Hello Jesse, I have just commited patch to OpenSSLCryptoBase64.cpp :
http://cvs.apache.org/viewcvs.cgi/xml-security/c/src/enc/OpenSSL/OpenSSL CryptoBase64.cpp?rev=1.9&view=log We are very thankful to you for your bug report and suggestions you provide on this mailing list. Best regards, Milan > -----Original Message----- > From: Jesse Pelton [mailto:[EMAIL PROTECTED] > Sent: Friday, March 25, 2005 4:11 PM > To: security-dev@xml.apache.org > Subject: RE: XML-Security-C memory leak > > > It has been a couple of weeks, and this change doesn't seem > to have been made. I'd be happy to file a bug report to > track the issue if there isn't time to address it soon. > Likewise for the OpenSSL bas64 line length issue I raised on the 18th. > > > -----Original Message----- > > From: Berin Lautenbach [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 08, 2005 5:43 AM > > To: security-dev@xml.apache.org > > Subject: Re: XML-Security-C memory leak > > > > Jesse Pelton wrote: > > > OpenSSLCryptoBase64::b642BN() leaks memory in the following line: > > > > > > return BN_dup(BN_bin2bn(buf, bufLen, NULL)); > > > > > > BN_bin2bn() allocates a BIGNUM, so there's no need to dup > > it, and doing > > > so causes the first one to leak. > > > > Thanks! Will fix in CVS on the weekend. > > > > Cheers, > > Berin >
