Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

possible memleak in internal CertificateManager #59538

Open
leeriorio opened this issue Dec 18, 2024 · 0 comments
Open

possible memleak in internal CertificateManager #59538

leeriorio opened this issue Dec 18, 2024 · 0 comments
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

Comments

@leeriorio
Copy link

In results of static analyze of aspnetcore sources with Svace static analyzer I was found error of cathegory HANDLE_LEAK with message

new X509Certificate2(certificatePath, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet) is not disposed at the end of the function

This error was found in internal method ImportCertificate

certificate = new X509Certificate2(certificatePath, password, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);

I see, that there working with created certificate takes specific paths that include platform point, and in variable certificate it can be stored new certificate object.

But at all, how about to add correct disposing of object?
Maybe call of SaveCertificate method should be like:

using var _ = SaveCertifiicate(certificate);

Found by Linux Verification Center (linuxtesting.org) with SVACE.

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions label Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Development

No branches or pull requests

1 participant