evie/AFNetworking
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1099 from lixar/safety-checks

Browse source 
Added safety checks for OSStatus value returned by SecXXX functions
This commit is contained in:
Mattt Thompson 2013-07-17 10:16:27 -07:00
commit 251ce98caa
1 changed files with 29 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
AFNetworking/AFURLConnectionOperation.m
View file

@ -233,19 +233,23 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) {
SecTrustRef allowedTrust = NULL;
OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &allowedTrust);
NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
SecTrustResultType result = 0;
status = SecTrustEvaluate(allowedTrust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust);
NSParameterAssert(allowedPublicKey);
[publicKeys addObject:(__bridge_transfer id)allowedPublicKey];
CFRelease(allowedTrust);
CFRelease(policy);
CFRelease(certificates);
CFRelease(allowedCertificate);
if (status == errSecSuccess && allowedTrust) {
SecTrustResultType result = 0;
status = SecTrustEvaluate(allowedTrust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
if (status == errSecSuccess) {
SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust);
NSParameterAssert(allowedPublicKey);
if (allowedPublicKey) {
[publicKeys addObject:(__bridge_transfer id)allowedPublicKey];
}
}
}
if (allowedTrust) CFRelease(allowedTrust);
if (policy) CFRelease(policy);
if (certificates) CFRelease(certificates);
if (allowedCertificate) CFRelease(allowedCertificate);
}
_pinnedPublicKeys = [[NSArray alloc] initWithArray:publicKeys];
@ -594,15 +598,17 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
SecTrustResultType result;
status = SecTrustEvaluate(trust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
[trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)];
CFRelease(trust);
CFRelease(certificates);
if (status == errSecSuccess && trust) {
SecTrustResultType result;
status = SecTrustEvaluate(trust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
if (status == errSecSuccess) {
[trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)];
}
}
if (trust) CFRelease(trust);
if (certificates) CFRelease(certificates);
}
}
@ -646,7 +652,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
OSStatus status = SecTrustEvaluate(serverTrust, &result);
NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
if (status == errSecSuccess && (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed)) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
} else {