From 1c7ff7f48d121ea1108eec2247a34aaec2906e61 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Wed, 17 Oct 2018 15:50:36 -0400 Subject: more and improved buffer sanitising for Android bindings --- .../src/main/java/org/matrix/olm/OlmAccount.java | 9 +++++++-- .../java/org/matrix/olm/OlmInboundGroupSession.java | 7 +++++++ .../java/org/matrix/olm/OlmOutboundGroupSession.java | 5 ++++- .../src/main/java/org/matrix/olm/OlmPkDecryption.java | 5 +++-- .../src/main/java/org/matrix/olm/OlmPkEncryption.java | 8 ++++++-- .../src/main/java/org/matrix/olm/OlmUtility.java | 17 +++++++++++++++-- android/olm-sdk/src/main/jni/olm_account.cpp | 14 +++++++++++--- .../olm-sdk/src/main/jni/olm_inbound_group_session.cpp | 18 +++++++++++++++--- .../src/main/jni/olm_outbound_group_session.cpp | 12 ++++++++++-- android/olm-sdk/src/main/jni/olm_session.cpp | 12 ++++++++++-- android/olm-sdk/src/main/jni/olm_utility.cpp | 14 +++++++++++--- 11 files changed, 99 insertions(+), 22 deletions(-) (limited to 'android/olm-sdk') diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java index 26c3e60..98a3c5b 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java @@ -26,6 +26,7 @@ import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; import java.util.Map; /** @@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { String result = null; if (null != aMessage) { + byte[] utf8String = null; try { - byte[] utf8String = aMessage.getBytes("UTF-8"); - + utf8String = aMessage.getBytes("UTF-8"); if (null != utf8String) { byte[] signedMessage = signMessageJni(utf8String); @@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { } } catch (Exception e) { throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage()); + } finally { + if (null != utf8String) { + Arrays.fill(utf8String, (byte) 0); + } } } diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java index b41c67a..2fc81ef 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java @@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key"); throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key"); } else { + byte[] sessionBuffer = null; try { + sessionBuffer = aSessionKey.getBytes("UTF-8"); mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported); } catch (Exception e) { throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage()); + } finally { + if (null != sessionBuffer) { + Arrays.fill(sessionBuffer, (byte) 0); + } } } } @@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri if (null != bytesBuffer) { result = new String(bytesBuffer, "UTF-8"); + Arrays.fill(bytesBuffer, (byte) 0); } } catch (Exception e) { Log.e(LOG_TAG, "## export() failed " + e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java index e4d4a44..55732fe 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java @@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser */ public String sessionKey() throws OlmException { try { - return new String(sessionKeyJni(), "UTF-8"); + byte[] sessionKeyBuffer = sessionKeyJni(); + String ret = new String(sessionKeyBuffer, "UTF-8"); + Arrays.fill(sessionKeyBuffer, (byte) 0); + return ret; } catch (Exception e) { Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java index ea838f1..1a33547 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java @@ -68,14 +68,15 @@ public class OlmPkDecryption { return null; } + byte[] plaintextBuffer = decryptJni(aMessage); try { - byte[] plaintextBuffer = decryptJni(aMessage); String plaintext = new String(plaintextBuffer, "UTF-8"); - Arrays.fill(plaintextBuffer, (byte) 0); return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage()); + } finally { + Arrays.fill(plaintextBuffer, (byte) 0); } } diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java index a2ccf2e..01666fd 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java @@ -73,10 +73,10 @@ public class OlmPkEncryption { OlmPkMessage encryptedMsgRetValue = new OlmPkMessage(); + byte[] plaintextBuffer = null; try { - byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8"); + plaintextBuffer = aPlaintext.getBytes("UTF-8"); byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue); - Arrays.fill(plaintextBuffer, (byte) 0); if (null != ciphertextBuffer) { encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8"); @@ -84,6 +84,10 @@ public class OlmPkEncryption { } catch (Exception e) { Log.e(LOG_TAG, "## pkEncrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_ENCRYPTION_ENCRYPT, e.getMessage()); + } finally { + if (null != plaintextBuffer) { + Arrays.fill(plaintextBuffer, (byte) 0); + } } return encryptedMsgRetValue; diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java index bf9ef90..250cfb1 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java @@ -23,6 +23,7 @@ import android.util.Log; import org.json.JSONObject; import java.security.SecureRandom; +import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -81,17 +82,23 @@ public class OlmUtility { */ public void verifyEd25519Signature(String aSignature, String aFingerprintKey, String aMessage) throws OlmException { String errorMessage; + byte[] messageBuffer = null; try { if (TextUtils.isEmpty(aSignature) || TextUtils.isEmpty(aFingerprintKey) || TextUtils.isEmpty(aMessage)) { Log.e(LOG_TAG, "## verifyEd25519Signature(): invalid input parameters"); errorMessage = "JAVA