santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cullum, Steve" <steven.cul...@eds.com>
Subject RE: [C++] Memory Leak In DSIGSignature::verify() using RSA Signatures with WINCAPI
Date Sat, 15 Oct 2005 11:40:40 GMT
 I think i have finally tracked down the remaining major memory leak in
the WinCAPICryptoKeyRSA module.  WinCAPICryptoKeyDSA looks like it will
also exhibit this behaviour as the HCRYPTHASH is not destoyed also.

The HCRYPTHASH created by CryptCreateHash() is never released by
DestroyHash().  The simple solution
is to call ....
	
	// Now validate
	fResult = CryptVerifySignature(h, rawSigFinal, rawSigLen, m_key,
NULL, 0);
  	if(h)
      	  CryptDestroyHash(h);

after CryptVerifySignature() but the code path may never reach this.  I
dont know if XSEC already has a generic automatic resource/handle
wrapper, but this may be the best way to go in this circumstance.






bool WinCAPICryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned
char * hashBuf, 
	
unsigned int hashLen,
								 const
char * base64Signature,
	..
	..

	/*** Memory / resource leak here (h) is never freed by
CtyptDestroyHash() ***/

	// Have to create a Windows hash object and feed in the hash
	BOOL fResult;
	HCRYPTHASH h;
	fResult = CryptCreateHash(m_p, 
					CALG_SHA1, 
					0, 
					0,
					&h);

	..
	..

}

Mime
View raw message