Fix memory leaks in CertificateManager by improving certificate disposal patterns #63321
+45
−32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Greetings human! You've submitted a PR that modifies code that is shared with https://github.com/dotnet/runtime . Please make sure you synchronize this code with the changes in that repo! |
…9Certificate2 Co-authored-by: danmoseley <6385855+danmoseley@users.noreply.github.com>
Copilot finished work on behalf of
danmoseley
August 18, 2025 23:40
danmoseley
reviewed
Aug 19, 2025
…te method Co-authored-by: danmoseley <6385855+danmoseley@users.noreply.github.com>
Copilot finished work on behalf of
danmoseley
August 19, 2025 00:20
danmoseley
approved these changes
Aug 19, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a memory leak in the ImportCertificate method by adding proper disposal of X509Certificate2 objects in all code paths. The changes ensure that certificate resources are cleaned up whether the method succeeds, fails validation, or encounters exceptions.
Key Changes
- Added proper disposal on validation failure and save failure scenarios
- Added disposal after successful completion
- Added disposal in exception handling for certificate loading failures
- Updated
SaveCertificateusage to match established patterns in the codebase
Copilot finished work on behalf of
danmoseley
August 19, 2025 21:06
Copilot finished work on behalf of
BrennanConroy
August 19, 2025 21:23
Copilot finished work on behalf of
danmoseley
August 19, 2025 22:53
…sal issues in EnsureAspNetCoreHttpsDevelopmentCertificate Co-authored-by: BrennanConroy <7574801+BrennanConroy@users.noreply.github.com>
Copilot finished work on behalf of
BrennanConroy
August 19, 2025 23:16
danmoseley
approved these changes
Aug 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixed memory leaks in the
CertificateManagerclass whereX509Certificate2objects were not being properly disposed in several code paths, as identified by static analysis.Issues Fixed
ImportCertificate method:
SaveCertificatethrew an exceptionEnsureAspNetCoreHttpsDevelopmentCertificate method:
Changes Made
Refactored ImportCertificate to use try-finally pattern: Replaced scattered disposal calls with a cleaner, more robust try-finally pattern that ensures the certificate is always disposed regardless of the exit path.
Fixed SaveCertificate usage pattern: Updated to assign the return value of
SaveCertificateback to the certificate variable, matching the pattern used elsewhere in the codebase.Added certificate disposal in EnsureAspNetCoreHttpsDevelopmentCertificate: Added proper certificate disposal before early returns in error cases for SaveCertificate, ExportCertificate, and TrustCertificate operations.
Verification
The fix ensures proper resource cleanup in all code paths while maintaining existing functionality and following established patterns in the codebase.
Fixes #59538
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.