santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures Destructor ~WinCAPICryptoKeyRSA does not destroy key
Date Sat, 21 Jan 2006 22:16:12 GMT
Steve,

I think everything you refer to below is fixed.  Don't forget that the 
CVS repo is now read-only - all updates are happening to SVN.  Have a 
look at svn.apache.org.

Cheers,
	Berin

Steve Cullum wrote:

> Berin,
>  
> Unfortunately i dont have my list of fixes available to me at the 
> moment.. im away at the moment.  As soon as i get back to work i will 
> take a closer look.
>  
> However I have just taken a look at the  WinCAPICryptoKeyDSA.cpp from 
> the html CVS interface and i see there is at least one fix missing
>  
> Inside bool WinCAPICryptoKeyDSA::verifyBase64Signature()
>  
> A tempory hask key "h" is created and not destroyed
>  
>  BOOL fResult;
> HCRYPTHASH h;
> fResult = CryptCreateHash(m_p,
> CALG_SHA1,
> 0,
> 0,
> &h);
>  
> This one needs destroying... i am afraid !
>  
>  
> Steve
>  
>  
>  
> PS...
>  
> There was a list of these problems i reported to the mailing list, i 
> dont think i sent them to the bugzilla.. sorry!
>  
> The mailing thread was entitled 
> *            [C++] more memory leaks in windows WinCAPICryptoXXXX files* 
> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B102E0750A%40ukspm204.emea.corp.eds.com%3e>
> Subject: *RE: [C++] Memory Leak In DSIGSignature::verify() using RSA 
> Signatures with WINCAPI* 
> <http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B101068366%40ukspm204.emea.corp.eds.com%3e>
> They are described in http://news.gmane.org/gmane.text.xml.security.devel
> 
>  
> ----- Original Message -----
> From: "Berin Lautenbach" <berin@wingsofhermes.org 
> <mailto:berin@wingsofhermes.org>>
> To: <general@incubator.apache.org <mailto:general@incubator.apache.org>>
> Cc: <juice-dev@xml.apache.org <mailto:juice-dev@xml.apache.org>>; 
> <security-dev@xml.apache.org <mailto:security-dev@xml.apache.org>>; 
> <wss4j-dev@ws.apache.org <mailto:wss4j-dev@ws.apache.org>>
> Sent: Thursday, January 19, 2006 8:26 AM
> Subject: Re: [VOTE] Werner as juice committer
> 
>  > Geez - for some reason I thought he already was!!!
>  >
>  > +1
>  >
>  > Cheers,
>  > Berin
>  >
>  >
>  > Davanum Srinivas wrote:
>  >> As part of reviving juice, can we please VOTE werner as a committer to
>  >> enable him to continue his offline work? [1]
>  >>
>  >> Here's my +1.
>  >>
>  >> thanks,
>  >> dims
>  >>
>  >> [1] : http://www.nabble.com/Status-of-my-upgrades-and-so-on-t945224.html
>  >>
>  >> --
>  >> Davanum Srinivas : http://wso2.com/blogs/
>  >>
>  >> ---------------------------------------------------------------------
>  >> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org 
> <mailto:general-unsubscribe@incubator.apache.org>
>  >> For additional commands, e-mail: general-help@incubator.apache.org 
> <mailto:general-help@incubator.apache.org>
>  >>
>  >>
>  >>
>  >
>  >
>  >
>  > ---
>  > avast! Antivirus: Inbound message clean.
>  > Virus Database (VPS): 0603-3, 18/01/2006
>  > Tested on: 20/01/2006 11:50:44
>  > avast! - copyright (c) 1988-2005 ALWIL Software.
>  > http://www.avast.com
>  >
>  >
>  >
> 
> ------------------------------------------------------------------------
> 
> avast! Antivirus <http://www.avast.com>: Outbound message clean.
> 
> Virus Database (VPS): 0603-4, 20/01/2006
> Tested on: 21/01/2006 13:43:17
> avast! - copyright (c) 1988-2005 ALWIL Software.
> 
> 

Mime
View raw message