]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.80.4.tar.gz
[apple/security.git] / OSX / libsecurity_cdsa_utilities / lib / cssmaclpod.cpp
diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
index 96a32b50be92e84244148196df97f0483a21adea..e80d72135323cc6f62b73b7462e2d9c59f5da562 100644 (file)
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
@@ -71,12 +71,17 @@ void AuthorizationGroup::destroy(Allocator &alloc)
 {
        alloc.free(AuthTags);
 }
 {
        alloc.free(AuthTags);
 }
-
+       
 bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
 {
        return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
 }
 
 bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
 {
        return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
 }
 
+bool AuthorizationGroup::containsOnly(CSSM_ACL_AUTHORIZATION_TAG tag) const
+{
+       return count() == 1 && (*this)[0] == tag;
+}
+
 
 AuthorizationGroup::operator AclAuthorizationSet() const
 {
 
 AuthorizationGroup::operator AclAuthorizationSet() const
 {
@@ -211,11 +216,12 @@ uint32 pinFromAclTag(const char *tag, const char *suffix /* = NULL */)
        if (tag) {
                char format[20];
                snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
        if (tag) {
                char format[20];
                snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
-               uint32 pin;
-               unsigned consumed;
-               sscanf(tag, format, &pin, &consumed);
-               if (consumed == strlen(tag))    // complete and sufficient
+        uint32 pin = 0;
+        unsigned consumed = 0;
+        // sscanf does not count %n as a filled value so number of read variables should be just 1
+        if (sscanf(tag, format, &pin, &consumed) == 1 && consumed == strlen(tag)) {    // complete and sufficient
                        return pin;
                        return pin;
+        }
        }
        return 0;
 }
        }
        return 0;
 }
mirror of Security