libtom/libtommath

s_read_wincsp leaks handle

Closed this issue · 2 comments

mabuchner commented

The s_read_wincsp function calls CryptAcquireContextW

libtommath/s_mp_rand_platform.c

Line 38 in 2cec6ad

if (!CryptAcquireContextW(&h, NULL, MS_DEF_PROV_W, PROV_RSA_FULL,

but the corresponding CryptReleaseContext function is never called.

Hence, the handle is never released and leaks.

mabuchner commented

tommatch v1.1.0 was still calling CryptReleaseContext at application exit

https://github.com/libtom/libtommath/blob/v1.1.0/bn_mp_rand.c#L57

sjaeckel commented

16ff016 shows the reasoning behind this change.

IMO that's a valid change, even though one could argue that it's not clean as some sanitizers could complain about leaking it... but on the other hand it's a Windows-only problem, so who cares ;)