Skip to content

Harden UnixPkcs12Reader AllocHGlobal#98331

Merged
bartonjs merged 4 commits intodotnet:mainfrom
bartonjs:p12mem
Feb 13, 2024
Merged

Harden UnixPkcs12Reader AllocHGlobal#98331
bartonjs merged 4 commits intodotnet:mainfrom
bartonjs:p12mem

Conversation

@bartonjs
Copy link
Member

@bartonjs bartonjs commented Feb 13, 2024

  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

@bartonjs bartonjs added this to the 9.0.0 milestone Feb 13, 2024
@bartonjs bartonjs requested a review from stephentoub February 13, 2024 00:18
@bartonjs bartonjs self-assigned this Feb 13, 2024
@ghost
Copy link

ghost commented Feb 13, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details
  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security
Milestone: 9.0.0

@bartonjs
Harden UnixPkcs12Reader AllocHGlobal
24e52ad 
* Do not do the allocation and parsing in the constructor, since that prevents Dispose from running
* If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
  * Past that point it will be correctly freed by Dispose.
stephentoub
stephentoub reviewed Feb 13, 2024
View reviewed changes
....Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs Outdated
@@ -139,7 +134,7 @@ public void Dispose()

fixed (byte* ptr = tmp)
Copy link
Member

@stephentoub stephentoub Feb 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we just expose the pointer directly? It doesn't really matter; it's just a bit of a headscratcher seeing this code pin a span and then free the pointer out from under it.

Copy link
Member Author

@bartonjs bartonjs Feb 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is the only place that combines the Pointer Memory Manager and an alloc/free; so it seems "better" to me to just have a weird line of code here than to de-encapsulate the pointer.

Copy link
Member

@jkotas jkotas Feb 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And/or use Unsafe.AsPointer to get the pointer instead of pinning:

Unsafe.AsPointer(ref MemoryMarshal.GetReference(tmp))

jkotas
jkotas approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@jkotas jkotas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bartonjs bartonjs merged commit 74afd1b into dotnet:main Feb 13, 2024
This was referenced Feb 13, 2024
Closed
Closed
@bartonjs bartonjs deleted the p12mem branch February 13, 2024 05:34
@github-actions github-actions bot locked and limited conversation to collaborators Mar 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub approved these changes

@jkotas jkotas jkotas approved these changes

Assignees

@bartonjs bartonjs

Labels

area-System.Security

Projects

None yet

Milestone

9.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@bartonjs @stephentoub @jkotas