You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2010/05/07 12:06:35 UTC
DO NOT REPLY [Bug 49264] New: crash in
DSIGKeyInfoX509::appendX509Certificate
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
Summary: crash in DSIGKeyInfoX509::appendX509Certificate
Product: Security
Version: C++ 1.6.0
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: normal
Priority: P2
Component: C++ Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: hagelkruys@a-trust.at
when i pass an base64 encoded certificate to appendX509Certificate the function
crashes. This problem exists since i upgraded to the trunk version (before it,
i used version 1.3.1 of xml-sec).
I have fixed the code by removing the ArrayJanitor and releasing the charX509
by myself:
void DSIGKeyInfoX509::appendX509Certificate(const XMLCh * base64Certificate) {
/* ... some code */
X509Holder * h;
XSECnew(h, X509Holder);
m_X509List.push_back(h);
h->mp_encodedX509 = b64Txt->getNodeValue();
h->mp_cryptoX509 = XSECPlatformUtils::g_cryptoProvider->X509();
char * charX509 = XMLString::transcode(h->mp_encodedX509);
//ArrayJanitor<char> j_charX509(charX509); //removed
h->mp_cryptoX509->loadX509Base64Bin(charX509, (unsigned int) strlen(charX509));
XMLString::release(&charX509); //added instead of ArrayJanitor
}
I am using xerces-c 2.8, i have not tried this code with the xerces-c-3.
Maybe someone can verify this crash :)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
--- Comment #5 from Scott Cantor <ca...@osu.edu> 2010-06-23 09:34:19 EDT ---
Theoretically complete replacement of incorrect Janitor usage, plus replacing
explicit release calls with macro for older Xerces versions.
http://svn.apache.org/viewvc?view=revision&revision=957190
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
Scott Cantor <ca...@osu.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|C++ 1.6.0 |cvs
--- Comment #1 from Scott Cantor <ca...@osu.edu> 2010-05-07 13:01:50 EDT ---
There are a ton of cases in the code where an ArrayJanitor (which performs a
delete []) is used to dispose of results allocated inside Xerces. Technically
that requires using XMLString::release, but in practice they're the same most
of the time.
Unless you're using a custom memory manager in Xerces, I think it's a
platform-specific problem that doesn't show up very often, but it is a bug.
The problem with fixing them all easily is that unlike my own code, which has
auto_ptr-like classes for Xerces results, this code I inherited maintenance of
does not. So explicitly freeing results introduces lots of exception-handling
based leak possibilities, so it takes a lot of time to fix.
I may just port over my code for fixing this and start using it instead of
ArrayJanitor.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
--- Comment #4 from Scott Cantor <ca...@osu.edu> 2010-05-12 10:19:44 EDT ---
My mistake, I left my "newer" C++-isms in the code when I ported it. I switched
it back to NULL in svn.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
Scott Cantor <ca...@osu.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
--- Comment #3 from Patrick Hagelkruys <pa...@gmail.com> 2010-05-12 08:45:39 EDT ---
I am getting the following error message:
xmlsec\src\utils\xsecautoptr.hpp(54) : error C2065: 'nullptr' : undeclared
identifier
I am using the visual studio 9 Project (visual studio 2005). To handle that
error I added following defines above the XSECAutoPtrChar class
#ifndef nullptr
#define nullptr 0
#endif
afterwards the library compiles and links without errors, and the
appendX509Certificate Function not longer crashes
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49264] crash in
DSIGKeyInfoX509::appendX509Certificate
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49264
--- Comment #2 from Scott Cantor <ca...@osu.edu> 2010-05-11 16:10:40 EDT ---
Initial fix:
http://svn.apache.org/viewvc?view=revision&revision=943263
Leaving open so I can fix any remaining broken uses of the ArrayJanitor class.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.