santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Milan Tomic" <mi...@setcce.org>
Subject RE: XML-Security-C memory leak
Date Fri, 25 Mar 2005 15:25:04 GMT
Hello Jesse,

I have just commited patch to OpenSSLCryptoBase64.cpp :

http://cvs.apache.org/viewcvs.cgi/xml-security/c/src/enc/OpenSSL/OpenSSL
CryptoBase64.cpp?rev=1.9&view=log

We are very thankful to you for your bug report and suggestions you
provide on this mailing list.

Best regards,
Milan


> -----Original Message-----
> From: Jesse Pelton [mailto:jsp@PKC.com] 
> Sent: Friday, March 25, 2005 4:11 PM
> To: security-dev@xml.apache.org
> Subject: RE: XML-Security-C memory leak
> 
> 
> It has been a couple of weeks, and this change doesn't seem 
> to have been made.  I'd be happy to file a bug report to 
> track the issue if there isn't time to address it soon.  
> Likewise for the OpenSSL bas64 line length issue I raised on the 18th.
> 
> > -----Original Message-----
> > From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
> > Sent: Tuesday, March 08, 2005 5:43 AM
> > To: security-dev@xml.apache.org
> > Subject: Re: XML-Security-C memory leak
> > 
> > Jesse Pelton wrote:
> > > OpenSSLCryptoBase64::b642BN() leaks memory in the following line:
> > > 
> > > 	return BN_dup(BN_bin2bn(buf, bufLen, NULL));
> > > 
> > > BN_bin2bn() allocates a BIGNUM, so there's no need to dup
> > it, and doing
> > > so causes the first one to leak.
> > 
> > Thanks!  Will fix in CVS on the weekend.
> > 
> > Cheers,
> > 	Berin
> 



Mime
View raw message