RFR: 8375684: Avoid leak in KeystoreImpl.m when using CFArrayCreateMutable
Matthias Baesken
mbaesken at openjdk.org
Tue Jan 20 16:56:26 UTC 2026
On Tue, 20 Jan 2026 16:47:29 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
> In KeystoreImpl.m we use CFArrayCreateMutable, but we do not always CFRelease the resources we created.
> This should be adjusted.
>
> See
> https://developer.apple.com/documentation/corefoundation/cfarraycreatemutable(_:_:_:)
>
> return value is
> A new mutable array, or NULL if there was a problem creating the object. Ownership follows the [The Create Rule](https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFMemoryMgmt/Concepts/Ownership.html#//apple_ref/doc/uid/20001148-103029).
When looking at the same file, seems privateKeyRef from this coding
SecKeyRef privateKeyRef;
err = SecIdentityCopyPrivateKey(theIdentity, &privateKeyRef);
https://github.com/openjdk/jdk/blob/5ba91fed345b078a67ad6bead1d8893bd9289f58/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m#L343
needs to be handled by CFRelease too according to
https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:)
Do you agree ?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/29326#issuecomment-3773911913
More information about the security-dev
mailing list