<GRIN>. No apology required! Rather I should be saying thanks for
picking up a rather insidious bug! Most of my testing is with the
OpenSSL API (I like Linux :>), so I've managed to clear most memory
leaks out of the main library, but clearly I've missed some pieces in
the Windows CAPI layer.
Cheers,
Berin
Steve Cullum wrote:
Berin,
Please accept my apologies
Steve
----- Original Message ----- From: "Berin Lautenbach"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Saturday, January 21, 2006 10:16 PM
Subject: Re: DO NOT REPLY [Bug 37075] - WINCAPI RSA Signatures
Destructor ~WinCAPICryptoKeyRSA does not destroy key
Steve,
I think everything you refer to below is fixed. Don't forget that the
CVS repo is now read-only - all updates are happening to SVN. Have a
look at svn.apache.org.
Cheers,
Berin
Steve Cullum wrote:
Berin,
Unfortunately i dont have my list of fixes available to me at the
moment.. im away at the moment. As soon as i get back to work i will
take a closer look.
However I have just taken a look at the WinCAPICryptoKeyDSA.cpp
from the html CVS interface and i see there is at least one fix missing
Inside bool WinCAPICryptoKeyDSA::verifyBase64Signature()
A tempory hask key "h" is created and not destroyed
BOOL fResult;
HCRYPTHASH h;
fResult = CryptCreateHash(m_p,
CALG_SHA1,
0,
0,
&h);
This one needs destroying... i am afraid !
Steve
PS...
There was a list of these problems i reported to the mailing list, i
dont think i sent them to the bugzilla.. sorry!
The mailing thread was entitled * [C++] more memory leaks
in windows WinCAPICryptoXXXX files*
<http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B102E0750A%40ukspm204.emea.corp.eds.com%3e>
Subject: *RE: [C++] Memory Leak In DSIGSignature::verify() using RSA
Signatures with WINCAPI*
<http://news.gmane.org/find-root.php?message_id=%3c4F014656062C1140880B2247EDAFD3B101068366%40ukspm204.emea.corp.eds.com%3e>
They are described in
http://news.gmane.org/gmane.text.xml.security.devel
----- Original Message -----
From: "Berin Lautenbach" <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>>
To: <[email protected] <mailto:[email protected]>>
Cc: <[email protected] <mailto:[email protected]>>;
<[email protected] <mailto:[email protected]>>;
<[email protected] <mailto:[email protected]>>
Sent: Thursday, January 19, 2006 8:26 AM
Subject: Re: [VOTE] Werner as juice committer
> Geez - for some reason I thought he already was!!!
>
> +1
>
> Cheers,
> Berin
>
>
> Davanum Srinivas wrote:
>> As part of reviving juice, can we please VOTE werner as a
committer to
>> enable him to continue his offline work? [1]
>>
>> Here's my +1.
>>
>> thanks,
>> dims
>>
>> [1] :
http://www.nabble.com/Status-of-my-upgrades-and-so-on-t945224.html
>>
>> --
>> Davanum Srinivas : http://wso2.com/blogs/
>>
>>
---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
>> For additional commands, e-mail:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
>>
>>
>>
>
>
>
> ---
> avast! Antivirus: Inbound message clean.
> Virus Database (VPS): 0603-3, 18/01/2006
> Tested on: 20/01/2006 11:50:44
> avast! - copyright (c) 1988-2005 ALWIL Software.
> http://www.avast.com
>
>
>
------------------------------------------------------------------------
avast! Antivirus <http://www.avast.com>: Outbound message clean.
Virus Database (VPS): 0603-4, 20/01/2006
Tested on: 21/01/2006 13:43:17
avast! - copyright (c) 1988-2005 ALWIL Software.
---
avast! Antivirus: Inbound message clean.
Virus Database (VPS): 0603-4, 20/01/2006
Tested on: 22/01/2006 18:44:16
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0603-4, 20/01/2006
Tested on: 22/01/2006 18:45:10
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com
