]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_codesigning/lib/reqinterp.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-57740.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / reqinterp.cpp
diff --git a/OSX/libsecurity_codesigning/lib/reqinterp.cpp b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
index 3837d426da139d5fad24fad17f7f2e80e0939e18..3215df481b0a4229c590fecdb008a8753b006387 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/reqinterp.cpp
+++ b/OSX/libsecurity_codesigning/lib/reqinterp.cpp
@@ -190,7 +190,7 @@ bool Requirement::Interpreter::eval(int depth)
                        }
                }
                // unrecognized opcode and no way to interpret it
                        }
                }
                // unrecognized opcode and no way to interpret it
-               secdebug("csinterp", "opcode 0x%x cannot be handled; aborting", op);
+               secinfo("csinterp", "opcode 0x%x cannot be handled; aborting", op);
                MacOSError::throwMe(errSecCSUnimplemented);
        }
 }
                MacOSError::throwMe(errSecCSUnimplemented);
        }
 }
@@ -247,13 +247,14 @@ bool Requirement::Interpreter::certFieldValue(const string &key, const Match &ma
                { "subject.UID", &CSSMOID_UserID },
                { NULL, NULL }
        };
                { "subject.UID", &CSSMOID_UserID },
                { NULL, NULL }
        };
-       
+
        // DN-component single-value match
        for (const CertField *cf = certFields; cf->name; cf++)
                if (cf->name == key) {
                        CFRef<CFStringRef> value;
        // DN-component single-value match
        for (const CertField *cf = certFields; cf->name; cf++)
                if (cf->name == key) {
                        CFRef<CFStringRef> value;
-                       if (OSStatus rc = SecCertificateCopySubjectComponent(cert, cf->oid, &value.aref())) {
-                               secdebug("csinterp", "cert %p lookup for DN.%s failed rc=%d", cert, key.c_str(), (int)rc);
+            OSStatus rc = SecCertificateCopySubjectComponent(cert, cf->oid, &value.aref());
+                       if (rc) {
+                               secinfo("csinterp", "cert %p lookup for DN.%s failed rc=%d", cert, key.c_str(), (int)rc);
                                return false;
                        }
                        return match(value);
                                return false;
                        }
                        return match(value);
@@ -262,15 +263,16 @@ bool Requirement::Interpreter::certFieldValue(const string &key, const Match &ma
        // email multi-valued match (any of...)
        if (key == "email") {
                CFRef<CFArrayRef> value;
        // email multi-valued match (any of...)
        if (key == "email") {
                CFRef<CFArrayRef> value;
-               if (OSStatus rc = SecCertificateCopyEmailAddresses(cert, &value.aref())) {
-                       secdebug("csinterp", "cert %p lookup for email failed rc=%d", cert, (int)rc);
+        OSStatus rc = SecCertificateCopyEmailAddresses(cert, &value.aref());
+               if (rc) {
+                       secinfo("csinterp", "cert %p lookup for email failed rc=%d", cert, (int)rc);
                        return false;
                }
                return match(value);
        }
 
        // unrecognized key. Fail but do not abort to promote backward compatibility down the road
                        return false;
                }
                return match(value);
        }
 
        // unrecognized key. Fail but do not abort to promote backward compatibility down the road
-       secdebug("csinterp", "cert field notation \"%s\" not understood", key.c_str());
+       secinfo("csinterp", "cert field notation \"%s\" not understood", key.c_str());
        return false;
 }
 
        return false;
 }
 
@@ -327,7 +329,9 @@ CFArrayRef Requirement::Interpreter::getAdditionalTrustedAnchors()
         if (!configData)
             return NULL;
 
         if (!configData)
             return NULL;
 
-        CFRef<CFDictionaryRef> configDict = CFDictionaryRef(IOCFUnserialize((const char *)CFDataGetBytePtr(configData), kCFAllocatorDefault, 0, NULL));
+        CFRef<CFDictionaryRef> configDict = CFDictionaryRef(IOCFUnserializeWithSize((const char *)CFDataGetBytePtr(configData),
+                                                                                    (size_t)CFDataGetLength(configData),
+                                                                                    kCFAllocatorDefault, 0, NULL));
         if (!configDict)
             return NULL;
 
         if (!configDict)
             return NULL;
 
mirror of Security