The InhibitAnyPolicyExtension has been modified to always close the DerOutputStream instance.
The InhibitAnyPolicyExtDefault has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata
>From 2df13e14e79d048deb5865ad7752dd4a1300b195 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Thu, 3 Nov 2016 02:46:30 +0100 Subject: [PATCH] Fixed resource leak in InhibitAnyPolicyExtension. The InhibitAnyPolicyExtension has been modified to always close the DerOutputStream instance. The InhibitAnyPolicyExtDefault has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 --- .../cms/profile/def/InhibitAnyPolicyExtDefault.java | 19 ++++++++++++------- .../extensions/InhibitAnyPolicyExtension.java | 8 +++++--- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index 2c176593a947ad24f83fae1de90195a092939080..bf9d0d5d53869ac15fe37c64354cb6cafc7adcd5 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,13 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; +import java.io.IOException; import java.math.BigInteger; import java.util.Locale; -import netscape.security.extensions.InhibitAnyPolicyExtension; -import netscape.security.util.BigInt; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; @@ -33,6 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import netscape.security.extensions.InhibitAnyPolicyExtension; +import netscape.security.util.BigInt; +import netscape.security.x509.X509CertInfo; + /** * This class implements an inhibit Any-Policy extension * @@ -157,10 +158,10 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); - } catch (EProfileException e) { + } catch (Exception e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + locale, "CMS_INVALID_PROPERTY", name), e); } } @@ -246,7 +247,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { String str = getConfig(CONFIG_SKIP_CERTS); if (str == null || str.equals("")) { - ext = new InhibitAnyPolicyExtension(); + try { + ext = new InhibitAnyPolicyExtension(); + } catch (IOException e) { + throw new EProfileException(e); + } ext.setCritical(critical); } else { BigInt val = null; diff --git a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java index 40b824fa4615323186eb8d5c12755d34e6697675..87c19f384205f31d375030d10ff93e21ea276679 100644 --- a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java +++ b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java @@ -61,11 +61,11 @@ public class InhibitAnyPolicyExtension } } - public InhibitAnyPolicyExtension() { + public InhibitAnyPolicyExtension() throws IOException { this(false, null); } - public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) { + public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) throws IOException { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); } catch (IOException e) { @@ -170,11 +170,13 @@ public class InhibitAnyPolicyExtension } } - private void encodeExtValue() { + private void encodeExtValue() throws IOException { DerOutputStream out = new DerOutputStream(); try { out.putInteger(mSkipCerts); } catch (IOException e) { + } finally { + out.close(); } extensionValue = out.toByteArray(); } -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel