From 29534320cdfd11f0a48b20fde4169bd9b178da58 Mon Sep 17 00:00:00 2001 From: Ivan Gerasimov Date: Thu, 7 Dec 2017 11:21:47 -0800 Subject: [PATCH] 8187496: Possible memory leak in java.apple.security.KeychainStore.addItemToKeychain Reviewed-by: weijun, mullan, ahgross --- .../native/libosxsecurity/KeystoreImpl.m | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m index 9df3e3c9562..e678bce28de 100644 --- a/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m +++ b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m @@ -438,12 +438,11 @@ JNIEXPORT jbyteArray JNICALL Java_apple_security_KeychainStore__1getEncodedKeyDa if (passwordChars == NULL) { goto errOut; } - passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen); - // clear the password and release - memset(passwordChars, 0, passwordLen); - (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, - JNI_ABORT); + passwordStrRef = CFStringCreateWithCharactersNoCopy(NULL, passwordChars, passwordLen, kCFAllocatorNull); + if (passwordStrRef == NULL) { + goto errOut; + } } } @@ -471,7 +470,12 @@ JNIEXPORT jbyteArray JNICALL Java_apple_security_KeychainStore__1getEncodedKeyDa errOut: if (exportedData) CFRelease(exportedData); if (passwordStrRef) CFRelease(passwordStrRef); - + if (passwordChars) { + // clear the password and release + memset(passwordChars, 0, passwordLen); + (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, + JNI_ABORT); + } return returnValue; } @@ -538,12 +542,11 @@ JNF_COCOA_ENTER(env); if (passwordChars == NULL) { goto errOut; } - passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen); - // clear the password and release - memset(passwordChars, 0, passwordLen); - (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, - JNI_ABORT); + passwordStrRef = CFStringCreateWithCharactersNoCopy(NULL, passwordChars, passwordLen, kCFAllocatorNull); + if (passwordStrRef == NULL) { + goto errOut; + } } } @@ -581,7 +584,14 @@ JNF_COCOA_ENTER(env); CFRelease(createdItems); } -errOut: ; +errOut: + if (passwordStrRef) CFRelease(passwordStrRef); + if (passwordChars) { + // clear the password and release + memset(passwordChars, 0, passwordLen); + (*env)->ReleaseCharArrayElements(env, passwordObj, passwordChars, + JNI_ABORT); + } JNF_COCOA_EXIT(env);