santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Cullum" <scul...@nildram.co.uk>
Subject Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures Destructor ~WinCAPICryptoKeyRSA does not destroy key
Date Sun, 22 Jan 2006 18:45:09 GMT
Berin,

Please accept my apologies

Steve
----- Original Message ----- 
From: "Berin Lautenbach" <berin@wingsofhermes.org>
To: <security-dev@xml.apache.org>
Sent: Saturday, January 21, 2006 10:16 PM
Subject: Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures Destructor 
~WinCAPICryptoKeyRSA does not destroy key


> Steve,
>
> I think everything you refer to below is fixed.  Don't forget that the CVS 
> repo is now read-only - all updates are happening to SVN.  Have a look at 
> svn.apache.org.
>
> Cheers,
> Berin
>
> Steve Cullum wrote:
>
>> Berin,
>>  Unfortunately i dont have my list of fixes available to me at the 
>> moment.. im away at the moment.  As soon as i get back to work i will 
>> take a closer look.
>>  However I have just taken a look at the  WinCAPICryptoKeyDSA.cpp from 
>> the html CVS interface and i see there is at least one fix missing
>>  Inside bool WinCAPICryptoKeyDSA::verifyBase64Signature()
>>  A tempory hask key "h" is created and not destroyed
>>  BOOL fResult;
>> HCRYPTHASH h;
>> fResult = CryptCreateHash(m_p,
>> CALG_SHA1,
>> 0,
>> 0,
>> &h);
>>  This one needs destroying... i am afraid !
>>  Steve
>>  PS...
>>  There was a list of these problems i reported to the mailing list, i 
>> dont think i sent them to the bugzilla.. sorry!
>>  The mailing thread was entitled *            [C++] more memory leaks in 
>> windows WinCAPICryptoXXXX files* 
>> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B102E0750A%40ukspm204.emea.corp.eds.com%3e>
>> Subject: *RE: [C++] Memory Leak In DSIGSignature::verify() using RSA 
>> Signatures with WINCAPI* 
>> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B101068366%40ukspm204.emea.corp.eds.com%3e>
>> They are described in http://news.gmane.org/gmane.text.xml.security.devel
>>
>>  ----- Original Message -----
>> From: "Berin Lautenbach" <berin@wingsofhermes.org 
>> <mailto:berin@wingsofhermes.org>>
>> To: <general@incubator.apache.org <mailto:general@incubator.apache.org>>
>> Cc: <juice-dev@xml.apache.org <mailto:juice-dev@xml.apache.org>>; 
>> <security-dev@xml.apache.org <mailto:security-dev@xml.apache.org>>; 
>> <wss4j-dev@ws.apache.org <mailto:wss4j-dev@ws.apache.org>>
>> Sent: Thursday, January 19, 2006 8:26 AM
>> Subject: Re: [VOTE] Werner as juice committer
>>
>>  > Geez - for some reason I thought he already was!!!
>>  >
>>  > +1
>>  >
>>  > Cheers,
>>  > Berin
>>  >
>>  >
>>  > Davanum Srinivas wrote:
>>  >> As part of reviving juice, can we please VOTE werner as a committer 
>> to
>>  >> enable him to continue his offline work? [1]
>>  >>
>>  >> Here's my +1.
>>  >>
>>  >> thanks,
>>  >> dims
>>  >>
>>  >> [1] : 
>> http://www.nabble.com/Status-of-my-upgrades-and-so-on-t945224.html
>>  >>
>>  >> --
>>  >> Davanum Srinivas : http://wso2.com/blogs/
>>  >>
>>  >> ---------------------------------------------------------------------
>>  >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org 
>> <mailto:general-unsubscribe@incubator.apache.org>
>>  >> For additional commands, e-mail: general-help@incubator.apache.org 
>> <mailto:general-help@incubator.apache.org>
>>  >>
>>  >>
>>  >>
>>  >
>>  >
>>  >
>>  > ---
>>  > avast! Antivirus: Inbound message clean.
>>  > Virus Database (VPS): 0603-3, 18/01/2006
>>  > Tested on: 20/01/2006 11:50:44
>>  > avast! - copyright (c) 1988-2005 ALWIL Software.
>>  > http://www.avast.com
>>  >
>>  >
>>  >
>>
>> ------------------------------------------------------------------------
>>
>> avast! Antivirus <http://www.avast.com>: Outbound message clean.
>>
>> Virus Database (VPS): 0603-4, 20/01/2006
>> Tested on: 21/01/2006 13:43:17
>> avast! - copyright (c) 1988-2005 ALWIL Software.
>>
>>
>
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 0603-4, 20/01/2006
> Tested on: 22/01/2006 18:44:16
> avast! - copyright (c) 1988-2005 ALWIL Software.
> http://www.avast.com
>
>
> 



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0603-4, 20/01/2006
Tested on: 22/01/2006 18:45:10
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com




Mime
View raw message