Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Harden UnixPkcs12Reader AllocHGlobal #98331

Merged
merged 4 commits into from
Feb 13, 2024
Merged

Harden UnixPkcs12Reader AllocHGlobal #98331

merged 4 commits into from
Feb 13, 2024

Conversation

bartonjs
Copy link
Member

  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

@bartonjs bartonjs added this to the 9.0.0 milestone Feb 13, 2024
@bartonjs bartonjs requested a review from stephentoub February 13, 2024 00:18
@bartonjs bartonjs self-assigned this Feb 13, 2024
@ghost
Copy link

ghost commented Feb 13, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details
  • Do not do the allocation and parsing in the constructor, since throwing there prevents Dispose from running
  • If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
    • Past that point it will be correctly freed by Dispose.

Replaces PRs #93647 and #97447

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security

Milestone: 9.0.0

* Do not do the allocation and parsing in the constructor, since that prevents Dispose from running
* If something goes wrong between AllocHGlobal and moving the pointer into a PointerMemoryManager, call FreeHGlobal.
  * Past that point it will be correctly freed by Dispose.
@@ -139,7 +134,7 @@ public void Dispose()

fixed (byte* ptr = tmp)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we just expose the pointer directly? It doesn't really matter; it's just a bit of a headscratcher seeing this code pin a span and then free the pointer out from under it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is the only place that combines the Pointer Memory Manager and an alloc/free; so it seems "better" to me to just have a weird line of code here than to de-encapsulate the pointer.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And/or use Unsafe.AsPointer to get the pointer instead of pinning:

Unsafe.AsPointer(ref MemoryMarshal.GetReference(tmp))

Copy link
Member

@jkotas jkotas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bartonjs bartonjs merged commit 74afd1b into dotnet:main Feb 13, 2024
111 checks passed
@bartonjs bartonjs deleted the p12mem branch February 13, 2024 05:34
@github-actions github-actions bot locked and limited conversation to collaborators Mar 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants