diff options
-rw-r--r-- | CHANGES.current | 15 | ||||
-rw-r--r-- | Doc/Manual/Java.html | 22 | ||||
-rw-r--r-- | Examples/test-suite/java_typemaps_proxy.i | 8 | ||||
-rw-r--r-- | Examples/test-suite/java_typemaps_typewrapper.i | 2 | ||||
-rw-r--r-- | Lib/java/boost_intrusive_ptr.i | 8 | ||||
-rw-r--r-- | Lib/java/boost_shared_ptr.i | 6 | ||||
-rw-r--r-- | Lib/java/java.swg | 8 |
7 files changed, 42 insertions, 27 deletions
diff --git a/CHANGES.current b/CHANGES.current index 61b461b6b..33ad11630 100644 --- a/CHANGES.current +++ b/CHANGES.current @@ -5,6 +5,21 @@ See the RELEASENOTES file for a summary of changes in each release. Version 3.0.7 (in progress) =========================== +2015-08-02: wsfulton + [Java] Fix potential security exploit in generated Java classes. + The swigCPtr and swigCMemOwn member variables in the generated Java + classes are now declared 'transient' by default. Further details of the exploit + in Android is being published in an academic paper as part of USENIX WOOT '15: + https://www.usenix.org/conference/woot15/workshop-program/presentation/peles. + + In the unlikely event that you are relying on these members being serializable, + then you will need to override the default javabody and javabody_derived typemaps + to generate the old generated code. The relevant typemaps are in the Lib directory + in the java.swg, boost_shared_ptr.i and boost_intrusive_ptr.i files. Copy the + relevant default typemaps into your interface file and remove the 'transient' keyword. + + *** POTENTIAL INCOMPATIBILITY *** + 2015-07-30: wsfulton Fix #440 - Initialise all newly created arrays when using %array_functions and %array_class in the carrays.i library - bug is only relevant when using C++. diff --git a/Doc/Manual/Java.html b/Doc/Manual/Java.html index 3a4f7ee5d..9d5c447f7 100644 --- a/Doc/Manual/Java.html +++ b/Doc/Manual/Java.html @@ -2390,8 +2390,8 @@ The default proxy class for our previous example looks like this: <div class="code"> <pre> public class Foo { - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; protected Foo(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -2641,8 +2641,8 @@ The base class is generated much like any other proxy class seen so far: <div class="code"><pre> public class Base { - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; protected Base(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -2682,7 +2682,7 @@ The <tt>Derived</tt> class extends <tt>Base</tt> mirroring the C++ class inherit <div class="code"><pre> public class Derived extends Base { - private long swigCPtr; + private transient long swigCPtr; protected Derived(long cPtr, boolean cMemoryOwn) { super(exampleJNI.SWIGDerivedUpcast(cPtr), cMemoryOwn); @@ -2960,8 +2960,8 @@ and the Java proxy class generated by SWIG: <div class="code"><pre> public class Test { - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; protected Test(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -3034,7 +3034,7 @@ The generated type wrapper class, for say an <tt>int *</tt>, looks like this: <div class="code"><pre> public class SWIGTYPE_p_int { - private long swigCPtr; + private transient long swigCPtr; protected SWIGTYPE_p_int(long cPtr, boolean bFutureUse) { swigCPtr = cPtr; @@ -5900,8 +5900,8 @@ If you are invoking SWIG more than once and generating the wrapped classes into <div class="code"> <pre> %typemap(javabody) SWIGTYPE %{ - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; protected $javaclassname(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -5929,7 +5929,7 @@ For the typemap to be used in all type wrapper classes, all the different types <div class="code"> <pre> %typemap(javabody) SWIGTYPE *, SWIGTYPE &, SWIGTYPE [], SWIGTYPE (CLASS::*) %{ - private long swigCPtr; + private transient long swigCPtr; protected $javaclassname(long cPtr, boolean bFutureUse) { swigCPtr = cPtr; diff --git a/Examples/test-suite/java_typemaps_proxy.i b/Examples/test-suite/java_typemaps_proxy.i index e315a36b5..3e9b18335 100644 --- a/Examples/test-suite/java_typemaps_proxy.i +++ b/Examples/test-suite/java_typemaps_proxy.i @@ -31,8 +31,8 @@ import java.lang.