configd-1061.40.2.tar.gz

diff --git a/Plugins/IPMonitor/nat64-configuration.c b/Plugins/IPMonitor/nat64-configuration.c
index 02e6160b6071723370d329be36e878590cb88f4a..b44479f44cf5b34e869e16ddc3af5fb3c72a3074 100644 (file)
--- a/Plugins/IPMonitor/nat64-configuration.c
+++ b/Plugins/IPMonitor/nat64-configuration.c
@@ -397,7 +397,7 @@ NAT64PrefixRequestStart(NAT64PrefixRequestRef request)
        };
        start_time = CFAbsoluteTimeGetCurrent();
        handler = ^(int32_t num_prefixes, nw_nat64_prefix_t *prefixes) {
-               Boolean set_prefix_failed = FALSE;
+               Boolean remove_resolver = FALSE;
 
                if (!NAT64PrefixRequestFlagsIsSet(request,
                                                  kRequestFlagsValid)) {
@@ -407,10 +407,9 @@ NAT64PrefixRequestStart(NAT64PrefixRequestRef request)
                }
                if (prefixes != NULL) {
                        /* set prefixes on the interface */
-                       if (!_nat64_prefix_set(request->if_name,
-                                              num_prefixes, prefixes)) {
-                               set_prefix_failed = TRUE;
-                       }
+                       _nat64_prefix_set(request->if_name,
+                                         num_prefixes, prefixes);
+                       remove_resolver = TRUE;
                } else {
                        SC_log(LOG_ERR, "%s: NAT64 no prefixes",
                               request->if_name);
@@ -419,10 +418,10 @@ NAT64PrefixRequestStart(NAT64PrefixRequestRef request)
                                   num_prefixes, prefixes, start_time);
 #if TEST_NAT64_CONFIGURATION
                if (G_set_prefixes_force_failure) {
-                       set_prefix_failed = TRUE;
+                       remove_resolver = TRUE;
                }
 #endif /* TEST_NAT64_CONFIGURATION */
-               if (set_prefix_failed) {
+               if (remove_resolver) {
                        /* remove resolver */
                        NAT64PrefixRequestInvalidate(request);
                        NAT64PrefixRequestRelease(request);

diff --git a/config-agent-info/config_agent_info.c b/config-agent-info/config_agent_info.c
index 4a6462e3ad2a2e2f5d55131c4f26a5775bdc1bfc..3cb9963e4e941f7ee2b3b4c8469529a23833c5a1 100644 (file)
--- a/config-agent-info/config_agent_info.c
+++ b/config-agent-info/config_agent_info.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (c) 2015-2017, 2019 Apple Inc. All rights reserved.
  *
  * @APPLE_LICENSE_HEADER_START@
  *
@@ -36,8 +36,9 @@ get_agent_uuid_if_OOB_data_required(xpc_object_t info, uuid_t uuid)
        if (xpc_get_type(info) == XPC_TYPE_ARRAY) {
                xpc_array_apply(info, ^bool(size_t index, xpc_object_t value) {
 #pragma unused(index)
-                       if (value && xpc_get_type(value) == XPC_TYPE_DICTIONARY) {
-                               agent_uuid = xpc_dictionary_get_value(info,
+                       if ((value != NULL) &&
+                           (xpc_get_type(value) == XPC_TYPE_DICTIONARY)) {
+                               agent_uuid = xpc_dictionary_get_value(value,
                                                                      kConfigAgentOutOfBandDataUUID);
                                if (agent_uuid != NULL) {
                                        return false;
@@ -50,7 +51,9 @@ get_agent_uuid_if_OOB_data_required(xpc_object_t info, uuid_t uuid)
                                                      kConfigAgentOutOfBandDataUUID);
        }
 
-       if (agent_uuid != NULL) {
+       if ((agent_uuid != NULL) &&
+           (xpc_get_type(agent_uuid) == XPC_TYPE_DATA) &&
+           (xpc_data_get_length(agent_uuid) >= sizeof(uuid_t))) {
                const void *bytes = xpc_data_get_bytes_ptr(agent_uuid);
                uuid_copy(uuid, bytes);
        } else {
@@ -152,7 +155,8 @@ done:
 xpc_object_t
 config_agent_get_dns_nameservers(xpc_object_t resolver)
 {
-       if (resolver == NULL) {
+       if ((resolver == NULL) ||
+           (xpc_get_type(resolver) != XPC_TYPE_DICTIONARY)) {
                return NULL;
        }
 
@@ -162,7 +166,8 @@ config_agent_get_dns_nameservers(xpc_object_t resolver)
 xpc_object_t
 config_agent_get_dns_searchdomains(xpc_object_t resolver)
 {
-       if (resolver == NULL) {
+       if ((resolver == NULL) ||
+           (xpc_get_type(resolver) != XPC_TYPE_DICTIONARY)) {
                return NULL;
        }
 

diff --git a/sctest/sctest-entitlements.plist b/sctest/sctest-entitlements.plist
index c07263dbf8eecef2e20bd98cc2d50568dfd6c382..003ed659eabbb6be24c4a2a4fd43fba638954e7b 100644 (file)
--- a/sctest/sctest-entitlements.plist
+++ b/sctest/sctest-entitlements.plist
@@ -6,6 +6,8 @@
        <true/>
        <key>com.apple.private.necp.policies</key>
        <true/>
+       <key>com.apple.security.network.client</key>
+       <true/>
        <key>com.apple.SystemConfiguration.SCPreferences-write-access</key>
        <array>
                <string>SCTestPreferences.plist</string>

diff --git a/scutil.tproj/entitlements.plist b/scutil.tproj/entitlements.plist
index 8fc744249fa24e49de2e9ecd9420d58fdb01c85b..ef8e0abbd0178a9a7096d1fe8086556e6d40491d 100644 (file)
--- a/scutil.tproj/entitlements.plist
+++ b/scutil.tproj/entitlements.plist
@@ -4,5 +4,7 @@
 <dict>
        <key>com.apple.private.networkextension.configuration</key>
        <true/>
+       <key>com.apple.security.network.client</key>
+       <true/>
 </dict>
 </plist>