RFR: JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
Weijun Wang
weijun at openjdk.org
Wed Mar 1 19:54:14 UTC 2023
On Tue, 28 Feb 2023 15:17:19 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> We have a (potential) early return in addCertificatesToKeystore in KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this missed a CFRelease call.
src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 431:
> 429: CFRelease(trustSettings);
> 430: goto errOut;
> 431: }
Do you also need to switch to `goto errOut` for other `CHECK_NULL` calls (line 389 etc)? They also skip the release of `keychainItemSearch`.
-------------
PR: https://git.openjdk.org/jdk/pull/12788
More information about the security-dev
mailing list