From 02abb706d34e8c8ad6ef96949fe94ef4635e8dd1 Mon Sep 17 00:00:00 2001 From: Sylvain Guillope Date: Thu, 27 Jun 2013 10:45:41 -0400 Subject: [PATCH 1/2] Added return status checks when building list of pinned public keys --- AFNetworking/AFURLConnectionOperation.m | 36 ++++++++++++++----------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/AFNetworking/AFURLConnectionOperation.m b/AFNetworking/AFURLConnectionOperation.m index c5ea309..e371cb3 100644 --- a/AFNetworking/AFURLConnectionOperation.m +++ b/AFNetworking/AFURLConnectionOperation.m @@ -187,13 +187,13 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { @synthesize lock = _lock; + (void)networkRequestThreadEntryPoint:(id)__unused object { - @autoreleasepool { - [[NSThread currentThread] setName:@"AFNetworking"]; + @autoreleasepool { + [[NSThread currentThread] setName:@"AFNetworking"]; NSRunLoop *runLoop = [NSRunLoop currentRunLoop]; [runLoop addPort:[NSMachPort port] forMode:NSDefaultRunLoopMode]; [runLoop run]; - } + } } + (NSThread *)networkRequestThread { @@ -245,19 +245,23 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { SecTrustRef allowedTrust = NULL; OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &allowedTrust); NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status); - - SecTrustResultType result = 0; - status = SecTrustEvaluate(allowedTrust, &result); - NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status); - - SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust); - NSParameterAssert(allowedPublicKey); - [publicKeys addObject:(__bridge_transfer id)allowedPublicKey]; - - CFRelease(allowedTrust); - CFRelease(policy); - CFRelease(certificates); - CFRelease(allowedCertificate); + if (status == errSecSuccess && allowedTrust) { + SecTrustResultType result = 0; + status = SecTrustEvaluate(allowedTrust, &result); + NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status); + if (status == errSecSuccess) { + SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust); + NSParameterAssert(allowedPublicKey); + if (allowedPublicKey) { + [publicKeys addObject:(__bridge_transfer id)allowedPublicKey]; + } + } + } + + if (allowedTrust) CFRelease(allowedTrust); + if (policy) CFRelease(policy); + if (certificates) CFRelease(certificates); + if (allowedCertificate) CFRelease(allowedCertificate); } _pinnedPublicKeys = [[NSArray alloc] initWithArray:publicKeys]; From b60848af941e9d2a8d7c40502224610c61792651 Mon Sep 17 00:00:00 2001 From: Sylvain Guillope Date: Fri, 28 Jun 2013 00:31:37 -0400 Subject: [PATCH 2/2] Added return status checks when handling connection's authentication challenge --- AFNetworking/AFURLConnectionOperation.m | 28 +++++++++++++------------ 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/AFNetworking/AFURLConnectionOperation.m b/AFNetworking/AFURLConnectionOperation.m index e371cb3..51507d2 100644 --- a/AFNetworking/AFURLConnectionOperation.m +++ b/AFNetworking/AFURLConnectionOperation.m @@ -187,13 +187,13 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) { @synthesize lock = _lock; + (void)networkRequestThreadEntryPoint:(id)__unused object { - @autoreleasepool { - [[NSThread currentThread] setName:@"AFNetworking"]; + @autoreleasepool { + [[NSThread currentThread] setName:@"AFNetworking"]; NSRunLoop *runLoop = [NSRunLoop currentRunLoop]; [runLoop addPort:[NSMachPort port] forMode:NSDefaultRunLoopMode]; [runLoop run]; - } + } } + (NSThread *)networkRequestThread { @@ -627,15 +627,17 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust); NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status); - - SecTrustResultType result; - status = SecTrustEvaluate(trust, &result); - NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status); - - [trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)]; - - CFRelease(trust); - CFRelease(certificates); + if (status == errSecSuccess && trust) { + SecTrustResultType result; + status = SecTrustEvaluate(trust, &result); + NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status); + if (status == errSecSuccess) { + [trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)]; + } + } + + if (trust) CFRelease(trust); + if (certificates) CFRelease(certificates); } } @@ -679,7 +681,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe OSStatus status = SecTrustEvaluate(serverTrust, &result); NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status); - if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) { + if (status == errSecSuccess && (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed)) { NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust]; [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge]; } else {