RFR 6913047: SunPKCS11 memory leak
Martin Balao
mbalao at redhat.com
Fri Oct 26 17:57:30 UTC 2018
Hi Valerie,
I fixed all previously discussed issues in Webrev.13:
* http://cr.openjdk.java.net/~mbalao/webrevs/6913047/6913047.webrev.13/
* http://cr.openjdk.java.net/~mbalao/webrevs/6913047/6913047.webrev.13.zip
In addition to that, I fixed a couple of bugs introduced in p11_keymgmt.c.
In Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo function, the
first call to C_GetAttributeValue (to get CKA_CLASS, CKA_KEY_TYPE,
CKA_SENSITIVE and CKA_NETSCAPE_DB attributes) may fail because the key may
not have a CKA_NETSCAPE_DB attribute. That is fine. It just means that we
are not going to get that attribute -which does not exist- and it won't be
needed for key unwrapping.
Later in Java_sun_security_pkcs11_wrapper_PKCS11_getNativeKeyInfo function,
a similar issue happened. The call to get buffer lengths may return an
error if one of the attributes does not exist. This is fine because length
values are obtained anyways and based on that we were not going to query
for non-existent attributes later.
These bugs were silently making all keys not to be extracted.
Thanks,
Martin.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181026/f82515b0/attachment.htm>
More information about the security-dev
mailing list