Closed
Bug 584922
Opened 15 years ago
Closed 14 years ago
leak of unicodePw SECITEM in nsPKCS12Blob::ExportToFile and nsPKCS12Blob::ImportFromFileHelper
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
VERIFIED
FIXED
mozilla2.0b12
People
(Reporter: mattm, Assigned: mattm)
Details
(Keywords: memory-leak)
Attachments
(1 file, 1 obsolete file)
|
1.06 KB,
patch
|
KaiE
:
review+
beltzner
:
approval2.0+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.14 Safari/534.3
Build Identifier: mozilla-central trunk as of 20100805
nsPKCS12Blob::ExportToFile and nsPKCS12Blob::ImportFromFileHelper allocate SECITEM data for the unicode password, but don't free it.
Reproducible: Always
|
Assignee | |
Comment 1•15 years ago
|
||
|
||
Updated•15 years ago
|
Attachment #463384 -
Flags: review?(kaie)
|
|
||
Updated•15 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•15 years ago
|
||
Comment on attachment 463384 [details] [diff] [review]
add SECITEM_FreeItem calls
r=wtc. We found these two leaks during a code review
(and with the help of valgrind).
The 'data' buffer in the unicodePw SECItem is ultimately
allocated by the SECITEM_AllocItem call in unicodeToItem,
via getPKCS12FilePassword or newPKCS12FilePassword. It
is correct to free unicodePw using SECITEM_FreeItem,
which can handle a null unicodePw.data (an empty password).
Attachment #463384 -
Flags: review+
|
||
Updated•15 years ago
|
Attachment #463384 -
Flags: review?(kaie) → review+
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 463384 [details] [diff] [review]
add SECITEM_FreeItem calls
Requesting approval2.0. This fixes memory leaks when importing or
exporting a PKCS #12 file.
Kai, does PSM zero a buffer that holds a password before freeing
it? If so, this patch should use SECITEM_ZfreeItem instead.
Attachment #463384 -
Flags: approval2.0?
|
|
||
Comment 4•15 years ago
|
||
(In reply to comment #3)
>
> Kai, does PSM zero a buffer that holds a password before freeing
> it?
This code simply adds SECITEM_FreeItem, and there seems to be no other code that cleans the variables up. So, answer is: in this function, no
> If so, this patch should use SECITEM_ZfreeItem instead.
agreed, then the patch should be marked as r-
|
|
||
Comment 5•15 years ago
|
||
Comment on attachment 463384 [details] [diff] [review]
add SECITEM_FreeItem calls
please update the patch as requested by wtc
Attachment #463384 -
Flags: review-
Attachment #463384 -
Flags: review+
Attachment #463384 -
Flags: approval2.0?
|
|
||
Comment 6•15 years ago
|
||
Comment on attachment 463384 [details] [diff] [review]
add SECITEM_FreeItem calls
I will change SECITEM_FreeItem to SECITEM_ZfreeItem
when I push this patch to mozilla-central.
Even SECITEM_FreeItem is better than a memory
leak.
Attachment #463384 -
Flags: approval2.0?
|
|
||
Comment 7•15 years ago
|
||
Attachment #463384 -
Attachment is obsolete: true
Attachment #463759 -
Flags: review?(kaie)
Attachment #463384 -
Flags: approval2.0?
|
|
||
Updated•15 years ago
|
Attachment #463759 -
Attachment description: add SECITEM_FreeItem calls, by Matt Mueller → add SECITEM_ZfreeItem calls, by Matt Mueller
|
|
||
Comment 8•15 years ago
|
||
Comment on attachment 463759 [details] [diff] [review]
add SECITEM_ZfreeItem calls, by Matt Mueller
r=kaie
Attachment #463759 -
Flags: review?(kaie) → review+
|
|
||
Updated•15 years ago
|
Keywords: checkin-needed
|
||
Updated•15 years ago
|
Assignee: nobody → wtc
|
|
||
Updated•15 years ago
|
Assignee: wtc → mattm
|
||
Comment 9•15 years ago
|
||
This requires approval in order to land on mozilla-central.
Keywords: checkin-needed
|
|
||
Updated•15 years ago
|
Attachment #463759 -
Flags: approval2.0?
|
||
Comment 10•14 years ago
|
||
Comment on attachment 463759 [details] [diff] [review]
add SECITEM_ZfreeItem calls, by Matt Mueller
a=beltzner
Attachment #463759 -
Flags: approval2.0? → approval2.0+
|
|
||
Comment 11•14 years ago
|
||
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Updated•14 years ago
|
|
||
Comment 12•14 years ago
|
||
Is there a clear way to reproduce this from a user perspective? What's the easiest way to verify this bug is fixed?
|
|
||
Comment 13•14 years ago
|
||
Anthony: this fix can only be verified by code review or a
memory leak tool such as valgrind or Purify. Sorry.
|
|
||
Comment 14•14 years ago
|
||
Ok, marking verified based on code review. If someone wants to go to the trouble of verifying fixed with Valgrind or Purify, by all means.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•