[Libreoffice-commits] core.git: svl/source

Noel Grandin (via logerrit) logerrit at kemper.freedesktop.org
Mon May 17 18:24:02 UTC 2021 

 svl/source/crypto/cryptosign.cxx |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

New commits:
commit 47ecc718e466db4d3976b697002f5d0a34b1a885
Author:     Noel Grandin <noel.grandin at collabora.co.uk>
AuthorDate: Mon May 17 19:42:05 2021 +0200
Commit:     Noel Grandin <noel.grandin at collabora.co.uk>
CommitDate: Mon May 17 20:23:20 2021 +0200

    fix some leaks in Signing
    
    Change-Id: I1104e0611dbfbf18858cbae64bfbbbcd03d176f3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/115717
    Tested-by: Jenkins
    Reviewed-by: Noel Grandin <noel.grandin at collabora.co.uk>

diff --git a/svl/source/crypto/cryptosign.cxx b/svl/source/crypto/cryptosign.cxx
index 70696dafce50..61e9f6649cd9 100644
--- a/svl/source/crypto/cryptosign.cxx
+++ b/svl/source/crypto/cryptosign.cxx
@@ -1223,6 +1223,8 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     aCertID.hashAlgorithm.algorithm.data = nullptr;
     aCertID.hashAlgorithm.parameters.data = nullptr;
     SECOID_SetAlgorithmID(nullptr, &aCertID.hashAlgorithm, SEC_OID_SHA256, nullptr);
+    comphelper::ScopeGuard aAlgoGuard(
+        [&aCertID] () { SECOID_DestroyAlgorithmID(&aCertID.hashAlgorithm, false); } );
     // Write ESSCertIDv2.certHash.
     SECItem aCertHashItem;
     auto pDerEncoded = reinterpret_cast<const unsigned char *>(aDerEncoded.getArray());
@@ -1273,6 +1275,8 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
         SAL_WARN("svl.crypto", "my_SEC_StringToOID() failed");
         return false;
     }
+    comphelper::ScopeGuard aGuard(
+        [&aOidData] () { SECITEM_FreeItem(&aOidData.oid, false); } );
     aOidData.offset = SEC_OID_UNKNOWN;
     aOidData.desc = "id-aa-signingCertificateV2";
     aOidData.mechanism = CKM_SHA_1;
@@ -1292,7 +1296,7 @@ bool Signing::Sign(OStringBuffer& rCMSHexBuffer)
     cms_output.len = 0;
     PLArenaPool *arena = PORT_NewArena(10000);
     const ::comphelper::ScopeGuard aScopeGuard(
-        [&arena]() mutable { free(arena); } );
+        [&arena]() mutable { PORT_FreeArena(arena, true); } );
     NSSCMSEncoderContext *cms_ecx;
 
     // Possibly it would work to even just pass NULL for the password callback function and its
@@ -2100,6 +2104,7 @@ bool Signing::Verify(const std::vector<unsigned char>& aData,
     }
 
     // Everything went fine
+    SECITEM_FreeItem(&aOidData.oid, false);
     PORT_Free(pActualResultBuffer);
     HASH_Destroy(pHASHContext);
     NSS_CMSSignerInfo_Destroy(pCMSSignerInfo);

More information about the Libreoffice-commits mailing list