Only release a unique pointer after a successful dynamic cast.

Otherwise, a memory leak could occur after an unsuccessful dynamic cast. PiperOrigin-RevId: 705494257 Change-Id: I98fc44b386a51e31cc901e9ff3e6be57828ece72
tink-crypto · Dec 12, 2024 · c9b005d · c9b005d
1 parent 87e0932
commit c9b005d
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/tink/keyderivation/BUILD.bazel b/tink/keyderivation/BUILD.bazel
@@ -116,6 +116,7 @@ cc_library(
         ":key_derivation_key",
         ":prf_based_key_derivation_parameters",
         "//tink:key",
+        "//tink:parameters",
         "//tink:partial_key_access_token",
         "//tink/prf:prf_key",
         "//tink/util:status",

diff --git a/tink/keyderivation/CMakeLists.txt b/tink/keyderivation/CMakeLists.txt
@@ -111,6 +111,7 @@ tink_cc_library(
     absl::status
     absl::optional
     tink::core::key
+    tink::core::parameters
     tink::core::partial_key_access_token
     tink::prf::prf_key
     tink::util::status

diff --git a/tink/keyderivation/prf_based_key_derivation_key.cc b/tink/keyderivation/prf_based_key_derivation_key.cc
@@ -23,6 +23,7 @@
 #include "absl/types/optional.h"
 #include "tink/key.h"
 #include "tink/keyderivation/prf_based_key_derivation_parameters.h"
+#include "tink/parameters.h"
 #include "tink/partial_key_access_token.h"
 #include "tink/prf/prf_key.h"
 #include "tink/util/status.h"
@@ -52,24 +53,27 @@ util::StatusOr<PrfBasedKeyDerivationKey> PrfBasedKeyDerivationKey::Create(
                         "key parameters without ID requirement");
   }
 
+  std::unique_ptr<Parameters> cloned_parameters = parameters.Clone();
   const PrfBasedKeyDerivationParameters* parameters_ptr =
       dynamic_cast<const PrfBasedKeyDerivationParameters*>(
-          parameters.Clone().release());
+          cloned_parameters.get());
   if (parameters_ptr == nullptr) {
     return absl::Status(absl::StatusCode::kInternal,
                         "Unable to clone PRF-based key derivation parameters.");
   }
 
-  const PrfKey* prf_key_ptr =
-      dynamic_cast<const PrfKey*>(prf_key.Clone().release());
+  std::unique_ptr<Key> cloned_prf_key = prf_key.Clone();
+  const PrfKey* prf_key_ptr = dynamic_cast<const PrfKey*>(cloned_prf_key.get());
   if (prf_key_ptr == nullptr) {
     return absl::Status(absl::StatusCode::kInternal,
                         "Unable to clone PRF key.");
   }
 
-  return PrfBasedKeyDerivationKey(absl::WrapUnique(parameters_ptr),
-                                  absl::WrapUnique(prf_key_ptr),
-                                  id_requirement);
+  return PrfBasedKeyDerivationKey(
+      absl::WrapUnique(dynamic_cast<const PrfBasedKeyDerivationParameters*>(
+          cloned_parameters.release())),
+      absl::WrapUnique(dynamic_cast<const PrfKey*>(cloned_prf_key.release())),
+      id_requirement);
 }
 
 bool PrfBasedKeyDerivationKey::operator==(const Key& other) const {

diff --git a/tink/keyderivation/prf_based_key_derivation_parameters.cc b/tink/keyderivation/prf_based_key_derivation_parameters.cc
@@ -55,14 +55,16 @@ PrfBasedKeyDerivationParameters::Builder::Build() {
   }
 
   const PrfParameters* prf_params =
-      dynamic_cast<const PrfParameters*>(prf_parameters_.release());
+      dynamic_cast<const PrfParameters*>(prf_parameters_.get());
   if (prf_params == nullptr) {
     return absl::Status(absl::StatusCode::kInvalidArgument,
                         "PRF parameters cannot be set to non-PRF parameters.");
   }
 
-  return PrfBasedKeyDerivationParameters(absl::WrapUnique(prf_params),
-                                         std::move(derived_key_parameters_));
+  return PrfBasedKeyDerivationParameters(
+      absl::WrapUnique(
+          dynamic_cast<const PrfParameters*>(prf_parameters_.release())),
+      std::move(derived_key_parameters_));
 }
 
 bool PrfBasedKeyDerivationParameters::operator==(