The ExtendedKeyUsageExtension has been modified to always close the DerOutputStream instance.
The ExtendedKeyUsageExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata
>From 84f1a31f3b5b5e1e301315dbea82e9bc428113b7 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 3 Nov 2016 02:43:53 +0100 Subject: [PATCH] Fixed resource leak in ExtendedKeyUsageExtension. The ExtendedKeyUsageExtension has been modified to always close the DerOutputStream instance. The ExtendedKeyUsageExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 --- .../cms/policy/extensions/ExtendedKeyUsageExt.java | 18 +++++++++++------- .../security/extensions/ExtendedKeyUsageExtension.java | 8 +++++--- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/base/server/cms/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java index 5f33efe1b51d145fbeb2ad934f438201f09e6ad7..4ba834dbeea8b97835da08635537f467f120caae 100644 --- a/base/server/cms/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java +++ b/base/server/cms/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java @@ -22,12 +22,6 @@ import java.security.cert.CertificateException; import java.util.Locale; import java.util.Vector; -import netscape.security.extensions.ExtendedKeyUsageExtension; -import netscape.security.util.ObjectIdentifier; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; @@ -39,6 +33,12 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; +import netscape.security.extensions.ExtendedKeyUsageExtension; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X509CertInfo; + /** * This implements the extended key usage extension. * <P> @@ -84,7 +84,11 @@ public class ExtendedKeyUsageExt extends APolicyRule mConfig = config; setExtendedPluginInfo(); setupParams(); - mExtendedKeyUsage = new ExtendedKeyUsageExtension(mCritical, mUsages); + try { + mExtendedKeyUsage = new ExtendedKeyUsageExtension(mCritical, mUsages); + } catch (IOException e) { + throw new EBaseException(e); + } } /** diff --git a/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java b/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java index a966ca1dbba66443454411546e0f80ced901897a..c9c8acfabd4ae3590c44f424b5c401ec00fbc6d2 100644 --- a/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java +++ b/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java @@ -66,11 +66,11 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet } } - public ExtendedKeyUsageExtension() { + public ExtendedKeyUsageExtension() throws IOException { this(false, null); } - public ExtendedKeyUsageExtension(boolean crit, Vector<ObjectIdentifier> oids) { + public ExtendedKeyUsageExtension(boolean crit, Vector<ObjectIdentifier> oids) throws IOException { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); } catch (IOException e) { @@ -200,7 +200,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet } } - private void encodeExtValue() { + private void encodeExtValue() throws IOException { DerOutputStream out = new DerOutputStream(); DerOutputStream temp = new DerOutputStream(); @@ -219,6 +219,8 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet try { out.write(DerValue.tag_Sequence, temp); } catch (IOException ex) { + } finally { + out.close(); } extensionValue = out.toByteArray(); -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel