Security-58286.70.7.tar.gz

[apple/security.git] / OSX / libsecurity_keychain / lib / SecAccess.cpp

diff --git a/OSX/libsecurity_keychain/lib/SecAccess.cpp b/OSX/libsecurity_keychain/lib/SecAccess.cpp
index 39a8b120a091a8210f33d96a56c8683ba21fb8da..bb3adfc6712bd6dae0801072eaca95785c41a9f6 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecAccess.cpp
+++ b/OSX/libsecurity_keychain/lib/SecAccess.cpp
@@ -27,10 +27,11 @@
 #include <Security/SecTrustedApplication.h>
 #include <Security/SecTrustedApplicationPriv.h>
 #include <security_keychain/Access.h>
+#include <security_utilities/casts.h>
+#include <utilities/SecCFRelease.h>
 #include "SecBridge.h"
 #include <sys/param.h>
 
-#undef secdebug
 #include <utilities/SecCFWrappers.h>
 
 
@@ -231,6 +232,7 @@ CFStringRef GetAuthStringFromACLAuthorizationTag(sint32 tag)
        {
                result = (CFStringRef)CFDictionaryGetValue(gTagMapping, aNum);
        }
+    CFReleaseSafe(aNum);
        return result;
 }
 
@@ -292,7 +294,7 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce
        CSSM_ACL_PROCESS_SUBJECT_SELECTOR selector =
        {
                CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION,      // selector version
-               ownerType,
+               int_cast<UInt32, uint16>(ownerType),
                userId,
                groupId
        };
@@ -319,7 +321,9 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce
        CFRelease(debugStr);
 #endif
 
-       CSSM_ACL_AUTHORIZATION_TAG rights[numAcls];
+    CFIndex rightsSize = numAcls > 0 ? numAcls : 1;
+
+       CSSM_ACL_AUTHORIZATION_TAG rights[rightsSize];
        memset(rights, 0, sizeof(rights));
 
        for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++)
@@ -380,7 +384,7 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce
                                { CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 },
                                false,  // Delegate
                                // rights for this entry
-                               { (uint32)(sizeof(rights) / sizeof(rights[0])), rights },
+                               { (uint32)numAcls, rights },
                                // rest is defaulted
                        }
                }
@@ -577,9 +581,6 @@ CFArrayRef copyTrustedAppListFromBundle(CFStringRef bundlePath, CFStringRef trus
     if (!trustedAppsURL)
         goto xit;
 
-    if ( trustedAppListFileNameWithoutExtension )
-               CFRelease(trustedAppListFileNameWithoutExtension);
-
        if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault,trustedAppsURL,&xmlDataRef,NULL,NULL,&errorCode))
         goto xit;
 
@@ -587,6 +588,7 @@ CFArrayRef copyTrustedAppListFromBundle(CFStringRef bundlePath, CFStringRef trus
     trustedAppList = (CFArrayRef)trustedAppsPlist;
 
 xit:
+    CFReleaseNull(trustedAppListFileNameWithoutExtension);
     if (bundleURL)
         CFRelease(bundleURL);
     if (secBundle)