[xmlsec] Memory leak in xmlSecMSCryptoAppKeysMngrCertLoadMemory

Satoshi Ito satoshi.ito at Laserfiche.com
Mon Sep 19 11:13:55 PDT 2011


Hello,
I noticed that xmlSecMSCryptoAppKeysMngrCertLoadMemory (v1.2.18 mscrypto\app.c:867 ) leaks memory on each successful call. This seems to be because the PCCERT_CONTEXT constructed from the buffer is freed only when xmlSecMSCryptoX509StoreAdoptCert (v1.2.18 mscrypto\x509vfy.c:582) fails (according to MSDN, CertAddCertificateContextToStore creates a copy of the context and adds the copy to the store, so the original PCCERT_CONTEXT is leaked on success). I think you can safely get around this by adding CertFreeCertificateContext(pCert) before the return(0) on mscrypto\app.c:924, but please correct me if I'm misunderstanding something.

Sincerely,
Satoshi Ito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110919/a5076b92/attachment.html>


More information about the xmlsec mailing list