Fix "invalid handle" failure in X509Cert's copy ctor on macOS

stephentoub · stephentoub · commit 8f86fedc05d3 · 2017-05-21T10:47:42.000-04:00
The certificate being copied from could be eligible for collection after its raw IntPtr handle is accessed but before the copy ctor actually gets around to reading from it, leading to use after free and recycling problems.  The fix is simply to ensure the other certificate can't be collected until after we're done using the raw handle.
diff --git a/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/CertificatePal.cs b/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.OSX/CertificatePal.cs
@@ -59,7 +59,9 @@ public static ICertificatePal FromOtherCert(X509Certificate cert)
         {
             Debug.Assert(cert.Pal != null);
 
-            return FromHandle(cert.Handle);
+            ICertificatePal pal = FromHandle(cert.Handle);
+            GC.KeepAlive(cert); // ensure cert's safe handle isn't finalized while raw handle is in use
+            return pal;
         }
 
         public static ICertificatePal FromBlob(

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,9 @@ public static ICertificatePal FromOtherCert(X509Certificate cert)`
`59`	`59`	`{`
`60`	`60`	`Debug.Assert(cert.Pal != null);`
`61`	`61`
`62`		`- return FromHandle(cert.Handle);`
	`62`	`+ ICertificatePal pal = FromHandle(cert.Handle);`
	`63`	`+ GC.KeepAlive(cert); // ensure cert's safe handle isn't finalized while raw handle is in use`
	`64`	`+ return pal;`
`63`	`65`	`}`
`64`	`66`
`65`	`67`	`public static ICertificatePal FromBlob(`