Security-59306.140.5.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / SecKeychainSearch.cpp

diff --git a/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp b/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp
index 68eb54a078dd8f2a512184ab017e9bf5eace593a..5e94b58c025fe34c690845f3869e06ee382619e7 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp
+++ b/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2004,2011-2015 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2000-2004,2011-2016 Apple Inc. All Rights Reserved.
  *
  * @APPLE_LICENSE_HEADER_START@
  *
@@ -29,6 +29,7 @@
 #include <security_keychain/Item.h>
 #include <security_cdsa_utilities/Schema.h>
 #include <syslog.h>
+#include <os/activity.h>
 
 #include "SecBridge.h"
 
@@ -47,6 +48,9 @@ OSStatus
 SecKeychainSearchCreateFromAttributes(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecKeychainSearchCreateFromAttributes", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
        Required(searchRef);
 
@@ -63,6 +67,9 @@ OSStatus
 SecKeychainSearchCreateFromAttributesExtended(CFTypeRef keychainOrArray, SecItemClass itemClass, const SecKeychainAttributeList *attrList, CSSM_DB_CONJUNCTIVE dbConjunctive, CSSM_DB_OPERATOR dbOperator, SecKeychainSearchRef *searchRef)
 {
     BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecKeychainSearchCreateFromAttributesExtended", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
        Required(searchRef); // Make sure that searchRef is an invalid SearchRef
 
@@ -80,7 +87,10 @@ SecKeychainSearchCreateFromAttributesExtended(CFTypeRef keychainOrArray, SecItem
 OSStatus
 SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *itemRef)
 {
-    BEGIN_SECAPI
+       BEGIN_SECAPI
+    os_activity_t activity = os_activity_create("SecKeychainSearchCopyNext", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT);
+    os_activity_scope(activity);
+    os_release(activity);
 
        RequiredParam(itemRef);
        Item item;
@@ -90,7 +100,6 @@ SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *it
 
        *itemRef=item->handle();
 
-#if SECTRUST_OSX
        bool itemChecked = false;
        do {
                /* see if we should convert outgoing item to a unified SecCertificateRef */
@@ -104,8 +113,10 @@ SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *it
                        }
                        if (!data) {
                                /* zero-length or otherwise bad cert data; skip to next item */
-                               CFRelease(*itemRef);
-                               *itemRef = NULL;
+                               if (*itemRef) {
+                                       CFRelease(*itemRef);
+                                       *itemRef = NULL;
+                               }
                                if (!itemCursor->next(item))
                                        return errSecItemNotFound;
                                *itemRef=item->handle();
@@ -117,13 +128,24 @@ SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *it
                                CFRelease(data);
                        if (tmpRef)
                                CFRelease(tmpRef);
+                       if (NULL == *itemRef) {
+                               /* unable to create unified certificate item; skip to next item */
+                               if (!itemCursor->next(item))
+                                       return errSecItemNotFound;
+                               *itemRef=item->handle();
+                               continue;
+                       }
                        itemChecked = true;
-        }
+               }
                else {
                        itemChecked = true;
                }
        } while (!itemChecked);
-#endif
+
+       if (NULL == *itemRef) {
+               /* never permit a NULL item reference to be returned without an error result */
+               return errSecItemNotFound;
+       }
 
        END_SECAPI
 }