Merge pull request #1099 from lixar/safety-checks

Added safety checks for OSStatus value returned by SecXXX functions

AFNetworking/AFURLConnectionOperation.m

@@ -233,19 +233,23 @@ static BOOL AFSecKeyIsEqualToKey(SecKeyRef key1, SecKeyRef key2) {
             SecTrustRef allowedTrust = NULL;
             OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &allowedTrust);
             NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
-            
+            if (status == errSecSuccess && allowedTrust) {
                 SecTrustResultType result = 0;
                 status = SecTrustEvaluate(allowedTrust, &result);
                 NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-            
+                if (status == errSecSuccess) {
                     SecKeyRef allowedPublicKey = SecTrustCopyPublicKey(allowedTrust);
                     NSParameterAssert(allowedPublicKey);
+                    if (allowedPublicKey) {
                         [publicKeys addObject:(__bridge_transfer id)allowedPublicKey];
+                    }
+                }
+            }
           
-            CFRelease(allowedTrust);
+            if (allowedTrust) CFRelease(allowedTrust);
-            CFRelease(policy);
+            if (policy) CFRelease(policy);
-            CFRelease(certificates);
+            if (certificates) CFRelease(certificates);
-            CFRelease(allowedCertificate);
+            if (allowedCertificate) CFRelease(allowedCertificate);
         }
         
         _pinnedPublicKeys = [[NSArray alloc] initWithArray:publicKeys];
@@ -594,15 +598,17 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
                 
                 OSStatus status = SecTrustCreateWithCertificates(certificates, policy, &trust);
                 NSAssert(status == errSecSuccess, @"SecTrustCreateWithCertificates error: %ld", (long int)status);
-                
+                if (status == errSecSuccess && trust) {
                     SecTrustResultType result;
                     status = SecTrustEvaluate(trust, &result);
                     NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
-                
+                    if (status == errSecSuccess) {
                         [trustChain addObject:(__bridge_transfer id)SecTrustCopyPublicKey(trust)];
+                    }
+                }
               
-                CFRelease(trust);
+                if (trust) CFRelease(trust);
-                CFRelease(certificates);
+                if (certificates) CFRelease(certificates);
             }
         }
         
@@ -646,7 +652,7 @@ willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challe
                     OSStatus status = SecTrustEvaluate(serverTrust, &result);
                     NSAssert(status == errSecSuccess, @"SecTrustEvaluate error: %ld", (long int)status);
                     
-                    if (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed) {
+                    if (status == errSecSuccess && (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed)) {
                         NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
                         [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
                     } else {