sanity check failure - invalid input parameters"; } else { - errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), aMessage.getBytes("UTF-8")); + messageBuffer = aMessage.getBytes("UTF-8"); + errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), messageBuffer); } } catch (Exception e) { Log.e(LOG_TAG, "## verifyEd25519Signature(): failed " + e.getMessage()); errorMessage = e.getMessage(); + } finally { + if (messageBuffer != null) { + Arrays.fill(messageBuffer, (byte) 0); + } } if (!TextUtils.isEmpty(errorMessage)) { @@ -119,10 +126,16 @@ public class OlmUtility { String hashRetValue = null; if (null != aMessageToHash) { + byte[] messageBuffer = null; try { - hashRetValue = new String(sha256Jni(aMessageToHash.getBytes("UTF-8")), "UTF-8"); + messageBuffer = aMessageToHash.getBytes("UTF-8"); + hashRetValue = new String(sha256Jni(messageBuffer), "UTF-8"); } catch (Exception e) { Log.e(LOG_TAG, "## sha256(): failed " + e.getMessage()); + } finally { + if (null != messageBuffer) { + Arrays.fill(messageBuffer, (byte) 0); + } } } diff --git a/android/olm-sdk/src/main/jni/olm_account.cpp b/android/olm-sdk/src/main/jni/olm_account.cpp index 40081ac..00b1460 100644 --- a/android/olm-sdk/src/main/jni/olm_account.cpp +++ b/android/olm-sdk/src/main/jni/olm_account.cpp @@ -528,6 +528,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi const char* errorMessage = NULL; jbyteArray pickledDataRetValue = 0; jbyte* keyPtr = NULL; + jboolean keyIsCopied = JNI_FALSE; OlmAccount* accountPtr = NULL; LOGD("## serializeJni(): IN"); @@ -542,7 +543,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi LOGE(" ## serializeJni(): failure - invalid account ptr"); errorMessage = "invalid account ptr"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, NULL))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied))) { LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -586,6 +587,9 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi // free alloc if (keyPtr) { + if (keyIsCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } @@ -610,6 +614,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, OlmAccount* accountPtr = NULL; jbyte* keyPtr = NULL; + jboolean keyIsCopied = JNI_FALSE; jbyte* pickledPtr = NULL; LOGD("## deserializeJni(): IN"); @@ -629,7 +634,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, LOGE(" ## deserializeJni(): failure - account failure OOM"); errorMessage = "account failure OOM"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied))) { LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -665,6 +670,9 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, // free alloc if (keyPtr) { + if (keyIsCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } @@ -684,4 +692,4 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, } return (jlong)(intptr_t)accountPtr; -} \ No newline at end of file +} diff --git a/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp b/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp index 114b7cd..ae9ecf1 100644 --- a/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp +++ b/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp @@ -62,6 +62,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * const char* errorMessage = NULL; OlmInboundGroupSession* sessionPtr = NULL; jbyte* sessionKeyPtr = NULL; + jboolean sessionWasCopied = JNI_FALSE; size_t sessionSize = olm_inbound_group_session_size(); LOGD("## createNewSessionJni(): inbound group session IN"); @@ -81,7 +82,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * LOGE(" ## createNewSessionJni(): failure - invalid aSessionKey"); errorMessage = "invalid aSessionKey"; } - else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, 0))) + else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, &sessionWasCopied))) { LOGE(" ## createNewSessionJni(): failure - session key JNI allocation OOM"); errorMessage = "Session key JNI allocation OOM"; @@ -119,6 +120,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv * if (sessionKeyPtr) { + if (sessionWasCopied) { + memset(sessionKeyPtr, 0, (size_t)env->GetArrayLength(aSessionKeyBuffer)); + } env->ReleaseByteArrayElements(aSessionKeyBuffer, sessionKeyPtr, JNI_ABORT); } @@ -474,6 +478,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en jbyteArray pickledDataRet = 0; jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; OlmInboundGroupSession* sessionPtr = getInboundGroupSessionInstanceId(env, thiz); LOGD("## inbound group session serializeJni(): IN"); @@ -488,7 +493,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en LOGE(" ## serializeJni(): failure - invalid key"); errorMessage = "invalid key"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -533,6 +538,9 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } @@ -558,6 +566,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, OlmInboundGroupSession* sessionPtr = NULL; size_t sessionSize = olm_inbound_group_session_size(); jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; jbyte* pickledPtr = NULL; LOGD("## deserializeJni(): IN"); @@ -582,7 +591,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, LOGE(" ## deserializeJni(): failure - serialized data"); errorMessage = "serialized data"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -620,6 +629,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } diff --git a/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp b/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp index b11c474..a22122a 100644 --- a/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp +++ b/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp @@ -387,6 +387,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e jbyteArray returnValue = 0; jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; OlmOutboundGroupSession* sessionPtr = NULL; LOGD("## outbound group session serializeJni(): IN"); @@ -401,7 +402,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e LOGE(" ## serializeJni(): failure - invalid key"); errorMessage = "invalid key"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -446,6 +447,9 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } @@ -471,6 +475,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, OlmOutboundGroupSession* sessionPtr = NULL; jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; jbyte* pickledPtr = NULL; LOGD("## deserializeJni(): IN"); @@ -495,7 +500,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, LOGE(" ## deserializeJni(): failure - serialized data"); errorMessage = "invalid serialized data"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -532,6 +537,9 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } diff --git a/android/olm-sdk/src/main/jni/olm_session.cpp b/android/olm-sdk/src/main/jni/olm_session.cpp index b9db286..15ad4fe 100644 --- a/android/olm-sdk/src/main/jni/olm_session.cpp +++ b/android/olm-sdk/src/main/jni/olm_session.cpp @@ -810,6 +810,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi jbyteArray returnValue = 0; jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; OlmSession* sessionPtr = getSessionInstanceId(env, thiz); LOGD("## serializeJni(): IN"); @@ -824,7 +825,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi LOGE(" ## serializeJni(): failure - invalid key"); errorMessage = "invalid key"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "ikeyPtr JNI allocation OOM"; @@ -869,6 +870,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } @@ -892,6 +896,7 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, const char* errorMessage = NULL; OlmSession* sessionPtr = initializeSessionMemory(); jbyte* keyPtr = NULL; + jboolean keyWasCopied = JNI_FALSE; jbyte* pickledPtr = NULL; LOGD("## deserializeJni(): IN"); @@ -911,7 +916,7 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, LOGE(" ## deserializeJni(): failure - serialized data"); errorMessage = "serialized data"; } - else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0))) + else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied))) { LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM"); errorMessage = "keyPtr JNI allocation OOM"; @@ -947,6 +952,9 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, // free alloc if (keyPtr) { + if (keyWasCopied) { + memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer)); + } env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT); } diff --git a/android/olm-sdk/src/main/jni/olm_utility.cpp b/android/olm-sdk/src/main/jni/olm_utility.cpp index f6fe719..da27eda 100644 --- a/android/olm-sdk/src/main/jni/olm_utility.cpp +++ b/android/olm-sdk/src/main/jni/olm_utility.cpp @@ -90,6 +90,7 @@ JNIEXPORT jstring OLM_UTILITY_FUNC_DEF(verifyEd25519SignatureJni)(JNIEnv *env, j jbyte* signaturePtr = NULL; jbyte* keyPtr = NULL; jbyte* messagePtr = NULL; + jboolean messageWasCopied = JNI_FALSE; LOGD("## verifyEd25519SignatureJni(): IN"); @@ -109,7 +110,7 @@ JNIEXPORT jstring OLM_UTILITY_FUNC_DEF(verifyEd25519SignatureJni)(JNIEnv *env, j { LOGE(" ## verifyEd25519SignatureJni(): failure - key JNI allocation OOM"); } - else if (!(messagePtr = env->GetByteArrayElements(aMessageBuffer, 0))) + else if (!(messagePtr = env->GetByteArrayElements(aMessageBuffer, &messageWasCopied))) { LOGE(" ## verifyEd25519SignatureJni(): failure - message JNI allocation OOM"); } @@ -152,6 +153,9 @@ JNIEXPORT jstring OLM_UTILITY_FUNC_DEF(verifyEd25519SignatureJni)(JNIEnv *env, j if (messagePtr) { + if (messageWasCopied) { + memset(messagePtr, 0, (size_t)env->GetArrayLength(aMessageBuffer)); + } env->ReleaseByteArrayElements(aMessageBuffer, messagePtr, JNI_ABORT); } @@ -171,6 +175,7 @@ JNIEXPORT jbyteArray OLM_UTILITY_FUNC_DEF(sha256Jni)(JNIEnv *env, jobject thiz, OlmUtility* utilityPtr = getUtilityInstanceId(env, thiz); jbyte* messagePtr = NULL; + jboolean messageWasCopied = JNI_FALSE; LOGD("## sha256Jni(): IN"); @@ -182,7 +187,7 @@ JNIEXPORT jbyteArray OLM_UTILITY_FUNC_DEF(sha256Jni)(JNIEnv *env, jobject thiz, { LOGE(" ## sha256Jni(): failure - invalid message parameters "); } - else if(!(messagePtr = env->GetByteArrayElements(aMessageToHashBuffer, 0))) + else if(!(messagePtr = env->GetByteArrayElements(aMessageToHashBuffer, &messageWasCopied))) { LOGE(" ## sha256Jni(): failure - message JNI allocation OOM"); } @@ -221,8 +226,11 @@ JNIEXPORT jbyteArray OLM_UTILITY_FUNC_DEF(sha256Jni)(JNIEnv *env, jobject thiz, if (messagePtr) { + if (messageWasCopied) { + memset(messagePtr, 0, (size_t)env->GetArrayLength(aMessageToHashBuffer)); + } env->ReleaseByteArrayElements(aMessageToHashBuffer, messagePtr, JNI_ABORT); } return sha256Ret; -} \ No newline at end of file +} -- cgit v1.2.3