santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Cullum" <scul...@nildram.co.uk>
Subject DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures Destructor ~WinCAPICryptoKeyRSA does not destroy key
Date Sat, 21 Jan 2006 13:43:17 GMT
Berin,

Unfortunately i dont have my list of fixes available to me at the moment.. im away at the
moment.  As soon as i get back to work i will take a closer look.

However I have just taken a look at the  WinCAPICryptoKeyDSA.cpp from the html CVS interface
and i see there is at least one fix missing

Inside bool WinCAPICryptoKeyDSA::verifyBase64Signature()

A tempory hask key "h" is created and not destroyed

 BOOL fResult;
	HCRYPTHASH h;
	fResult = CryptCreateHash(m_p, 
					CALG_SHA1, 
					0, 
					0,
					&h);


This one needs destroying... i am afraid !


Steve



PS...

There was a list of these problems i reported to the mailing list, i dont think i sent them
to the bugzilla.. sorry!

The mailing thread was entitled  
            [C++] more memory leaks in windows WinCAPICryptoXXXX files
Subject: RE: [C++] Memory Leak In DSIGSignature::verify() using RSA Signatures with WINCAPI
They are described in http://news.gmane.org/gmane.text.xml.security.devel



----- Original Message ----- 
From: "Berin Lautenbach" <berin@wingsofhermes.org>
To: <general@incubator.apache.org>
Cc: <juice-dev@xml.apache.org>; <security-dev@xml.apache.org>; <wss4j-dev@ws.apache.org>
Sent: Thursday, January 19, 2006 8:26 AM
Subject: Re: [VOTE] Werner as juice committer


> Geez - for some reason I thought he already was!!!
> 
> +1
> 
> Cheers,
> Berin
> 
> 
> Davanum Srinivas wrote:
>> As part of reviving juice, can we please VOTE werner as a committer to
>> enable him to continue his offline work? [1]
>> 
>> Here's my +1.
>> 
>> thanks,
>> dims
>> 
>> [1] : http://www.nabble.com/Status-of-my-upgrades-and-so-on-t945224.html
>> 
>> --
>> Davanum Srinivas : http://wso2.com/blogs/
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>> 
>> 
>> 
> 
> 
> 
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 0603-3, 18/01/2006
> Tested on: 20/01/2006 11:50:44
> avast! - copyright (c) 1988-2005 ALWIL Software.
> http://www.avast.com
> 
> 
>


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0603-4, 20/01/2006
Tested on: 21/01/2006 13:43:17
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com



Mime
View raw message