Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8303607

SunMSCAPI provider leaks memory and keys

    XMLWordPrintable

Details

    • b13
    • x86
    • windows_xp

    Backports

      Description

        In some (if not all) cases the SunMSCAPI provider leaks keys. When getting the keys and building certificate chains the provider silently gets the keys as a test which are then freed. The Windows API for CryptAcquireCertificatePrivateKey details that the caller needs to release the key if the output value of pfCallerFreeProvOrNCryptKey is true. The existing code handled this case but did not use the correct free in all cases. There's a second output (pdwKeySpec) value which tells you whether to use CryptReleaseContext or NCryptFreeObject. However the current code always calls CryptReleaseContext.

        Here's a repro case (watch the handle counts in the windows task manager grow) for both java.exe and lsass.exe

        Note that this issue existed prior to the support for localmachine stores was added

        import java.security.*;

        class AcpTest {
            public static void main(String[] args)
            {
                try {
                    while (true)
                    {
                        KeyStore keyStore = KeyStore.getInstance("Windows-MY");
                        keyStore.load(null, null);
                    }
                } catch (Exception ex) {
                    System.out.println("Error!");
                    ex.printStackTrace();
                }
            }
        }

        Attachments

          Issue Links

            Activity

              People

                macarte Mat Carter
                macarte Mat Carter
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: