Re: [xmlsec] Access violation on xmlSecDSigCtxDestroy when loading a PKCS#12 certificate using mscrypto

Fri, 23 May 2008 09:34:46 -0700 

Thank you for reporting this problem! I fixed it in the svn but I am
also attaching a patch that you can apply directly.

Thanks again!
Aleksey

Satoshi Ito wrote:

Hello,
I am encountering an access violation in xmlSecDSigCtxDestroy when I load a key from a PKCS#12 certificate using mscrypto. The issue seems to be that the certificate context is freed twice in xmlSecKeyEmpty (once through xmlSecKeyDataDestroy(key->value), and again through xmlSecPtrListDestroy(key->dataList)). To reproduce, it seems to be sufficient to simply create an xmlSecDSigCtx [xmlSecDSigCtxPtr dsigCtx = xmlSecDSigCtxCreate(NULL)], load the key in the PKCS#12 certificate [dsigCtx->signKey = xmlSecCryptoAppKeyLoad(___, xmlSecKeyDataFormatPkcs12, ___, NULL, NULL)], and then destroy the context immediately [xmlSecDSigCtxDestroy(dsigCtx)]. The signing itself works if the signing code is uncommented and the call to xmlSecDSigCtxDestroy is commented out (and can be verified). What could I be doing wrong? (Apologies in advance if I am missing an obvious and essential step; I am quite new to this, so please be patient with me). 


Sincerely,

Satoshi Ito


------------------------------------------------------------------------

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Index: src/mscrypto/app.c
===================================================================
--- src/mscrypto/app.c  (revision 988)
+++ src/mscrypto/app.c  (working copy)
@@ -648,7 +648,18 @@
 
        /* Find the certificate that has the private key */
        if((TRUE == CertGetCertificateContextProperty(pCert, 
CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
-           keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePrivate | 
xmlSecKeyDataTypePublic);
+           tmpcert = CertDuplicateCertificateContext(pCert);
+           if(tmpcert == NULL) {
+               xmlSecError(XMLSEC_ERRORS_HERE,
+                           NULL,
+                           "CertDuplicateCertificateContext",
+                           XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                           "data=%s",
+                           
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+               goto done;
+           }
+
+           keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate 
| xmlSecKeyDataTypePublic);
            if(keyData == NULL) {
                xmlSecError(XMLSEC_ERRORS_HERE,
                            NULL,
@@ -657,6 +668,7 @@
                            XMLSEC_ERRORS_NO_MESSAGE);
                goto done;
            }
+        tmpcert = NULL;
        
            tmpcert = CertDuplicateCertificateContext(pCert);
            if(tmpcert == NULL) {

_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to