RFR: 8303607: SunMSCAPI provider leaks memory and keys
Mat Carter
macarte at openjdk.org
Mon Mar 6 21:35:14 UTC 2023
The message from this sender included one or more files
which could not be scanned for virus detection; do not
open these files unless you are certain of the sender's intent.
----------------------------------------------------------------------
Use the correct API for freeing key handles when directed to by the output of CryptAcquireCertificatePrivateKey [1].
Specifically when [out] pfCallerFreeProvOrNCryptKey is true we test [out] pdwKeySpec for the CERT_NCRYPT_KEY_SPEC flag. When flag bit is set we now call NCryptFreeObject, otherwise we continue to call CryptReleaseContext (as before)
[1] https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecertificateprivatekey
-------------
Commit messages:
- Merge branch 'openjdk:master' into ncrypt
- Fix handle leak
Changes: https://git.openjdk.org/jdk/pull/12891/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=12891&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8303607
Stats: 5 lines in 1 file changed: 4 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/12891.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/12891/head:pull/12891
PR: https://git.openjdk.org/jdk/pull/12891
More information about the security-dev
mailing list