Harden JNI null checks and ref cleanup

JeremiahM37 · JeremiahM37 · commit 416c74bd67aa · 2026-05-11T20:12:22.000Z
diff --git a/native/com_wolfssl_WolfSSLContext.c b/native/com_wolfssl_WolfSSLContext.c
@@ -859,6 +859,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setCipherList
     }
 
     cipherList = (*jenv)->GetStringUTFChars(jenv, list, 0);
+    if (cipherList == NULL) {
+        return (jint)MEMORY_E;
+    }
 
     ret = (jint) wolfSSL_CTX_set_cipher_list(ctx, cipherList);
 
@@ -1179,6 +1182,7 @@ int NativeIORecvCb(WOLFSSL *ssl, char *buf, int sz, void *ctx)
     if (!g_sslIORecvMethodId) {
         (*jenv)->ThrowNew(jenv, excClass,
             "Cached recv callback method ID is null in NativeIORecvCb");
+        (*jenv)->DeleteLocalRef(jenv, ctxRef);
         if (needsDetach)
             (*g_vm)->DetachCurrentThread(g_vm);
         return WOLFSSL_CBIO_ERR_GENERAL;
@@ -1782,10 +1786,15 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setCRLCb
             }
             (*jenv)->ThrowNew(jenv, excClass,
                     "error storing global missing CTX CRL callback interface");
+            return (jint)SSL_FAILURE;
         }
 
         ret = wolfSSL_CTX_SetCRL_Cb(ctx, NativeCtxMissingCRLCallback);
     }
+    else {
+        /* clear native callback when Java side is disabling */
+        ret = wolfSSL_CTX_SetCRL_Cb(ctx, NULL);
+    }
 
     return (jint)ret;
 #else
@@ -1952,6 +1961,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setOCSPOverrideUrl
     }
 
     url = (*jenv)->GetStringUTFChars(jenv, urlString, 0);
+    if (url == NULL) {
+        return (jint)MEMORY_E;
+    }
 
     ret = (jint) wolfSSL_CTX_SetOCSP_OverrideURL(ctx, url);
 
@@ -6766,6 +6778,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_set1SigAlgsList
     }
 
     sigAlgList = (*jenv)->GetStringUTFChars(jenv, list, 0);
+    if (sigAlgList == NULL) {
+        return (jint)MEMORY_E;
+    }
 
     ret = wolfSSL_CTX_set1_sigalgs_list(ctx, sigAlgList);
 
diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c
@@ -2470,6 +2470,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_setCipherList
     }
 
     cipherList= (*jenv)->GetStringUTFChars(jenv, list, 0);
+    if (cipherList == NULL) {
+        return (jint)MEMORY_E;
+    }
 
     ret = (jint) wolfSSL_set_cipher_list(ssl, cipherList);
 
@@ -6380,6 +6383,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_set1SigAlgsList
     }
 
     sigAlgList = (*jenv)->GetStringUTFChars(jenv, list, 0);
+    if (sigAlgList == NULL) {
+        return (jint)MEMORY_E;
+    }
 
     ret = wolfSSL_set1_sigalgs_list(ssl, sigAlgList);
 

Original file line number	Diff line number	Diff line change
`@@ -2470,6 +2470,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_setCipherList`
`2470`	`2470`	`}`
`2471`	`2471`
`2472`	`2472`	`cipherList= (*jenv)->GetStringUTFChars(jenv, list, 0);`
	`2473`	`+ if (cipherList == NULL) {`
	`2474`	`+ return (jint)MEMORY_E;`
	`2475`	`+ }`
`2473`	`2476`
`2474`	`2477`	`ret = (jint) wolfSSL_set_cipher_list(ssl, cipherList);`
`2475`	`2478`
`@@ -6380,6 +6383,9 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_set1SigAlgsList`
`6380`	`6383`	`}`
`6381`	`6384`
`6382`	`6385`	`sigAlgList = (*jenv)->GetStringUTFChars(jenv, list, 0);`
	`6386`	`+ if (sigAlgList == NULL) {`
	`6387`	`+ return (jint)MEMORY_E;`
	`6388`	`+ }`
`6383`	`6389`
`6384`	`6390`	`ret = wolfSSL_set1_sigalgs_list(ssl, sigAlgList);`
`6385`	`6391`