[Cdsa-discuss] Memory allocation bug...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

The code for CL_getAllFields from addins/intel/cssmcl/x509v3cl/crtgetal.c appears to switch between returning FieldValue data allocated via the application's allocation function and that from its own heap.

In the case of using data from CDSA's own heap, in CL_FreeFields (from freefld.c) which the spec says to use on the above result,
these two cases are missing:

            case INT_IssuerNameLDAP:
            case INT_SubjectNameLDAP:

which results, by default, in App_free being called.
Further, the following cases are accounted for but explicitly call App_free when no application allocation was actually made:

            case INT_IssuerNameCStruct:
            case INT_SubjectNameCStruct:
            case INT_SubjectPublicKeyCStruct:
            case INT_SignatureCStruct:
            case INT_CertificateCStruct:
            case INT_CertificateExtensionsCStruct:

So app free is being used on cdsa memory addresses in two erroneous ways.

I'll put a bug report in for this, but I was hoping one of the maintainers can informally describe the correct behaviour in the meantime so I can patch ahead of the 3.14 release!

Thanks,
Chris Q.