Skip to content

Harden UnixPkcs12Reader AllocHGlobal #98331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 13, 2024
Merged

Harden UnixPkcs12Reader AllocHGlobal #98331

merged 4 commits into from
Feb 13, 2024

Conversation

bartonjs
Copy link
Member

  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

@bartonjs bartonjs added this to the 9.0.0 milestone Feb 13, 2024
@bartonjs bartonjs requested a review from stephentoub February 13, 2024 00:18
@bartonjs bartonjs self-assigned this Feb 13, 2024
@ghost
Copy link

ghost commented Feb 13, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details
  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security
Milestone: 9.0.0

@bartonjs
Harden UnixPkcs12Reader AllocHGlobal
24e52ad 
* Do not do the allocation and parsing in the constructor, since that prevents Dispose from running
* If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
  * Past that point it will be correctly freed by Dispose.
stephentoub
stephentoub reviewed Feb 13, 2024
View reviewed changes
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs Outdated
Span<byte> tmp = _tmpManager.GetSpan();
CryptographicOperations.ZeroMemory(tmp);

fixed (byte* ptr = tmp)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we just expose the pointer directly? It doesn't really matter; it's just a bit of a headscratcher seeing this code pin a span and then free the pointer out from under it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is the only place that combines the Pointer Memory Manager and an alloc/free; so it seems "better" to me to just have a weird line of code here than to de-encapsulate the pointer.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And/or use Unsafe.AsPointer to get the pointer instead of pinning:

Unsafe.AsPointer(ref MemoryMarshal.GetReference(tmp))

jkotas
jkotas approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@jkotas jkotas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bartonjs bartonjs merged commit 74afd1b into dotnet:main Feb 13, 2024
This was referenced Feb 13, 2024
Closed
Closed
@bartonjs bartonjs deleted the p12mem branch February 13, 2024 05:34
@github-actions github-actions bot locked and limited conversation to collaborators Mar 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub approved these changes

@jkotas jkotas jkotas approved these changes

Assignees

@bartonjs bartonjs

Labels

area-System.Security

Projects

None yet

Milestone

9.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@bartonjs @stephentoub @jkotas