Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix bcrypt api misuse caused memory leak #2919

Merged
merged 4 commits into from
Apr 18, 2024
Merged

fix bcrypt api misuse caused memory leak #2919

merged 4 commits into from
Apr 18, 2024

Conversation

normanade
Copy link
Contributor

@normanade normanade commented Apr 11, 2024
edited
Loading

Issue #2918 , if available: S3Client Leaks Memory on Windows caused by BCrypt API Misuse

Description of changes: fix bcrypt api misuse by deconstructing member variables without ommision

Check all that applies:

  • Did a review by yourself.
  • Added proper tests to cover this PR. (If tests are not applicable, explain: memory leaks is not easily detected by test code)
  • Checked if this PR is a breaking (APIs have been changed) change.
  • Checked if this PR will not introduce cross-platform inconsistent behavior.
  • Checked if this PR would require a ReadMe/Wiki update.

Check which platforms you have built SDK on to verify the correctness of this PR.

  • Linux
  • Windows
  • Android
  • MacOS
  • IOS
  • Other Platforms

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

SergeyRyabinin
SergeyRyabinin reviewed Apr 11, 2024
View reviewed changes
src/aws-cpp-sdk-core/source/utils/crypto/bcrypt/CryptoImpl.cpp
}

bool IsValid() const { return m_isValid; }

BCRYPT_HASH_HANDLE m_hashHandle;
bool m_isValid;
DWORD m_hashObjectLength;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hello, thanks a lot for this great finding
it seems that you have forgotten to add m_hashBufferLength here
(or more likely have accidentally added m_hashBufferLength to the c-tor member init list).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hello, thanks a lot for this great finding it seems that you have forgotten to add m_hashBufferLength here (or more likely have accidentally added m_hashBufferLength to the c-tor member init list).

yes, there is a typo there, should be m_hashObjectLength, fixed that in the newest commit. Btw, the caller of BCryptHashContext::BCryptHashContext() had missed to remove redundant parameters, also fixed that.

@normanade
Copy link
Contributor Author

double checked, existing typos has been fixed by now, request merge again

@DmitriyMusatkin DmitriyMusatkin merged commit f2ea5c7 into aws:main Apr 18, 2024
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SergeyRyabinin SergeyRyabinin SergeyRyabinin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@normanade @SergeyRyabinin @DmitriyMusatkin