You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by mi...@apache.org on 2016/07/08 13:21:54 UTC
svn commit: r1751899 - in /apr/apr-util/branches/1.6.x: ./ CHANGES
crypto/apr_crypto_nss.c
Author: minfrin
Date: Fri Jul 8 13:21:54 2016
New Revision: 1751899
URL: http://svn.apache.org/viewvc?rev=1751899&view=rev
Log:
Backport r1751898:
apr_crypto_nss: Ensure the SECItem returned by PK11_ParamFromIV
is properly freed.
Modified:
apr/apr-util/branches/1.6.x/ (props changed)
apr/apr-util/branches/1.6.x/CHANGES
apr/apr-util/branches/1.6.x/crypto/apr_crypto_nss.c
Propchange: apr/apr-util/branches/1.6.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jul 8 13:21:54 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806,1751898
/apr/apr-util/branches/1.3.x:896410,1154885
/apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
/apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630,1626561
Modified: apr/apr-util/branches/1.6.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/CHANGES?rev=1751899&r1=1751898&r2=1751899&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.6.x/CHANGES [utf-8] Fri Jul 8 13:21:54 2016
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with APR-util 1.6.0
+ *) apr_crypto_nss: Ensure the SECItem returned by PK11_ParamFromIV
+ is properly freed. [Graham Leggett]
+
*) apr_crypto: Don't cache the driver if initialisation fails. This
stops the second and subsequent attempt to use the API from failing
claiming the library is not initialised. [Graham Leggett]
Modified: apr/apr-util/branches/1.6.x/crypto/apr_crypto_nss.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/crypto/apr_crypto_nss.c?rev=1751899&r1=1751898&r2=1751899&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/crypto/apr_crypto_nss.c (original)
+++ apr/apr-util/branches/1.6.x/crypto/apr_crypto_nss.c Fri Jul 8 13:21:54 2016
@@ -77,6 +77,7 @@ struct apr_crypto_block_t {
const apr_crypto_t *f;
PK11Context *ctx;
apr_crypto_key_t *key;
+ SECItem *secParam;
int blockSize;
};
@@ -108,6 +109,8 @@ static apr_status_t crypto_shutdown(void
if (NSS_IsInitialized()) {
SECStatus s = NSS_Shutdown();
if (s != SECSuccess) {
+ fprintf(stderr, "NSS failed to shutdown, possible leak: %d: %s",
+ PR_GetError(), PR_ErrorToName(s));
return APR_EINIT;
}
}
@@ -216,6 +219,11 @@ static apr_status_t crypto_init(apr_pool
err->reason = apr_pstrdup(pool, "Error during 'nss' initialisation");
*result = err;
}
+ s = NSS_Shutdown();
+ if (s != SECSuccess) {
+ return APR_ECRYPT;
+ }
+
return APR_ECRYPT;
}
@@ -235,6 +243,11 @@ static apr_status_t crypto_init(apr_pool
static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block)
{
+ if (block->secParam) {
+ SECITEM_FreeItem(block->secParam, PR_TRUE);
+ block->secParam = NULL;
+ }
+
if (block->ctx) {
PK11_DestroyContext(block->ctx, PR_TRUE);
block->ctx = NULL;
@@ -536,7 +549,6 @@ static apr_status_t crypto_block_encrypt
apr_size_t *blockSize, apr_pool_t *p)
{
PRErrorCode perr;
- SECItem * secParam;
SECItem ivItem;
unsigned char * usedIv;
apr_crypto_block_t *block = *ctx;
@@ -575,14 +587,14 @@ static apr_status_t crypto_block_encrypt
}
ivItem.data = usedIv;
ivItem.len = key->ivSize;
- secParam = PK11_ParamFromIV(key->cipherMech, &ivItem);
+ block->secParam = PK11_ParamFromIV(key->cipherMech, &ivItem);
}
else {
- secParam = PK11_GenerateNewParam(key->cipherMech, key->symKey);
+ block->secParam = PK11_GenerateNewParam(key->cipherMech, key->symKey);
}
- block->blockSize = PK11_GetBlockSize(key->cipherMech, secParam);
+ block->blockSize = PK11_GetBlockSize(key->cipherMech, block->secParam);
block->ctx = PK11_CreateContextBySymKey(key->cipherMech, CKA_ENCRYPT,
- key->symKey, secParam);
+ key->symKey, block->secParam);
/* did an error occur? */
perr = PORT_GetError();
@@ -593,7 +605,7 @@ static apr_status_t crypto_block_encrypt
}
if (blockSize) {
- *blockSize = PK11_GetBlockSize(key->cipherMech, secParam);
+ *blockSize = PK11_GetBlockSize(key->cipherMech, block->secParam);
}
return APR_SUCCESS;
@@ -717,7 +729,6 @@ static apr_status_t crypto_block_decrypt
const apr_crypto_key_t *key, apr_pool_t *p)
{
PRErrorCode perr;
- SECItem * secParam;
apr_crypto_block_t *block = *ctx;
if (!block) {
*ctx = block = apr_pcalloc(p, sizeof(apr_crypto_block_t));
@@ -739,14 +750,14 @@ static apr_status_t crypto_block_decrypt
}
ivItem.data = (unsigned char*) iv;
ivItem.len = key->ivSize;
- secParam = PK11_ParamFromIV(key->cipherMech, &ivItem);
+ block->secParam = PK11_ParamFromIV(key->cipherMech, &ivItem);
}
else {
- secParam = PK11_GenerateNewParam(key->cipherMech, key->symKey);
+ block->secParam = PK11_GenerateNewParam(key->cipherMech, key->symKey);
}
- block->blockSize = PK11_GetBlockSize(key->cipherMech, secParam);
+ block->blockSize = PK11_GetBlockSize(key->cipherMech, block->secParam);
block->ctx = PK11_CreateContextBySymKey(key->cipherMech, CKA_DECRYPT,
- key->symKey, secParam);
+ key->symKey, block->secParam);
/* did an error occur? */
perr = PORT_GetError();
@@ -757,7 +768,7 @@ static apr_status_t crypto_block_decrypt
}
if (blockSize) {
- *blockSize = PK11_GetBlockSize(key->cipherMech, secParam);
+ *blockSize = PK11_GetBlockSize(key->cipherMech, block->secParam);
}
return APR_SUCCESS;