Closed
Bug 296364
Opened 19 years ago
Closed 19 years ago
[FIXr]callers of nsCrypto::GetScriptPrincipal leak the principal
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.8beta4
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Details
(Keywords: memory-leak)
Attachments
(1 file)
2.75 KB,
patch
|
KaiE
:
review+
bryner
:
superreview+
asa
:
approval1.8b4+
|
Details | Diff | Splinter Review |
nsCrypto::GetScriptPrincipal claims to return an nsIPrincipal* and its callers assign this to an nsCOMPtr<nsIPrincipal>. But GetScriptPrincipal sometimes addrefs the principal, in which case this procedure leaks. In fact, the only codepath inside GetScriptPrincipal that _doesn't_ addref seems to have addrefed up until bug 240745 was checked in and I'm guessing was changed by accident. Brian, was there a reason for that change that I'm missing? (This is the "found nothing on the stack, use the global object's principal" codepath in nsCrypto::GetScriptPrincipal.) In any case, I have what I think should be a reasonable fix (short of doing the deCOM job that was done on the nsScriptSecurityManager code here)... I'm not quite sure how to test this, though. Also, I have to wonder whether it would be possible to reuse security manager code here instead of duplicating it. Otherwise changes to the security manager may not make their way here (and that may in fact make this code insecure) Perhaps we should expose a relevant hook on nsIScriptSecurityManager or some other (new?) caps interface?
Assignee | ||
Comment 1•19 years ago
|
||
Attachment #185140 -
Flags: superreview?(bryner)
Attachment #185140 -
Flags: review?(kaie)
Comment 2•19 years ago
|
||
Comment on attachment 185140 [details] [diff] [review] SImplest fix for the leak, I think I think the signature mislead me into thinking the method returned a non-addref'd pointer and that I was actually fixing a leak.
Attachment #185140 -
Flags: superreview?(bryner) → superreview+
Comment 3•19 years ago
|
||
Comment on attachment 185140 [details] [diff] [review] SImplest fix for the leak, I think r=kaie
Attachment #185140 -
Flags: review?(kaie) → review+
Assignee | ||
Comment 4•19 years ago
|
||
Comment on attachment 185140 [details] [diff] [review] SImplest fix for the leak, I think Requesting 1.8b3 approval. This should be a pretty safe leak fix.
Attachment #185140 -
Flags: approval1.8b3?
Assignee | ||
Updated•19 years ago
|
Assignee: kaie → bzbarsky
Priority: -- → P1
Summary: callers of nsCrypto::GetScriptPrincipal leak the principal → [FIXr]callers of nsCrypto::GetScriptPrincipal leak the principal
Target Milestone: --- → mozilla1.8beta3
Updated•19 years ago
|
Attachment #185140 -
Flags: approval1.8b3? → approval1.8b4+
Assignee | ||
Comment 5•19 years ago
|
||
Fixed
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Target Milestone: mozilla1.8beta3 → mozilla1.8beta4
You need to log in
before you can comment on or make changes to this bug.
Description
•