Ignore:
Timestamp:
May 31, 2015, 5:38:47 PM (4 years ago)
Author:
cal@…
Message:

certsync: Avoid segfault in absence of kSecTrustSettingsResult, closes #47906

Root certificates apparently sometimes do not have a kSecTrustSettingsResult,
and the absence should be treated as kSecTrustSettingsResultTrustRoot. This
change implements that.

Additionally, this silences a few warnings emitted by clang about functions
that are never NULL (at least not on the platform you're compiling for). Since
these checks are required for other platforms, employ the address-of operator
as suggested by clang to turn off the warning.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/dports/security/certsync/files/certsync.m

    r124891 r136958  
    108108 */
    109109static BOOL GetCertSubject(SecCertificateRef cert, CFStringRef *subject, NSError **subjectError) {
    110     if (SecCertificateCopyShortDescription != NULL /* 10.7 */) {
     110    if (&SecCertificateCopyShortDescription != NULL /* 10.7 */) {
    111111        *subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, cert, (CFErrorRef *) subjectError));
    112112        return YES;
    113113    }
    114114
    115     if (SecCertificateCopySubjectSummary   != NULL /* 10.6 */) {
     115    if (&SecCertificateCopySubjectSummary   != NULL /* 10.6 */) {
    116116        *subject = PLCFAutorelease(SecCertificateCopySubjectSummary(cert));
    117117        return YES;
    118118    }
    119119
    120     if (SecCertificateCopyCommonName       != NULL /* 10.5 */) {
     120    if (&SecCertificateCopyCommonName       != NULL /* 10.5 */) {
    121121        OSStatus err;
    122122        if ((err = SecCertificateCopyCommonName(cert, subject)) == errSecSuccess && *subject != NULL) {
     
    159159        {
    160160                SecPolicyRef policy;
    161                 if (SecPolicyCreateBasicX509 != NULL) /* >= 10.6 */ {
     161                if (&SecPolicyCreateBasicX509 != NULL) /* >= 10.6 */ {
    162162                        policy = SecPolicyCreateBasicX509();
    163163                } else /* < 10.6 */ {
     
    266266
    267267    /* Mac OS X >= 10.5 provides SecTrustSettingsCopyCertificates() */
    268     if (SecTrustSettingsCopyCertificates != NULL) {
     268    if (&SecTrustSettingsCopyCertificates != NULL) {
    269269        /* Fetch all certificates in the given domain */
    270270        err = SecTrustSettingsCopyCertificates(domain, &certs);
     
    317317
    318318                    settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
    319                     CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
     319                    if (settingsResultNum == nil) {
     320                        /* "If this key is not present, a default value of kSecTrustSettingsResultTrustRoot is assumed." */
     321                        settingsResult = kSecTrustSettingsResultTrustRoot;
     322                    } else {
     323                        CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
     324                    }
    320325
    321326                    /* If a root, add to the result set */
     
    404409         * ValidateSystemTrust to use the user's keychain */
    405410        if ((err = SecKeychainSetPreferenceDomain(kSecPreferencesDomainUser)) != errSecSuccess) {
    406             if (SecCopyErrorMessageString != NULL) {
     411            if (&SecCopyErrorMessageString != NULL) {
    407412                /* >= 10.5 */
    408413                CFStringRef errMsg = PLCFAutorelease(SecCopyErrorMessageString(err, NULL));
     
    430435    /* Causes ValidateSystemTrust to ignore the user's keychain */
    431436    if ((err = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem)) != errSecSuccess) {
    432         if (SecCopyErrorMessageString != NULL) {
     437        if (&SecCopyErrorMessageString != NULL) {
    433438            /* >= 10.5 */
    434439            CFStringRef errMsg = PLCFAutorelease(SecCopyErrorMessageString(err, NULL));
     
    485490    /* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
    486491    nsfprintf(stderr, @"Exporting certificates from the keychain\n");
    487     if (SecItemExport != NULL) {
     492    if (&SecItemExport != NULL) {
    488493        err = SecItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
    489494    } else {
Note: See TracChangeset for help on using the changeset viewer.