Skip to content

Fix OSSL_STORE_INFO leak#129446

Open
vcsjones wants to merge 2 commits into
dotnet:mainfrom
vcsjones:ossl-fix-store-leak
Open

Fix OSSL_STORE_INFO leak#129446
vcsjones wants to merge 2 commits into
dotnet:mainfrom
vcsjones:ossl-fix-store-leak

Conversation

@vcsjones

@vcsjones vcsjones commented Jun 15, 2026

Copy link
Copy Markdown
Member

Nothing was freeing the OSSL_STORE_INFO when the type was OSSL_STORE_INFO_PKEY.

Copilot AI review requested due to automatic review settings June 15, 2026 22:57
@vcsjones

vcsjones commented Jun 15, 2026

Copy link
Copy Markdown
Member Author

Draft until #129435 is merged as that re-enables the test that will exercise this PR.

@dotnet-policy-service

dotnet-policy-service Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Jun 15, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a resource leak in the OpenSSL 3 provider-based key-loading path by ensuring OSSL_STORE_INFO* is freed when a private key (OSSL_STORE_INFO_PKEY) entry is encountered.

Changes:

  • Free OSSL_STORE_INFO* info after extracting the EVP_PKEY* via OSSL_STORE_INFO_get1_PKEY(info) in CryptoNative_LoadKeyFromProvider, preventing a leak on the break path.
Show a summary per file
File Description
src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c Ensures OSSL_STORE_INFO is freed on the OSSL_STORE_INFO_PKEY early-exit path to prevent leaking store entries.

Copilot's findings

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

@build-analysis build-analysis Bot mentioned this pull request Jun 16, 2026
Open
3 tasks
@vcsjones vcsjones marked this pull request as ready for review June 16, 2026 16:44
@vcsjones vcsjones enabled auto-merge (squash) June 16, 2026 17:57
This was referenced Jun 16, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vcsjones @bartonjs