[xmlsec] Memory leak when verifying xml

Luka Por luka at zrcalo.si
Fri May 13 17:30:37 PDT 2005


I have a problem. I using xmlsec 1.2.8 mscrypto for signing/verifying 
xml. that's work great.
when i verify a lot of same xml, task manager show me that memory grows 
(leaks). My code looks :

int verify_xml(const char* xml, int xmlLen, const char *signedNodeName) {
  xmlDocPtr doc = NULL;
  xmlNodePtr node = NULL;
  xmlSecDSigCtxPtr dsigCtx = NULL;
  xmlNodePtr keyInfo, x509Data, x509Certificate = NULL;
  xmlChar *certEncode;
  tByte *certBin;
  int  certBinLen;

  xmlSecKeysMngrPtr keyMngr;
  HCERTSTORE hKeyStore;
 
  if((xml == NULL) || (xmlLen < 1)) {
      return -1;
    }

  /* load doc from memory */
  doc = xmlParseMemory(xml, xmlLen);
  if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
    if(doc != NULL) {
      xmlFreeDoc(doc);
    }
      return -2;
  }

  /* find signed node */
  node = zrcXmlFindNode(xmlDocGetRootElement(doc), signedNodeName);
  if(node == NULL) {
    xmlFreeDoc(doc);
      return -2;
  }

  xmlSecAddIDs(doc, node, xmlSecEncIds);
   
  /* find start node */
  node = zrcXmlFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature);
  if(node == NULL) {
    xmlFreeDoc(doc);
      return -3;
  }

  keyInfo = zrcXmlFindNode(node, xmlSecNodeKeyInfo);
  if(keyInfo == NULL) {
    xmlFreeDoc(doc);
      return -4;
  }

  x509Data = zrcXmlFindNode(keyInfo, xmlSecNodeX509Data);
  if(x509Data == NULL) {
    xmlFreeDoc(doc);
      return -5;
  }
 
  x509Certificate = zrcXmlFindNode(x509Data, xmlSecNodeX509Certificate);
  if(x509Certificate == NULL) {
    xmlFreeDoc(doc);
      return -6;
  }

  /* create the key mngr */
  keyMngr = xmlSecKeysMngrCreate() ;


  certEncode = xmlNodeListGetString(doc, 
x509Certificate->xmlChildrenNode, 0);
  if(certEncode == NULL) {
    xmlFreeDoc(doc);
    return -77;
  }

  certBinLen = B64_Decode(certEncode, &certBin);
  if(certBinLen <= 0) {
    xmlFree(certEncode);
    xmlFreeDoc(doc);
    return -8;
  }
  xmlFree(certEncode);

  hKeyStore = CertOpenStore( CERT_STORE_PROV_MEMORY,   // The memory 
provider type
                                0,                        // The 
encoding type is not needed
                                0,                        // Use the 
default HCRYPTPROV
                                0,                        // Accept the 
default dwFlags
                                NULL                       // pvPara is 
not used
                             );


   //add certificate
   CertAddEncodedCertificateToStore(hKeyStore, PKCS_7_ASN_ENCODING || 
X509_ASN_ENCODING, certBin, certBinLen,  CERT_STORE_ADD_ALWAYS, NULL);

  /* add cert store to the mngr */
  xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(keyMngr, hKeyStore);

   /* create signature context, we don't need keys manager in this 
example */
  dsigCtx = xmlSecDSigCtxCreate(keyMngr);
  if(dsigCtx == NULL) {
    xmlFreeDoc(doc);
    xmlSecKeysMngrDestroy(keyMngr);
    CertCloseStore(hKeyStore, 0);
    return -7;
  }

  /* load public key */
  dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory(certBin, certBinLen, 
xmlSecKeyDataFormatCertDer, NULL, NULL, NULL);
  if(dsigCtx->signKey == NULL) {
    free(certBin);
    xmlSecDSigCtxDestroy(dsigCtx);
    xmlFreeDoc(doc);
    xmlSecKeysMngrDestroy(keyMngr);
    CertCloseStore(hKeyStore, 0);
    return -9;
  }
  free(certBin);
 
  /* Verify signature */
  if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
    xmlSecDSigCtxDestroy(dsigCtx);
    xmlFreeDoc(doc);
    xmlSecKeysMngrDestroy(keyMngr);
    CertCloseStore(hKeyStore, 0);
    return -10; 
  }
    
  /* print verification result to stdout */
  if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
    xmlSecDSigCtxDestroy(dsigCtx);
      xmlFreeDoc(doc);
    xmlSecKeysMngrDestroy(keyMngr);
    CertCloseStore(hKeyStore, 0);

      return 0;
  } else {
    xmlSecDSigCtxDestroy(dsigCtx);
      xmlFreeDoc(doc);
    xmlSecKeysMngrDestroy(keyMngr);
    CertCloseStore(hKeyStore, 0);
      return -11;
  }   
}


Program:
Init()
SignXml(...)
while(1) {
  verify_xml(..)
}
Done()

Any suggestions, thanks in advance
Luka Por


More information about the xmlsec mailing list