RFR: JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return
Matthias Baesken
mbaesken at openjdk.org
Thu Mar 2 08:26:12 UTC 2023
On Wed, 1 Mar 2023 19:51:46 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> We have a (potential) early return in addCertificatesToKeystore in KeystoreImpl.m . This is implemented by the CHECK_NULL macro. However this missed a CFRelease call.
>
> src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 431:
>
>> 429: CFRelease(trustSettings);
>> 430: goto errOut;
>> 431: }
>
> Do you also need to switch to `goto errOut` for other `CHECK_NULL` calls (line 389 etc)? They also skip the release of `keychainItemSearch`.
Hi Weijun, yes I think you are right , according to https://developer.apple.com/documentation/security/1515366-seckeychainsearchcreatefromattri we have to call CFRelease on keychainItemSearch
-------------
PR: https://git.openjdk.org/jdk/pull/12788
More information about the security-dev
mailing list