diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-11-03 02:46:30 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-11-04 00:02:04 +0100 |
commit | 2df13e14e79d048deb5865ad7752dd4a1300b195 (patch) | |
tree | ee71678b8ea6189da5bbb471a4d64d0dab12ae94 | |
parent | f570bc4d54af59eb9cbb29f672c2b7219e03f616 (diff) | |
download | pki-2df13e14e79d048deb5865ad7752dd4a1300b195.tar.gz pki-2df13e14e79d048deb5865ad7752dd4a1300b195.tar.xz pki-2df13e14e79d048deb5865ad7752dd4a1300b195.zip |
Fixed resource leak in InhibitAnyPolicyExtension.
The InhibitAnyPolicyExtension has been modified to always close
the DerOutputStream instance.
The InhibitAnyPolicyExtDefault has been modified to wrap the
original exception.
https://fedorahosted.org/pki/ticket/2530
-rw-r--r-- | base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java | 19 | ||||
-rw-r--r-- | base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java | 8 |
2 files changed, 17 insertions, 10 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java index 2c176593a..bf9d0d5d5 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java @@ -17,13 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.profile.def; +import java.io.IOException; import java.math.BigInteger; import java.util.Locale; -import netscape.security.extensions.InhibitAnyPolicyExtension; -import netscape.security.util.BigInt; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.profile.EProfileException; @@ -33,6 +30,10 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; +import netscape.security.extensions.InhibitAnyPolicyExtension; +import netscape.security.util.BigInt; +import netscape.security.x509.X509CertInfo; + /** * This class implements an inhibit Any-Policy extension * @@ -157,10 +158,10 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { locale, "CMS_INVALID_PROPERTY", name)); } replaceExtension(InhibitAnyPolicyExtension.OID, ext, info); - } catch (EProfileException e) { + } catch (Exception e) { CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString()); throw new EPropertyException(CMS.getUserMessage( - locale, "CMS_INVALID_PROPERTY", name)); + locale, "CMS_INVALID_PROPERTY", name), e); } } @@ -246,7 +247,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault { String str = getConfig(CONFIG_SKIP_CERTS); if (str == null || str.equals("")) { - ext = new InhibitAnyPolicyExtension(); + try { + ext = new InhibitAnyPolicyExtension(); + } catch (IOException e) { + throw new EProfileException(e); + } ext.setCritical(critical); } else { BigInt val = null; diff --git a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java index 40b824fa4..87c19f384 100644 --- a/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java +++ b/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java @@ -61,11 +61,11 @@ public class InhibitAnyPolicyExtension } } - public InhibitAnyPolicyExtension() { + public InhibitAnyPolicyExtension() throws IOException { this(false, null); } - public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) { + public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) throws IOException { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); } catch (IOException e) { @@ -170,11 +170,13 @@ public class InhibitAnyPolicyExtension } } - private void encodeExtValue() { + private void encodeExtValue() throws IOException { DerOutputStream out = new DerOutputStream(); try { out.putInteger(mSkipCerts); } catch (IOException e) { + } finally { + out.close(); } extensionValue = out.toByteArray(); } |