Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: unmanaged memory leak on parsing ill-formed certificates #93647

Closed
wants to merge 12 commits into from

Conversation

sstronin
Copy link
Contributor

There is a memory leak - unmanaged! - because ParsePkcs12 is called from ctors and in case of an exception is thrown allocated resources won't be released inside the call nor by GC.

@ghost ghost added the community-contribution Indicates that the PR has been added by a community member label Oct 18, 2023
@ghost
Copy link

ghost commented Oct 18, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

There is a memory leak - unmanaged! - because ParsePkcs12 is called from ctors and in case of an exception is thrown allocated resources won't be released inside the call nor by GC.

Author: sstronin
Assignees: -
Labels:

area-System.Security, community-contribution

Milestone: -

@sstronin
Copy link
Contributor Author

@dotnet-policy-service agree

@martincostello
Copy link
Member

Wouldn't the proper fix here be to implement a finalizer on the base class in UnixPkcs12Reader? That's also only touching one file, not 4.

@sstronin
Copy link
Contributor Author

I've tried to do it the simplest way. The problem is in base class, true, but it also doesn't fully implement Dispose pattern so there will be more changes to separate managed/unmanaged cleanup - and without that it looks unsafe in finalizer.

@martincostello
Copy link
Member

doesn't fully implement Dispose pattern

So shouldn't the fix be to make it so it does?

bartonjs
bartonjs previously approved these changes Jan 23, 2024
@bartonjs bartonjs self-requested a review January 23, 2024 17:18
@bartonjs bartonjs dismissed their stale review January 23, 2024 17:24

In discussion about a different approach in a different medium

@sstronin
Copy link
Contributor Author

I'll rework it to proper Dispose pattern

@bartonjs
Copy link
Member

I'll rework it to proper Dispose pattern

I think the better approach is to just remove the constructor argument and move it to a load function, that way Dispose will automatically fire and things just work.

using (Pkcs12Reader reader = new WhateverKind())
{
    reader.Load(data);
    ...
}

@sstronin
Copy link
Contributor Author

That could be done although it'll break class contract. But I think proper Dispose - with finalizer - should be implemented anyway since there is an unmanaged resource and the class is not sealed.

@bartonjs
Copy link
Member

This was addressed in #98331 by following the strategy outlined in #93647 (comment)

@bartonjs bartonjs closed this Feb 13, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Mar 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Security community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants