Security-57740.51.3.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / filediskrep.cpp

diff --git a/OSX/libsecurity_codesigning/lib/filediskrep.cpp b/OSX/libsecurity_codesigning/lib/filediskrep.cpp
index e280fc13a6a14d2dd817e3b8f4128b7723ae4c63..05ff9e035ea5f26df2f7e8b30afc0e55d5676f9d 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/filediskrep.cpp
+++ b/OSX/libsecurity_codesigning/lib/filediskrep.cpp
@@ -154,14 +154,33 @@ DiskRep::Writer *FileDiskRep::writer()
 void FileDiskRep::Writer::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
 {
        try {
-               fd().setAttr(attrName(CodeDirectory::canonicalSlotName(slot)),
-                       CFDataGetBytePtr(data), CFDataGetLength(data));
+        std::string name = attrName(CodeDirectory::canonicalSlotName(slot));
+               fd().setAttr(name, CFDataGetBytePtr(data), CFDataGetLength(data));
+        mWrittenAttributes.insert(name);
        } catch (const UnixError &error) {
                if (error.error == ERANGE)
                        MacOSError::throwMe(errSecCSCMSTooLarge);
                throw;
        }
 }
+    
+
+void FileDiskRep::Writer::flush()
+{
+    size_t size = fd().listAttr(NULL, 0);
+    std::vector<char> buffer(size);
+    char *s = &buffer[0];
+    char *end = &buffer[size];
+    fd().listAttr(s, size);
+    while (s < end) {
+        std::string name = s;
+        s += strlen(s) + 1;     // skip to next
+        if (name.compare(0, 13, "com.apple.cs.") == 0)  // one of ours
+            if (mWrittenAttributes.find(name) == mWrittenAttributes.end()) {    // not written by this signing operation
+                fd().removeAttr(name);
+        }
+    }
+}
 
 
 //