[xmlsec] Access violation on xmlSecDSigCtxDestroy when loading a PKCS#12 certificate using mscrypto

Fri May 23 09:34:29 PDT 2008

Thank you for reporting this problem! I fixed it in the svn but I am
also attaching a patch that you can apply directly.

Thanks again!
Aleksey

Satoshi Ito wrote:
> Hello,
> 
> I am encountering an access violation in xmlSecDSigCtxDestroy when I 
> load a key from a PKCS#12 certificate using mscrypto. The issue seems to 
> be that the certificate context is freed twice in xmlSecKeyEmpty (once 
> through xmlSecKeyDataDestroy(key->value), and again through 
> xmlSecPtrListDestroy(key->dataList)). To reproduce, it seems to be 
> sufficient to simply create an xmlSecDSigCtx [xmlSecDSigCtxPtr dsigCtx = 
> xmlSecDSigCtxCreate(NULL)], load the key in the PKCS#12 certificate 
> [dsigCtx->signKey = xmlSecCryptoAppKeyLoad(___, 
> xmlSecKeyDataFormatPkcs12, ___, NULL, NULL)], and then destroy the 
> context immediately [xmlSecDSigCtxDestroy(dsigCtx)]. The signing itself 
> works if the signing code is uncommented and the call to 
> xmlSecDSigCtxDestroy is commented out (and can be verified). What could 
> I be doing wrong? (Apologies in advance if I am missing an obvious and 
> essential step; I am quite new to this, so please be patient with me).
> 
>  
> 
> Sincerely,
> 
> Satoshi Ito
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
Index: src/mscrypto/app.c
===================================================================

--- src/mscrypto/app.c	(revision 988)
+++ src/mscrypto/app.c	(working copy)
@@ -648,7 +648,18 @@
 
 	/* Find the certificate that has the private key */
 	if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
-	    keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+	    tmpcert = CertDuplicateCertificateContext(pCert);
+	    if(tmpcert == NULL) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+			    NULL,
+			    "CertDuplicateCertificateContext",
+			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			    "data=%s",
+			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+		goto done;
+	    }
+
+	    keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
 	    if(keyData == NULL) {
 		xmlSecError(XMLSEC_ERRORS_HERE,
 			    NULL,
@@ -657,6 +668,7 @@
 			    XMLSEC_ERRORS_NO_MESSAGE);
 		goto done;
 	    }
+        tmpcert = NULL;
 	
 	    tmpcert = CertDuplicateCertificateContext(pCert);
 	    if(tmpcert == NULL) {
