You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Internally at Orijtech Inc, while doing security audits and supply chain analyses for the Cosmos security team, we've found a bunch of leaking resources in a couple of packages
golang.org/x/crypto/openpgp/packet/compressed.go:98:3: leaking resource created on line 91
golang.org/x/crypto/openpgp/packet/literal.go:75:3: leaking resource created on line 68
golang.org/x/crypto/openpgp/packet/literal.go:79:3: leaking resource created on line 68
golang.org/x/crypto/openpgp/packet/literal.go:84:3: leaking resource created on line 68
golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go:268:3: leaking resource created on line 261
golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go:276:3: leaking resource created on line 261
golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go:281:3: leaking resource created on line 261
golang.org/x/crypto/openpgp/clearsign/clearsign.go:315:4: leaking resource created on line 300
and this problem exists due to the lack of finesse in defers and in using named error returns that can be used to close values.
Thank you for chiming in @dmitshur and @cagedmantis! I wouldn't close this issue though as though are more of security fixes than bug fixes, or at least we can fly them as security fixes.
odeke-em
added a commit
to orijtech/crypto
that referenced
this issue
Jun 28, 2022
Internally at Orijtech Inc, while doing security audits and supply chain analyses for the Cosmos security team, we've found a bunch of leaking resources in a couple of packages
and this problem exists due to the lack of finesse in defers and in using named error returns that can be used to close values.
/cc to my colleagues @willpoint @elias-orijtech @kirbyquerby
The text was updated successfully, but these errors were encountered: