Fixed resource leak in InhibitAnyPolicyExtension.

The InhibitAnyPolicyExtension has been modified to always close
the DerOutputStream instance.

The InhibitAnyPolicyExtDefault has been modified to wrap the
original exception.

https://fedorahosted.org/pki/ticket/2530

2 files changed, 17 insertions, 10 deletions

diff --git a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
index 2c176593a..bf9d0d5d5 100644
--- a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
+++ b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
+import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
 
-import netscape.security.extensions.InhibitAnyPolicyExtension;
-import netscape.security.util.BigInt;
-import netscape.security.x509.X509CertInfo;
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.profile.EProfileException;
@@ -33,6 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
+import netscape.security.extensions.InhibitAnyPolicyExtension;
+import netscape.security.util.BigInt;
+import netscape.security.x509.X509CertInfo;
+
 /**
  * This class implements an inhibit Any-Policy extension
  *
@@ -157,10 +158,10 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(InhibitAnyPolicyExtension.OID, ext, info);
-        } catch (EProfileException e) {
+        } catch (Exception e) {
             CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString());
             throw new EPropertyException(CMS.getUserMessage(
-                        locale, "CMS_INVALID_PROPERTY", name));
+                        locale, "CMS_INVALID_PROPERTY", name), e);
         }
     }
 
@@ -246,7 +247,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
 
         String str = getConfig(CONFIG_SKIP_CERTS);
         if (str == null || str.equals("")) {
-            ext = new InhibitAnyPolicyExtension();
+            try {
+                ext = new InhibitAnyPolicyExtension();
+            } catch (IOException e) {
+                throw new EProfileException(e);
+            }
             ext.setCritical(critical);
         } else {
             BigInt val = null;
diff --git a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java
index 40b824fa4..87c19f384 100644
--- a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java
+++ b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java
@@ -61,11 +61,11 @@ public class InhibitAnyPolicyExtension
         }
     }
 
-    public InhibitAnyPolicyExtension() {
+    public InhibitAnyPolicyExtension() throws IOException {
         this(false, null);
     }
 
-    public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) {
+    public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) throws IOException {
         try {
             extensionId = ObjectIdentifier.getObjectIdentifier(OID);
         } catch (IOException e) {
@@ -170,11 +170,13 @@ public class InhibitAnyPolicyExtension
         }
     }
 
-    private void encodeExtValue() {
+    private void encodeExtValue() throws IOException {
         DerOutputStream out = new DerOutputStream();
         try {
             out.putInteger(mSkipCerts);
         } catch (IOException e) {
+        } finally {
+            out.close();
         }
         extensionValue = out.toByteArray();
     }