From c9b005def4167e31d4ff0072ac32c14e31ec1be4 Mon Sep 17 00:00:00 2001 From: William Conner Date: Thu, 12 Dec 2024 07:16:48 -0800 Subject: [PATCH] Only release a unique pointer after a successful dynamic cast. Otherwise, a memory leak could occur after an unsuccessful dynamic cast. PiperOrigin-RevId: 705494257 Change-Id: I98fc44b386a51e31cc901e9ff3e6be57828ece72 --- tink/keyderivation/BUILD.bazel | 1 + tink/keyderivation/CMakeLists.txt | 1 + .../prf_based_key_derivation_key.cc | 16 ++++++++++------ .../prf_based_key_derivation_parameters.cc | 8 +++++--- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tink/keyderivation/BUILD.bazel b/tink/keyderivation/BUILD.bazel index ae624ca2..3874c65c 100644 --- a/tink/keyderivation/BUILD.bazel +++ b/tink/keyderivation/BUILD.bazel @@ -116,6 +116,7 @@ cc_library( ":key_derivation_key", ":prf_based_key_derivation_parameters", "//tink:key", + "//tink:parameters", "//tink:partial_key_access_token", "//tink/prf:prf_key", "//tink/util:status", diff --git a/tink/keyderivation/CMakeLists.txt b/tink/keyderivation/CMakeLists.txt index a391e2f2..2978b6db 100644 --- a/tink/keyderivation/CMakeLists.txt +++ b/tink/keyderivation/CMakeLists.txt @@ -111,6 +111,7 @@ tink_cc_library( absl::status absl::optional tink::core::key + tink::core::parameters tink::core::partial_key_access_token tink::prf::prf_key tink::util::status diff --git a/tink/keyderivation/prf_based_key_derivation_key.cc b/tink/keyderivation/prf_based_key_derivation_key.cc index 5a04a4cd..b16b88cc 100644 --- a/tink/keyderivation/prf_based_key_derivation_key.cc +++ b/tink/keyderivation/prf_based_key_derivation_key.cc @@ -23,6 +23,7 @@ #include "absl/types/optional.h" #include "tink/key.h" #include "tink/keyderivation/prf_based_key_derivation_parameters.h" +#include "tink/parameters.h" #include "tink/partial_key_access_token.h" #include "tink/prf/prf_key.h" #include "tink/util/status.h" @@ -52,24 +53,27 @@ util::StatusOr PrfBasedKeyDerivationKey::Create( "key parameters without ID requirement"); } + std::unique_ptr cloned_parameters = parameters.Clone(); const PrfBasedKeyDerivationParameters* parameters_ptr = dynamic_cast( - parameters.Clone().release()); + cloned_parameters.get()); if (parameters_ptr == nullptr) { return absl::Status(absl::StatusCode::kInternal, "Unable to clone PRF-based key derivation parameters."); } - const PrfKey* prf_key_ptr = - dynamic_cast(prf_key.Clone().release()); + std::unique_ptr cloned_prf_key = prf_key.Clone(); + const PrfKey* prf_key_ptr = dynamic_cast(cloned_prf_key.get()); if (prf_key_ptr == nullptr) { return absl::Status(absl::StatusCode::kInternal, "Unable to clone PRF key."); } - return PrfBasedKeyDerivationKey(absl::WrapUnique(parameters_ptr), - absl::WrapUnique(prf_key_ptr), - id_requirement); + return PrfBasedKeyDerivationKey( + absl::WrapUnique(dynamic_cast( + cloned_parameters.release())), + absl::WrapUnique(dynamic_cast(cloned_prf_key.release())), + id_requirement); } bool PrfBasedKeyDerivationKey::operator==(const Key& other) const { diff --git a/tink/keyderivation/prf_based_key_derivation_parameters.cc b/tink/keyderivation/prf_based_key_derivation_parameters.cc index 6f3132b5..a33c8ae4 100644 --- a/tink/keyderivation/prf_based_key_derivation_parameters.cc +++ b/tink/keyderivation/prf_based_key_derivation_parameters.cc @@ -55,14 +55,16 @@ PrfBasedKeyDerivationParameters::Builder::Build() { } const PrfParameters* prf_params = - dynamic_cast(prf_parameters_.release()); + dynamic_cast(prf_parameters_.get()); if (prf_params == nullptr) { return absl::Status(absl::StatusCode::kInvalidArgument, "PRF parameters cannot be set to non-PRF parameters."); } - return PrfBasedKeyDerivationParameters(absl::WrapUnique(prf_params), - std::move(derived_key_parameters_)); + return PrfBasedKeyDerivationParameters( + absl::WrapUnique( + dynamic_cast(prf_parameters_.release())), + std::move(derived_key_parameters_)); } bool PrfBasedKeyDerivationParameters::operator==(