopied = JNI_FALSE;
size_t sessionSize = olm_inbound_group_session_size(); size_t sessionSize = olm_inbound_group_session_size();
LOGD("## createNewSessionJni(): inbound group session IN"); LOGD("## createNewSessionJni(): inbound group session IN");
...@@ -81,7 +82,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * ...@@ -81,7 +82,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
LOGE(" ## createNewSessionJni(): failure - invalid aSessionKey"); LOGE(" ## createNewSessionJni(): failure - invalid aSessionKey");
errorMessage = "invalid aSessionKey"; errorMessage = "invalid aSessionKey";
} }
else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, 0))) else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, &sessionWasCopied)))
{ {
LOGE(" ## createNewSessionJni(): failure - session key JNI allocation OOM"); LOGE(" ## createNewSessionJni(): failure - session key JNI allocation OOM");
errorMessage = "Session key JNI allocation OOM"; errorMessage = "Session key JNI allocation OOM";
...@@ -119,6 +120,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * ...@@ -119,6 +120,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
if (sessionKeyPtr) if (sessionKeyPtr)
{ {
if (sessionWasCopied) {
memset(sessionKeyPtr, 0, (size_t)env->GetArrayLength(aSessionKeyBuffer));
}
env->ReleaseByteArrayElements(aSessionKeyBuffer, sessionKeyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aSessionKeyBuffer, sessionKeyPtr, JNI_ABORT);
} }
...@@ -474,6 +478,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en ...@@ -474,6 +478,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
jbyteArray pickledDataRet = 0; jbyteArray pickledDataRet = 0;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
OlmInboundGroupSession* sessionPtr = getInboundGroupSessionInstanceId(env, thiz); OlmInboundGroupSession* sessionPtr = getInboundGroupSessionInstanceId(env, thiz);
LOGD("## inbound group session serializeJni(): IN"); LOGD("## inbound group session serializeJni(): IN");
...@@ -488,7 +493,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en ...@@ -488,7 +493,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
LOGE(" ## serializeJni(): failure - invalid key"); LOGE(" ## serializeJni(): failure - invalid key");
errorMessage = "invalid key"; errorMessage = "invalid key";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
{ {
LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -533,6 +538,9 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en ...@@ -533,6 +538,9 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyWasCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
...@@ -558,6 +566,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -558,6 +566,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
OlmInboundGroupSession* sessionPtr = NULL; OlmInboundGroupSession* sessionPtr = NULL;
size_t sessionSize = olm_inbound_group_session_size(); size_t sessionSize = olm_inbound_group_session_size();
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
jbyte* pickledPtr = NULL; jbyte* pickledPtr = NULL;
LOGD("## deserializeJni(): IN"); LOGD("## deserializeJni(): IN");
...@@ -582,7 +591,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -582,7 +591,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
LOGE(" ## deserializeJni(): failure - serialized data"); LOGE(" ## deserializeJni(): failure - serialized data");
errorMessage = "serialized data"; errorMessage = "serialized data";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
{ {
LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -620,6 +629,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -620,6 +629,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyWasCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
......
...@@ -387,6 +387,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e ...@@ -387,6 +387,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
jbyteArray returnValue = 0; jbyteArray returnValue = 0;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
OlmOutboundGroupSession* sessionPtr = NULL; OlmOutboundGroupSession* sessionPtr = NULL;
LOGD("## outbound group session serializeJni(): IN"); LOGD("## outbound group session serializeJni(): IN");
...@@ -401,7 +402,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e ...@@ -401,7 +402,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
LOGE(" ## serializeJni(): failure - invalid key"); LOGE(" ## serializeJni(): failure - invalid key");
errorMessage = "invalid key"; errorMessage = "invalid key";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
{ {
LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -446,6 +447,9 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e ...@@ -446,6 +447,9 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyWasCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
...@@ -471,6 +475,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -471,6 +475,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
OlmOutboundGroupSession* sessionPtr = NULL; OlmOutboundGroupSession* sessionPtr = NULL;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
jbyte* pickledPtr = NULL; jbyte* pickledPtr = NULL;
LOGD("## deserializeJni(): IN"); LOGD("## deserializeJni(): IN");
...@@ -495,7 +500,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -495,7 +500,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
LOGE(" ## deserializeJni(): failure - serialized data"); LOGE(" ## deserializeJni(): failure - serialized data");
errorMessage = "invalid serialized data"; errorMessage = "invalid serialized data";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
{ {
LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "keyPtr JNI allocation OOM"; errorMessage = "keyPtr JNI allocation OOM";
...@@ -532,6 +537,9 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, ...@@ -532,6 +537,9 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyWasCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
......
...@@ -810,6 +810,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -810,6 +810,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
jbyteArray returnValue = 0; jbyteArray returnValue = 0;
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
OlmSession* sessionPtr = getSessionInstanceId(env, thiz); OlmSession* sessionPtr = getSessionInstanceId(env, thiz);
LOGD("## serializeJni(): IN"); LOGD("## serializeJni(): IN");
...@@ -824,7 +825,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -824,7 +825,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
LOGE(" ## serializeJni(): failure - invalid key"); LOGE(" ## serializeJni(): failure - invalid key");
errorMessage = "invalid key"; errorMessage = "invalid key";
} }
else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
{ {
LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
errorMessage = "ikeyPtr JNI allocation OOM"; errorMessage = "ikeyPtr JNI allocation OOM";
...@@ -869,6 +870,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi ...@@ -869,6 +870,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
// free alloc // free alloc
if (keyPtr) if (keyPtr)
{ {
if (keyWasCopied) {
memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
}
env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
} }
...@@ -892,6 +896,7 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, ...@@ -892,6 +896,7 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
const char* errorMessage = NULL; const char* errorMessage = NULL;
OlmSession* sessionPtr = initializeSessionMemory(); OlmSession* sessionPtr = initializeSessionMemory();
jbyte* keyPtr = NULL; jbyte* keyPtr = NULL;
jboolean keyWasCopied = JNI_FALSE;
jbyte* pickledPtr = NULL; jbyte* pickledPtr = NULL;
LOGD("## deserializeJni(): IN");