Skip to content

Commit 2409f7c

Browse files
Harden JNI exception handling in Android AEAD breadcrumb path
Guard GetStringUTFChars with an ExceptionCheck after getMessage() and clear any pending JNI exception before returning, so the fallback diagnostic path never leaves a stray Java exception for the caller (which raises the managed AuthenticationTagMismatchException next). No memory or gref leaks: only local refs are created and all are released. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 2a59360 commit 2409f7c

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

  • src/native/libs/System.Security.Cryptography.Native.Android

src/native/libs/System.Security.Cryptography.Native.Android/pal_cipher.c

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,13 +111,19 @@ ARGS_NON_NULL_ALL static bool CheckJNIExceptionsForAuthTagMismatch(JNIEnv* env,
111111
// so that a genuine non-authentication failure, if ever reclassified here, can
112112
// still be diagnosed. This does not run for the common AEADBadTagException case.
113113
jstring message = (jstring)(*env)->CallObjectMethod(env, loc[ex], g_ThrowableGetMessage);
114-
const char* messageChars = message != NULL ? (*env)->GetStringUTFChars(env, message, NULL) : NULL;
114+
const char* messageChars =
115+
(message != NULL && !(*env)->ExceptionCheck(env)) ? (*env)->GetStringUTFChars(env, message, NULL) : NULL;
115116
LOG_DEBUG("AEAD decrypt reported authentication failure via an unexpected GeneralSecurityException; treating as tag mismatch: %s",
116117
messageChars != NULL ? messageChars : "(no message)");
117118
if (messageChars != NULL)
118119
(*env)->ReleaseStringUTFChars(env, message, messageChars);
119120
if (message != NULL)
120121
(*env)->DeleteLocalRef(env, message);
122+
123+
// getMessage()/GetStringUTFChars() are not expected to throw, but make sure we never
124+
// return to the caller with a pending JNI exception - the caller goes on to raise the
125+
// managed AuthenticationTagMismatchException and must see a clean exception state.
126+
TryClearJNIExceptions(env);
121127
}
122128
}
123129
}

0 commit comments

Comments
 (0)