It has been a couple of weeks, and this change doesn't seem to have been made. I'd be happy to file a bug report to track the issue if there isn't time to address it soon. Likewise for the OpenSSL bas64 line length issue I raised on the 18th.
> -----Original Message----- > From: Berin Lautenbach [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 08, 2005 5:43 AM > To: security-dev@xml.apache.org > Subject: Re: XML-Security-C memory leak > > Jesse Pelton wrote: > > OpenSSLCryptoBase64::b642BN() leaks memory in the following line: > > > > return BN_dup(BN_bin2bn(buf, bufLen, NULL)); > > > > BN_bin2bn() allocates a BIGNUM, so there's no need to dup > it, and doing > > so causes the first one to leak. > > Thanks! Will fix in CVS on the weekend. > > Cheers, > Berin
