more and improved buffer sanitising for Android bindings

author: Hubert Chathi <hubert@uhoreg.ca> 2018-10-17 15:50:36 -0400
committer: Hubert Chathi <hubert@uhoreg.ca> 2018-10-19 12:10:11 -0400
commit: 1c7ff7f48d121ea1108eec2247a34aaec2906e61 (patch)
tree: ac222c71797e73e21af4544a5948d1f443a15e81 /android/olm-sdk/src/main/jni/olm_account.cpp
parent: c4c3055f838092aa5503253363faa55b44d7c0a5 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/android/olm-sdk/src/main/jni/olm_account.cpp b/android/olm-sdk/src/main/jni/olm_account.cpp
index 40081ac..00b1460 100644
--- a/android/olm-sdk/src/main/jni/olm_account.cpp
+++ b/android/olm-sdk/src/main/jni/olm_account.cpp
@@ -528,6 +528,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     const char* errorMessage = NULL;
     jbyteArray pickledDataRetValue = 0;
     jbyte* keyPtr = NULL;
+    jboolean keyIsCopied = JNI_FALSE;
     OlmAccount* accountPtr = NULL;
 
     LOGD("## serializeJni(): IN");
@@ -542,7 +543,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
        LOGE(" ## serializeJni(): failure - invalid account ptr");
        errorMessage = "invalid account ptr";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, NULL)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
     {
         LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -586,6 +587,9 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     // free alloc
     if (keyPtr)
     {
+        if (keyIsCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -610,6 +614,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     OlmAccount* accountPtr = NULL;
 
     jbyte* keyPtr = NULL;
+    jboolean keyIsCopied = JNI_FALSE;
     jbyte* pickledPtr = NULL;
 
     LOGD("## deserializeJni(): IN");
@@ -629,7 +634,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
         LOGE(" ## deserializeJni(): failure - account failure OOM");
         errorMessage = "account failure OOM";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
     {
         LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -665,6 +670,9 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     // free alloc
     if (keyPtr)
     {
+        if (keyIsCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -684,4 +692,4 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     }
 
     return (jlong)(intptr_t)accountPtr;
-}
-\ No newline at end of file
+}
author	Hubert Chathi <hubert@uhoreg.ca>	2018-10-17 15:50:36 -0400
committer	Hubert Chathi <hubert@uhoreg.ca>	2018-10-19 12:10:11 -0400
commit	1c7ff7f48d121ea1108eec2247a34aaec2906e61 (patch)
tree	ac222c71797e73e21af4544a5948d1f443a15e81 /android/olm-sdk/src/main/jni/olm_account.cpp
parent	c4c3055f838092aa5503253363faa55b44d7c0a5 (diff)