From ff469287c5a95286d96ded30b4feaa5f57b5c9f7 Mon Sep 17 00:00:00 2001 From: MaxPatri Date: Fri, 26 Sep 2025 13:24:23 +0300 Subject: [PATCH 1/3] KeyInfoX509Data: dispose X509Chain --- .../Cryptography/Xml/KeyInfoX509Data.cs | 89 +++++++++++-------- 1 file changed, 52 insertions(+), 37 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs index 4f98d32cbd0c33..1b4401dc2cbf7b 100644 --- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs +++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs @@ -54,47 +54,62 @@ public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection elements; X509Chain chain; - switch (includeOption) + try { - case X509IncludeOption.ExcludeRoot: - // Build the certificate chain - chain = new X509Chain(); - chain.Build(certificate); - - // Can't honor the option if we only have a partial chain. - if ((chain.ChainStatus.Length > 0) && - ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) - { - throw new CryptographicException(SR.Cryptography_Partial_Chain); - } - - elements = (X509ChainElementCollection)chain.ChainElements; - for (int index = 0; index < (Utils.IsSelfSigned(chain) ? 1 : elements.Count - 1); index++) - { - AddCertificate(elements[index].Certificate); - } - break; - case X509IncludeOption.EndCertOnly: - AddCertificate(certificate); - break; - case X509IncludeOption.WholeChain: - // Build the certificate chain - chain = new X509Chain(); - chain.Build(certificate); - - // Can't honor the option if we only have a partial chain. - if ((chain.ChainStatus.Length > 0) && - ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) + switch (includeOption) + { + case X509IncludeOption.ExcludeRoot: + // Build the certificate chain + chain = new X509Chain(); + chain.Build(certificate); + + // Can't honor the option if we only have a partial chain. + if ((chain.ChainStatus.Length > 0) && + ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) + { + throw new CryptographicException(SR.Cryptography_Partial_Chain); + } + + elements = (X509ChainElementCollection)chain.ChainElements; + for (int index = 0; index < (Utils.IsSelfSigned(chain) ? 1 : elements.Count - 1); index++) + { + AddCertificate(elements[index].Certificate); + } + break; + case X509IncludeOption.EndCertOnly: + AddCertificate(certificate); + break; + case X509IncludeOption.WholeChain: + // Build the certificate chain + chain = new X509Chain(); + chain.Build(certificate); + + // Can't honor the option if we only have a partial chain. + if ((chain.ChainStatus.Length > 0) && + ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) + { + throw new CryptographicException(SR.Cryptography_Partial_Chain); + } + + elements = (X509ChainElementCollection)chain.ChainElements; + foreach (X509ChainElement element in elements) + { + AddCertificate(element.Certificate); + } + break; + } + } + finally + { + if (chain != null) + { + for (int i = 0; i < chain.ChainElements.Count; i++) { - throw new CryptographicException(SR.Cryptography_Partial_Chain); + chain.ChainElements[i].Certificate.Dispose(); } - elements = (X509ChainElementCollection)chain.ChainElements; - foreach (X509ChainElement element in elements) - { - AddCertificate(element.Certificate); - } - break; + chain.Dispose(); + } } } From 9e1c83a8a2c92a59849704105ba8a823554bd5e5 Mon Sep 17 00:00:00 2001 From: MaxPatri Date: Fri, 26 Sep 2025 14:06:31 +0300 Subject: [PATCH 2/3] Initialize chain variable --- .../src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs index 1b4401dc2cbf7b..3ecb7df66d8822 100644 --- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs +++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs @@ -53,7 +53,7 @@ public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection elements; - X509Chain chain; + X509Chain chain = null; try { switch (includeOption) From cc058a0c7fc9c343c90de769cf8d19f7b6924f77 Mon Sep 17 00:00:00 2001 From: MaxPatri Date: Mon, 29 Sep 2025 13:14:05 +0300 Subject: [PATCH 3/3] Fix nullable error, remove certificates disposing --- .../System/Security/Cryptography/Xml/KeyInfoX509Data.cs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs index 3ecb7df66d8822..82edf1a0f701c7 100644 --- a/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs +++ b/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfoX509Data.cs @@ -53,7 +53,7 @@ public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection elements; - X509Chain chain = null; + X509Chain? chain = null; try { switch (includeOption) @@ -103,11 +103,6 @@ public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) { if (chain != null) { - for (int i = 0; i < chain.ChainElements.Count; i++) - { - chain.ChainElements[i].Certificate.Dispose(); - } - chain.Dispose(); } }