Merge pull request #530 from Zha0Chan/main

ionut-arm · web-flow · commit 75e98791c52c · 2024-06-10T10:38:23.000+01:00
Fix start_auth_session resource leak
diff --git a/tss-esapi/src/abstraction/ak.rs b/tss-esapi/src/abstraction/ak.rs
@@ -122,11 +122,16 @@ pub fn load_ak(
         .with_decrypt(true)
         .with_encrypt(true)
         .build();
-    context.tr_sess_set_attributes(
-        policy_auth_session,
-        session_attributes,
-        session_attributes_mask,
-    )?;
+    context
+        .tr_sess_set_attributes(
+            policy_auth_session,
+            session_attributes,
+            session_attributes_mask,
+        )
+        .or_else(|e| {
+            context.flush_context(SessionHandle::from(policy_auth_session).into())?;
+            Err(e)
+        })?;
 
     let key_handle = context.execute_with_temporary_object(
         SessionHandle::from(policy_auth_session).into(),
@@ -182,11 +187,16 @@ pub fn create_ak<IKC: IntoKeyCustomization>(
         .with_decrypt(true)
         .with_encrypt(true)
         .build();
-    context.tr_sess_set_attributes(
-        policy_auth_session,
-        session_attributes,
-        session_attributes_mask,
-    )?;
+    context
+        .tr_sess_set_attributes(
+            policy_auth_session,
+            session_attributes,
+            session_attributes_mask,
+        )
+        .or_else(|e| {
+            context.flush_context(SessionHandle::from(policy_auth_session).into())?;
+            Err(e)
+        })?;
 
     context.execute_with_temporary_object(
         SessionHandle::from(policy_auth_session).into(),
diff --git a/tss-esapi/src/context.rs b/tss-esapi/src/context.rs
@@ -305,7 +305,11 @@ impl Context {
             .with_decrypt(true)
             .with_encrypt(true)
             .build();
-        self.tr_sess_set_attributes(auth_session, session_attributes, session_attributes_mask)?;
+        self.tr_sess_set_attributes(auth_session, session_attributes, session_attributes_mask)
+            .or_else(|e| {
+                self.flush_context(SessionHandle::from(auth_session).into())?;
+                Err(e)
+            })?;
 
         let res = self.execute_with_session(Some(auth_session), f);
 
