On Wed, 15 Apr 2026 15:01:50 GMT, Matthias Baesken <[email protected]> wrote:
>> Seems there is a call to SecIdentityCopyPrivateKey where we miss calling >> CFRelease in early returns/failure cases; same for SecIdentityCopyPrivateKey >> . >> >> See the Apple documentation >> https://developer.apple.com/documentation/security/secidentitycopyprivatekey(_:_:) >> >> Also for >> https://developer.apple.com/documentation/security/secidentitycopycertificate(_:_:) >> >> --------- >> - [x] I confirm that I make this contribution in accordance with the >> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai). > > Matthias Baesken has updated the pull request incrementally with one > additional commit since the last revision: > > Add a CFRetain after CFArrayGetValueAtIndex in addIdentitiesToKeystore This function calls 3 `Copy` functions. We already took care of outputs from `SecIdentityCopyCertificate` and `SecIdentityCopyPrivateKey`, what about `SecIdentitySearchCopyNext` that returns `theIdentity`? It's like the certificate and the private key that each do loop will create one so we cannot just clean it after errOut. ------------- PR Comment: https://git.openjdk.org/jdk/pull/29821#issuecomment-4262236427