*; // for Exception // Create a new getCPtr() function which takes Java null and is public %typemap(javabody) NS::Greeting %{ - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; protected $javaclassname(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -46,8 +46,8 @@ import java.lang.*; // for Exception // Make the pointer constructor public %typemap(javabody) NS::Farewell %{ - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; public $javaclassname(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; diff --git a/Examples/test-suite/java_typemaps_typewrapper.i b/Examples/test-suite/java_typemaps_typewrapper.i index a99ca7b65..b7bf847ef 100644 --- a/Examples/test-suite/java_typemaps_typewrapper.i +++ b/Examples/test-suite/java_typemaps_typewrapper.i @@ -39,7 +39,7 @@ import java.lang.*; // for Exception // Create a new getCPtr() function which takes Java null and is public // Make the pointer constructor public %typemap(javabody) Farewell * %{ - private long swigCPtr; + private transient long swigCPtr; public $javaclassname(long cPtr, boolean bFutureUse) { swigCPtr = cPtr; diff --git a/Lib/java/boost_intrusive_ptr.i b/Lib/java/boost_intrusive_ptr.i index f9525894f..1d8fa7445 100644 --- a/Lib/java/boost_intrusive_ptr.i +++ b/Lib/java/boost_intrusive_ptr.i @@ -263,7 +263,7 @@ // Base proxy classes %typemap(javabody) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; private boolean swigCMemOwnBase; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { @@ -278,7 +278,7 @@ // Derived proxy classes %typemap(javabody_derived) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; private boolean swigCMemOwnDerived; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { @@ -413,7 +413,7 @@ // Base proxy classes %typemap(javabody) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; private boolean swigCMemOwnBase; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { @@ -428,7 +428,7 @@ // Derived proxy classes %typemap(javabody_derived) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; private boolean swigCMemOwnDerived; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { diff --git a/Lib/java/boost_shared_ptr.i b/Lib/java/boost_shared_ptr.i index e75236993..136570da5 100644 --- a/Lib/java/boost_shared_ptr.i +++ b/Lib/java/boost_shared_ptr.i @@ -145,8 +145,8 @@ // Base proxy classes %typemap(javabody) TYPE %{ - private long swigCPtr; - private boolean swigCMemOwn; + private transient long swigCPtr; + private transient boolean swigCMemOwn; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -160,7 +160,7 @@ // Derived proxy classes %typemap(javabody_derived) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; private boolean swigCMemOwnDerived; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { diff --git a/Lib/java/java.swg b/Lib/java/java.swg index 22a4884ef..2e106796c 100644 --- a/Lib/java/java.swg +++ b/Lib/java/java.swg @@ -1148,8 +1148,8 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) { %define SWIG_JAVABODY_PROXY(PTRCTOR_VISIBILITY, CPTR_VISIBILITY, TYPE...) // Base proxy classes %typemap(javabody) TYPE %{ - private long swigCPtr; - protected boolean swigCMemOwn; + private transient long swigCPtr; + protected transient boolean swigCMemOwn; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { swigCMemOwn = cMemoryOwn; @@ -1163,7 +1163,7 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) { // Derived proxy classes %typemap(javabody_derived) TYPE %{ - private long swigCPtr; + private transient long swigCPtr; PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) { super($imclassname.$javaclazznameSWIGUpcast(cPtr), cMemoryOwn); @@ -1179,7 +1179,7 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) { %define SWIG_JAVABODY_TYPEWRAPPER(PTRCTOR_VISIBILITY, DEFAULTCTOR_VISIBILITY, CPTR_VISIBILITY, TYPE...) // Typewrapper classes %typemap(javabody) TYPE *, TYPE &, TYPE &&, TYPE [] %{ - private long swigCPtr; + private transient long swigCPtr; PTRCTOR_VISIBILITY $javaclassname(long cPtr, @SuppressWarnings("unused") boolean futureUse) { swigCPtr = cPtr; |