RFR: JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m needs CFRelease call in early potential CHECK_NULL return [v2]
Weijun Wang
weijun at openjdk.org
Thu Mar 2 13:57:17 UTC 2023
On Thu, 2 Mar 2023 08:22:58 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
>> src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m line 431:
>>
>>> 429: CFRelease(trustSettings);
>>> 430: goto errOut;
>>> 431: }
>>
>> Do you also need to switch to `goto errOut` for other `CHECK_NULL` calls (line 389 etc)? They also skip the release of `keychainItemSearch`.
>
> Hi Weijun, yes I think you are right , according to https://developer.apple.com/documentation/security/1515366-seckeychainsearchcreatefromattri we have to call CFRelease on keychainItemSearch
Thanks for the fix. I almost think we should invent a CHECK_NULL_GOTO_ERROUT macro, but your fix is also OK.
-------------
PR: https://git.openjdk.org/jdk/pull/12788
More information about the security-dev
mailing list