Fix potential security exploit in generated Java classes

CHANGES.current

@@ -5,6 +5,21 @@ See the RELEASENOTES file for a summary of changes in each release.
 Version 3.0.7 (in progress)
 ===========================
 
+2015-08-02: wsfulton
+            [Java] Fix potential security exploit in generated Java classes.
+            The swigCPtr and swigCMemOwn member variables in the generated Java
+            classes are now declared 'transient' by default. Further details of the exploit
+            in Android is being published in an academic paper as part of USENIX WOOT '15:
+            https://www.usenix.org/conference/woot15/workshop-program/presentation/peles.
+
+            In the unlikely event that you are relying on these members being serializable,
+            then you will need to override the default javabody and javabody_derived typemaps
+            to generate the old generated code. The relevant typemaps are in the Lib directory
+            in the java.swg, boost_shared_ptr.i and boost_intrusive_ptr.i files. Copy the
+            relevant default typemaps into your interface file and remove the 'transient' keyword.
+
+            *** POTENTIAL INCOMPATIBILITY ***
+
 2015-07-30: wsfulton
             Fix #440 - Initialise all newly created arrays when using %array_functions and %array_class
             in the carrays.i library - bug is only relevant when using C++.

Doc/Manual/Java.html

@@ -2390,8 +2390,8 @@ The default proxy class for our previous example looks like this:
 <div class="code">
 <pre>
 public class Foo {
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   protected Foo(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -2641,8 +2641,8 @@ The base class is generated much like any other proxy class seen so far:
 
 <div class="code"><pre>
 public class Base {
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   protected Base(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -2682,7 +2682,7 @@ The <tt>Derived</tt> class extends <tt>Base</tt> mirroring the C++ class inherit
 
 <div class="code"><pre>
 public class Derived extends Base {
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   protected Derived(long cPtr, boolean cMemoryOwn) {
     super(exampleJNI.SWIGDerivedUpcast(cPtr), cMemoryOwn);
@@ -2960,8 +2960,8 @@ and the Java proxy class generated by SWIG:
 
 <div class="code"><pre>
 public class Test {
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   protected Test(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -3034,7 +3034,7 @@ The generated type wrapper class, for say an <tt>int *</tt>, looks like this:
 
 <div class="code"><pre>
 public class SWIGTYPE_p_int {
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   protected SWIGTYPE_p_int(long cPtr, boolean bFutureUse) {
     swigCPtr = cPtr;
@@ -5900,8 +5900,8 @@ If you are invoking SWIG more than once and generating the wrapped classes into
 <div class="code">
 <pre>
 %typemap(javabody) SWIGTYPE %{
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   protected $javaclassname(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -5929,7 +5929,7 @@ For the typemap to be used in all type wrapper classes, all the different types
 <div class="code">
 <pre>
 %typemap(javabody) SWIGTYPE *, SWIGTYPE &amp;, SWIGTYPE [], SWIGTYPE (CLASS::*) %{
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   protected $javaclassname(long cPtr, boolean bFutureUse) {
     swigCPtr = cPtr;

Examples/test-suite/java_typemaps_proxy.i

@@ -31,8 +31,8 @@ import java.lang.*; // for Exception
 
 // Create a new getCPtr() function which takes Java null and is public
 %typemap(javabody) NS::Greeting %{
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   protected $javaclassname(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -46,8 +46,8 @@ import java.lang.*; // for Exception
 
 // Make the pointer constructor public
 %typemap(javabody) NS::Farewell %{
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   public $javaclassname(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;

Examples/test-suite/java_typemaps_typewrapper.i

@@ -39,7 +39,7 @@ import java.lang.*; // for Exception
 // Create a new getCPtr() function which takes Java null and is public
 // Make the pointer constructor public
 %typemap(javabody) Farewell * %{
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   public $javaclassname(long cPtr, boolean bFutureUse) {
     swigCPtr = cPtr;

Lib/java/boost_intrusive_ptr.i

@@ -263,7 +263,7 @@
 
 // Base proxy classes
 %typemap(javabody) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
   private boolean swigCMemOwnBase;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
@@ -278,7 +278,7 @@
 
 // Derived proxy classes
 %typemap(javabody_derived) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
   private boolean swigCMemOwnDerived;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
@@ -413,7 +413,7 @@
 
 // Base proxy classes
 %typemap(javabody) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
   private boolean swigCMemOwnBase;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
@@ -428,7 +428,7 @@
 
 // Derived proxy classes
 %typemap(javabody_derived) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
   private boolean swigCMemOwnDerived;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {

Lib/java/boost_shared_ptr.i

@@ -145,8 +145,8 @@
 
 // Base proxy classes
 %typemap(javabody) TYPE %{
-  private long swigCPtr;
-  private boolean swigCMemOwn;
+  private transient long swigCPtr;
+  private transient boolean swigCMemOwn;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -160,7 +160,7 @@
 
 // Derived proxy classes
 %typemap(javabody_derived) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
   private boolean swigCMemOwnDerived;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {

Lib/java/java.swg

@@ -1148,8 +1148,8 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
 %define SWIG_JAVABODY_PROXY(PTRCTOR_VISIBILITY, CPTR_VISIBILITY, TYPE...)
 // Base proxy classes
 %typemap(javabody) TYPE %{
-  private long swigCPtr;
-  protected boolean swigCMemOwn;
+  private transient long swigCPtr;
+  protected transient boolean swigCMemOwn;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
     swigCMemOwn = cMemoryOwn;
@@ -1163,7 +1163,7 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
 
 // Derived proxy classes
 %typemap(javabody_derived) TYPE %{
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, boolean cMemoryOwn) {
     super($imclassname.$javaclazznameSWIGUpcast(cPtr), cMemoryOwn);
@@ -1179,7 +1179,7 @@ SWIGINTERN const char * SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
 %define SWIG_JAVABODY_TYPEWRAPPER(PTRCTOR_VISIBILITY, DEFAULTCTOR_VISIBILITY, CPTR_VISIBILITY, TYPE...)
 // Typewrapper classes
 %typemap(javabody) TYPE *, TYPE &, TYPE &&, TYPE [] %{
-  private long swigCPtr;
+  private transient long swigCPtr;
 
   PTRCTOR_VISIBILITY $javaclassname(long cPtr, @SuppressWarnings("unused") boolean futureUse) {
     swigCPtr = cPtr;