Michel,

Good catch. I verified that both are indeed memory leaks and that your modifications were appropriate. We will include these modifications in the next SFL patch or release.

Thanks,

Tom Horvath
Principal Security Systems Engineer
_______________________________
BAE SYSTEMS Information Technology
141 National Business Pkwy. Suite 210
Annapolis Junction, MD 20701

tom.horvath <at> baesystems.com
(301) 939-2728

Hello Tom,

I am using SFL 2.5 with visual studio 6.0.

I had to modify SFL sources to fix some memory leaks:

sm_SignBuf.cpp Line 226:

Changed

         if (*pTmpAlg == oidDigestEncryption)
         {
             break;
         }

To

         if (*pTmpAlg == oidDigestEncryption)
         {
             break;
         }
         else
         {
                free(pTmpAlg);
                pTmpAlg = NULL;
         }

sm_free3_RSA.cpp Line 2123

Added

        if (NULL != pszPasswordMAC)
        {
                free(pszPasswordMAC);
                pszPasswordMAC = NULL;
        }

Could you confirm that these modifications are valid?

Thanks,

Michel Kinasz
ImageWare Systems Inc.

The information contained in this transmission contains potentially privileged, export controlled and/or confidential information of Imageware Systems, Inc. or its customers or partners.  It is intended only to be read by the person(s) named above and for no other purpose.  You are hereby notified that any dissemination, distribution, duplication of this communication or use of its contents for any purpose not authorized expressly by Imageware Systems, Inc. is strictly prohibited and could lead to both civil and/or criminal penalties.  If you are not the intended recipient, you are prohibited to review the contents herein and please contact the sender by reply e-mail and destroy all copies of the original message.  To reply to our e-mail administrator directly, please send an e-mail to emailadmin <at> iwsinc.com