Closed
Bug 1234417
Opened 9 years ago
Closed 9 years ago
CreateECPublicKey leaks a reference to the internal PKCS#11 slot
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
mozilla46
| Tracking | Status | |
|---|---|---|
| firefox46 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
CreateECPublicKey creates a SECKEYPublicKey allocated on a scoped arena. It then calls CryptoKey::PublicKeyValid, which has the side-effect of importing the key to the internal PKCS#11 slot. When the arena goes out of scope, the memory for the key is released, but the reference to the slot isn't, causing a leak.
(This can be reproduced by running `NSPR_LOG_MODULES=pipnss:5 ./mach xpcshell-test dom/push/test/xpcshell/test_notification_data.js` and observing the string "NSS SHUTDOWN FAILURE" in the output.)
|
Assignee | |
Comment 1•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/28905/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/28905/
Attachment #8701142 -
Flags: review?(rlb)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8701142 [details]
MozReview Request: bug 1234417 - fix a leak in CreateECPublicKey r?rbarnes
LGTM. I wrote it but I think I can't give r+.
Attachment #8701142 -
Flags: feedback+
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8701142 [details]
MozReview Request: bug 1234417 - fix a leak in CreateECPublicKey r?rbarnes
https://reviewboard.mozilla.org/r/28905/#review25887
LGTM. Thanks for the catch, Keeler!
Attachment #8701142 -
Flags: review?(rlb) → review+
|
||
Comment 5•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in
before you can comment on or make changes to this bug.
Description
•