CL_extractCSSMKeyNSS leaks memory on error.
| Originator: | davidben | ||
| Number: | rdar://20698633 | Date Originated: | 2015-04-25 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.10.1 |
| Classification: | Other Bug | Reproducible: | Always |
Summary: In https://opensource.apple.com/source/Security/Security-57031.1.35/Security/libsecurity_apple_x509_cl/lib/clNssUtils.cpp CL_extractCSSMKeyNSS allocates memory for cssmKey at the top of the function to return to the caller. However, if the function fails and throws an exception, this memory is never released. See also https://crbug.com/481286 Steps to Reproduce: 1. Generate a certificate with an RSA key larger than 4096 bits (thus tripping the maximum key size). For example, https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/certificates/large_key.pem 2. Load this certificate into a SecCertificate 3. Call SecCertificateCopyPublicKey 4. Run the program under a leak checker, like valgrind Expected Results: SecCertificateCopyPublicKey fail, since the key is too large. No memory is leaked. Actual Results: SecCertificateCopyPublicKey does fail, but 96 bytes of memory are leaked, as reported by valgrind. Version: 10.10.1 Notes: Configuration: Attachments:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!