Thank you for reporting this problem! I fixed it in the svn but I am
also attaching a patch that you can apply directly.
Thanks again!
Aleksey
Satoshi Ito wrote:
Hello,
I am encountering an access violation in xmlSecDSigCtxDestroy when I
load a key from a PKCS#12 certificate using mscrypto. The issue seems to
be that the certificate context is freed twice in xmlSecKeyEmpty (once
through xmlSecKeyDataDestroy(key->value), and again through
xmlSecPtrListDestroy(key->dataList)). To reproduce, it seems to be
sufficient to simply create an xmlSecDSigCtx [xmlSecDSigCtxPtr dsigCtx =
xmlSecDSigCtxCreate(NULL)], load the key in the PKCS#12 certificate
[dsigCtx->signKey = xmlSecCryptoAppKeyLoad(___,
xmlSecKeyDataFormatPkcs12, ___, NULL, NULL)], and then destroy the
context immediately [xmlSecDSigCtxDestroy(dsigCtx)]. The signing itself
works if the signing code is uncommented and the call to
xmlSecDSigCtxDestroy is commented out (and can be verified). What could
I be doing wrong? (Apologies in advance if I am missing an obvious and
essential step; I am quite new to this, so please be patient with me).
Sincerely,
Satoshi Ito
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
Index: src/mscrypto/app.c
===================================================================
--- src/mscrypto/app.c (revision 988)
+++ src/mscrypto/app.c (working copy)
@@ -648,7 +648,18 @@
/* Find the certificate that has the private key */
if((TRUE == CertGetCertificateContextProperty(pCert,
CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
- keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePrivate |
xmlSecKeyDataTypePublic);
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate
| xmlSecKeyDataTypePublic);
if(keyData == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -657,6 +668,7 @@
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
+ tmpcert = NULL;
tmpcert = CertDuplicateCertificateContext(pCert);
if(tmpcert == NULL) {
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec