Closed Bug 1234417 Opened 9 years ago Closed 9 years ago

CreateECPublicKey leaks a reference to the internal PKCS#11 slot

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla46
Tracking Flags:
Tracking Status
firefox46 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

MozReview Request: bug 1234417 - fix a leak in CreateECPublicKey r?rbarnes
58 bytes, text/x-review-board-request
rbarnes
: review+
ttaubert
: feedback+
Details
CreateECPublicKey creates a SECKEYPublicKey allocated on a scoped arena. It then calls CryptoKey::PublicKeyValid, which has the side-effect of importing the key to the internal PKCS#11 slot. When the arena goes out of scope, the memory for the key is released, but the reference to the slot isn't, causing a leak. (This can be reproduced by running `NSPR_LOG_MODULES=pipnss:5 ./mach xpcshell-test dom/push/test/xpcshell/test_notification_data.js` and observing the string "NSS SHUTDOWN FAILURE" in the output.)
Comment on attachment 8701142 [details] MozReview Request: bug 1234417 - fix a leak in CreateECPublicKey r?rbarnes LGTM. I wrote it but I think I can't give r+.
Attachment #8701142 - Flags: feedback+
Comment on attachment 8701142 [details] MozReview Request: bug 1234417 - fix a leak in CreateECPublicKey r?rbarnes https://reviewboard.mozilla.org/r/28905/#review25887 LGTM. Thanks for the catch, Keeler!
Attachment #8701142 - Flags: review?(rlb) → review+
https://hg.mozilla.org/mozilla-central/rev/f745c6e024a3
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox46: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: