/* Static functions. */
static CFStringRef SecCertificateCopyDescription(CFTypeRef cf) {
SecCertificateRefP certificate = (SecCertificateRefP)cf;
- return CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
+ CFStringRef ret = NULL;
+ CFStringRef subjectSummary = SecCertificateCopySubjectSummaryP(certificate);
+ CFStringRef issuerSummary = SecCertificateCopyIssuerSummaryP(certificate);
+
+ ret = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("<cert(%p) s: %@ i: %@>"), certificate,
- SecCertificateCopySubjectSummaryP(certificate),
- SecCertificateCopyIssuerSummaryP(certificate));
+ subjectSummary,
+ issuerSummary);
+
+ CFReleaseNull(subjectSummary);
+ CFReleaseNull(issuerSummary);
+ return ret;
}
static void SecCertificateDestroy(CFTypeRef cf) {
policy_count++;
}
require_quiet(drtn == DR_EndOfSequence, badDER);
- policies = (SecCEPolicyInformation *)malloc(sizeof(SecCEPolicyInformation)
- * policy_count);
+ DERSize malloc_policies = policy_count > 0 ? policy_count : 1;
+ require_quiet(policies = (SecCEPolicyInformation *)malloc(sizeof(SecCEPolicyInformation)
+ * malloc_policies), badDER);
drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq);
require_noerr_quiet(drtn, badDER);
DERSize policy_ix = 0;
/* Put some upper limit on the number of extentions allowed. */
require_quiet(extensionCount < 10000, badCert);
certificate->_extensionCount = extensionCount;
+ CFIndex mallocCount = extensionCount > 0 ? extensionCount : 1;
certificate->_extensions =
- malloc(sizeof(SecCertificateExtension) * extensionCount);
+ malloc(sizeof(SecCertificateExtension) * mallocCount);
+ require_quiet(certificate->_extensions, badCert);
CFIndex ix = 0;
drtn = DERDecodeSeqInit(&tbsCert.extensions, &tag, &derSeq);
sizeof(*result) - sizeof(result->_base));
result->_der.data = ((DERByte *)result + sizeof(*result));
result->_der.length = der_length;
- memcpy(result->_der.data, der_bytes, der_length);
+ if(der_bytes) {
+ memcpy(result->_der.data, der_bytes, der_length);
+ }
if (!SecCertificateParse(result)) {
CFRelease(result);
return NULL;
else
appendUnparsedProperty(properties, oid_string, &on.value);
+ CFReleaseNull(value_string);
+ CFReleaseNull(oid_string);
return;
badDER:
appendInvalidProperty(properties, CFSTR("Other Name"), otherNameContent);
/* Decode a sequence of integers into a comma separated list of ints. */
static void appendIntegerSequenceContent(CFMutableArrayRef properties,
CFStringRef label, const DERItem *intSequenceContent) {
+ CFMutableStringRef value = NULL;
+ CFStringRef intDesc = NULL;
CFAllocatorRef allocator = CFGetAllocator(properties);
DERSequence intSeq;
DERReturn drtn = DERDecodeSeqContentInit(intSequenceContent, &intSeq);
require_noerr_quiet(drtn, badDER);
DERDecodedInfo intContent;
- CFMutableStringRef value = NULL;
+
while ((drtn = DERDecodeSeqNext(&intSeq, &intContent))
== DR_Success) {
require_quiet(intContent.tag == ASN1_INTEGER, badDER);
- CFStringRef intDesc = copyIntegerContentDescription(
+ intDesc = copyIntegerContentDescription(
allocator, &intContent.content);
+ require_quiet(intDesc, badDER);
if (value) {
CFStringAppendFormat(value, NULL, CFSTR(", %@"), intDesc);
} else {
value = CFStringCreateMutableCopy(allocator, 0, intDesc);
+ require_quiet(value, badDER);
}
- CFRelease(intDesc);
+ CFReleaseNull(intDesc);
}
require_quiet(drtn == DR_EndOfSequence, badDER);
if (value) {
}
/* DROPTHOUGH if !value. */
badDER:
+ CFReleaseNull(value);
+ CFReleaseNull(intDesc);
appendInvalidProperty(properties, label, intSequenceContent);
}
static void appendCertificatePolicies(CFMutableArrayRef properties,
const DERItem *extnValue) {
CFAllocatorRef allocator = CFGetAllocator(properties);
+ CFStringRef piLabel = NULL, pqLabel = NULL;
DERTag tag;
DERSequence piSeq;
DERReturn drtn = DERDecodeSeqInit(extnValue, &tag, &piSeq);
DERPolicyInformationItemSpecs,
&pi, sizeof(pi));
require_noerr_quiet(drtn, badDER);
- CFStringRef piLabel = CFStringCreateWithFormat(allocator, NULL,
- CFSTR("Policy Identifier #%d"), pin++);
+ require_quiet(piLabel = CFStringCreateWithFormat(allocator, NULL,
+ CFSTR("Policy Identifier #%d"), pin++), badDER);
appendOIDProperty(properties, piLabel, &pi.policyIdentifier);
- CFRelease(piLabel);
+ CFReleaseNull(piLabel);
if (pi.policyQualifiers.length == 0)
continue;
DERDecodedInfo qualifierContent;
drtn = DERDecodeItem(&pqi.qualifier, &qualifierContent);
require_noerr_quiet(drtn, badDER);
- CFStringRef pqLabel = CFStringCreateWithFormat(allocator, NULL,
- CFSTR("Policy Qualifier #%d"), pqn++);
+ require_quiet(pqLabel = CFStringCreateWithFormat(allocator, NULL,
+ CFSTR("Policy Qualifier #%d"), pqn++), badDER);
appendOIDProperty(properties, pqLabel, &pqi.policyQualifierID);
- CFRelease(pqLabel);
+ CFReleaseNull(pqLabel);
if (DEROidCompare(&oidQtCps, &pqi.policyQualifierID)) {
require_quiet(qualifierContent.tag == ASN1_IA5_STRING, badDER);
appendURLContentProperty(properties,
require_quiet(drtn == DR_EndOfSequence, badDER);
return;
badDER:
+ CFReleaseNull(piLabel);
+ CFReleaseNull(pqLabel);
appendInvalidProperty(properties, CFSTR("Certificate Policies"),
extnValue);
}
CFStringRef string =
copyDERThingContentDescription(CFGetAllocator(properties),
currDecoded.tag, &currDecoded.content, false);
- //CFStringRef cleanString = copyStringRemovingPercentEscapes(string);
+ require_quiet(string, badSequence);
appendPropertyP(properties, kSecPropertyTypeString, label,
string);
- CFRelease(string);
+ CFReleaseNull(string);
appendedSomething = true;
break;
}
CFAllocatorRef allocator = CFGetAllocator(certificate);
CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0,
&kCFTypeArrayCallBacks);
+ require_quiet(properties, out);
/* First we put the Subject Name in the property list. */
- CFArrayRef subject_plist = createPropertiesForX501NameContent(allocator,
- &certificate->_subject);
- appendPropertyP(properties, kSecPropertyTypeSection,
- CFSTR("Subject Name"), subject_plist);
- CFRelease(subject_plist);
-
-#if 0
- /* Put Normalized subject in for testing. */
- if (certificate->_normalizedSubject) {
- DERItem nsubject = {
- (DERByte *)CFDataGetBytePtr(certificate->_normalizedSubject),
- CFDataGetLength(certificate->_normalizedSubject)
- };
- CFArrayRef nsubject_plist = createPropertiesForX501NameContent(allocator,
- &nsubject);
- appendPropertyP(properties, kSecPropertyTypeSection,
- CFSTR("Normalized Subject Name"), nsubject_plist);
- CFRelease(nsubject_plist);
- }
-#endif
-
- /* Next we put the Issuer Name in the property list. */
- CFArrayRef issuer_plist = createPropertiesForX501NameContent(allocator,
- &certificate->_issuer);
- appendPropertyP(properties, kSecPropertyTypeSection,
- CFSTR("Issuer Name"), issuer_plist);
- CFRelease(issuer_plist);
-
-#if 0
- /* Certificate version/type. */
- bool isRoot = false;
- CFStringRef typeString = CFStringCreateWithFormat(allocator, NULL,
- CFSTR("X.509 version %d %scertificate"),
- certificate->_version + 1, isRoot ? "root " : "");
- appendPropertyP(properties, kSecPropertyTypeString,
- CFSTR("Certificate Type"), typeString);
- CFRelease(typeString);
-#endif
+ CFArrayRef subject_plist = createPropertiesForX501NameContent(allocator,
+ &certificate->_subject);
+ if (subject_plist) {
+ appendPropertyP(properties, kSecPropertyTypeSection,
+ CFSTR("Subject Name"), subject_plist);
+ }
+ CFReleaseNull(subject_plist);
- /* Version */
- CFStringRef versionString = CFStringCreateWithFormat(allocator,
- NULL, CFSTR("%d"), certificate->_version + 1);
- appendPropertyP(properties, kSecPropertyTypeString,
- CFSTR("Version"), versionString);
- CFRelease(versionString);
+ /* Next we put the Issuer Name in the property list. */
+ CFArrayRef issuer_plist = createPropertiesForX501NameContent(allocator,
+ &certificate->_issuer);
+ if (issuer_plist) {
+ appendPropertyP(properties, kSecPropertyTypeSection,
+ CFSTR("Issuer Name"), issuer_plist);
+ }
+ CFReleaseNull(issuer_plist);
+
+ /* Version */
+ CFStringRef versionString = CFStringCreateWithFormat(allocator, NULL, CFSTR("%d"),
+ certificate->_version + 1);
+ if (versionString) {
+ appendPropertyP(properties, kSecPropertyTypeString,
+ CFSTR("Version"), versionString);
+ }
+ CFReleaseNull(versionString);
/* Serial Number */
if (certificate->_serialNum.length) {
}
/* Signature algorithm. */
-#if 0
- appendAlgorithmProperty(properties, CFSTR("Signature Algorithm"),
- &certificate->_sigAlg);
-#endif
appendAlgorithmProperty(properties, CFSTR("Signature Algorithm"),
&certificate->_tbsSigAlg);
certificate->_properties = properties;
}
- CFRetain(certificate->_properties);
+out:
+ CFRetainSafe(certificate->_properties);
return certificate->_properties;
}
require_quiet(currDecoded.tag == ASN1_OBJECT_ID, out);
CFDataRef oid = CFDataCreate(kCFAllocatorDefault,
currDecoded.content.data, currDecoded.content.length);
- if (oid) {
- CFArrayAppendValue(extended_key_usage_oids, oid);
- CFRelease(oid);
- }
+ require_quiet(oid, out);
+ CFArrayAppendValue(extended_key_usage_oids, oid);
+ CFReleaseNull(oid);
}
require_quiet(drtn == DR_EndOfSequence, out);
return extended_key_usage_oids;
projects / apple / security.git / blobdiff