[Bug 20984] New: CRYPT_GetDefaultProvider-related leak in crypt32/tests/message.c
wine-bugs at winehq.org
wine-bugs at winehq.org
Thu Dec 10 12:23:14 CST 2009
http://bugs.winehq.org/show_bug.cgi?id=20984
Summary: CRYPT_GetDefaultProvider-related leak in
crypt32/tests/message.c
Product: Wine
Version: 1.1.34
Platform: PC
OS/Version: Linux
Status: NEW
Keywords: download, source, testcase
Severity: normal
Priority: P2
Component: crypt32
AssignedTo: wine-bugs at winehq.org
ReportedBy: dank at kegel.com
Juan writes:
-- snip --
The key leaked in
http://kegel.com/wine/valgrind/logs/2009-12-08-09.24/vg-crypt32_message.txt
972 bytes in 1 blocks are definitely lost
at notify_alloc (heap.c:247)
by RtlAllocateHeap (heap.c:1697)
by new_object (handle.c:359)
by new_key (rsaenh.c:834)
by import_public_key (rsaenh.c:2777)
by import_key (rsaenh.c:2973)
by RSAENH_CPImportKey (rsaenh.c:3020)
by CryptImportKey (crypt.c:1827)
by CRYPT_ImportRsaPublicKeyInfoEx (encode.c:4786)
by CryptImportPublicKeyInfoEx (encode.c:4819)
by CryptImportPublicKeyInfo (encode.c:4757)
by CDecodeSignedMsg_VerifySignatureWithKey (msg.c:2554)
by CDecodeSignedMsg_VerifySignature (msg.c:2613)
by CDecodeMsg_Control (msg.c:2668)
by CryptMsgControl (msg.c:2805)
by CryptVerifyDetachedMessageSignature (message.c:164)
by test_verify_detached_message_signature (message.c:403)
should be suppressed. Feel free to open a bug if you like so you can
reference it. The existing bug about a leak in rsaenh, 20684, doesn't
seem appropriate, as it may not cover this case.
Here's the scoop: the leak comes from
test_verify_detached_message_signature. This calls
CryptVerifyDetachedMessageSignature, with one of its arguments being a
pointer to a CRYPT_VERIFY_MESSAGE_PARA structure. This calls
CryptMsgOpenToDecode, passing as the crypto provider the provider set
in the CRYPT_VERIFY_MESSAGE_PARA structure... except that it's 0. If
it's 0, it calls CRYPT_GetDefaultProvider(), and sets an internal flag
indicating the the crypto provider shouldn't be unloaded, since it's
process-wide. There's that famous CRYPT_GetDefaultProvider again: it
can't be unloaded by crypt32, so it leaks whatever it's got, including
the last set of keys that get set into it.
-- snip --
Filing bug for reference, I'll add a suppression.
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list