Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / resources.cpp

diff --git a/OSX/libsecurity_codesigning/lib/resources.cpp b/OSX/libsecurity_codesigning/lib/resources.cpp
index 4c36a38716f374b48ceb4d1342fdc406747dcc93..221e298472d765f72c3d20c6667c5bd4665de34a 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/resources.cpp
+++ b/OSX/libsecurity_codesigning/lib/resources.cpp
@@ -138,10 +138,15 @@ static bool findStringEndingNoCase(const char *path, const char * end)
 void ResourceBuilder::scan(Scanner next)
 {
        bool first = true;
-    
+
        while (FTSENT *ent = fts_read(mFTS)) {
                static const char ds_store[] = ".DS_Store";
-               const char *relpath = ent->fts_path + mRoot.size() + 1; // skip prefix + "/"
+               const char *relpath = ent->fts_path + mRoot.size(); // skip prefix
+
+               if (strlen(relpath) > 0) {
+                       relpath += 1;   // skip "/"
+               }
+
                std::string rp;
                if (mRelBase != mRoot) {
                        assert(mRelBase == mRoot + "/Contents");
@@ -183,7 +188,7 @@ void ResourceBuilder::scan(Scanner next)
                        secinfo("rdirenum", "entering %s", ent->fts_path);
                        GKBIS_Num_dirs++;
 
-                       if (!first) {   // skip root directory (relpath invalid)
+                       if (!first) {   // skip root directory
                                if (Rule *rule = findRule(relpath)) {
                                        if (rule->flags & nested) {
                                                if (strchr(ent->fts_name, '.')) {       // nested, has extension -> treat as nested bundle
@@ -260,6 +265,13 @@ ResourceBuilder::Rule *ResourceBuilder::findRule(string path) const
                        }
                        if (!bestRule || rule->weight > bestRule->weight)
                                bestRule = rule;
+
+
+#if TARGET_OS_WATCH
+/* rdar://problem/30517969 */
+                       if (bestRule && bestRule->weight == rule->weight && !(bestRule->flags & omitted) && (rule->flags & omitted))
+                               bestRule = rule;
+#endif
                }
        }
        secinfo("rscan", "choosing %s (%d,0x%x)",
@@ -279,9 +291,10 @@ CFDataRef ResourceBuilder::hashFile(const char *path, CodeDirectory::HashAlgorit
        fd.fcntl(F_NOCACHE, true);              // turn off page caching (one-pass)
        RefPointer<DynamicHash> hasher(CodeDirectory::hashFor(type));
        hashFileData(fd, hasher.get());
-       Hashing::Byte digest[hasher->digestLength()];
-       hasher->finish(digest);
-       return CFDataCreate(NULL, digest, sizeof(digest));
+       vector<Hashing::Byte> digest_vector(hasher->digestLength());
+       hasher->finish(digest_vector.data());
+       return CFDataCreate(NULL, digest_vector.data(),
+                                               digest_vector.size() * sizeof(Hashing::Byte));
 }
 
 
@@ -299,9 +312,9 @@ CFMutableDictionaryRef ResourceBuilder::hashFile(const char *path, CodeDirectory
        CFMutableDictionaryRef resultRef = result;
        CodeDirectory::multipleHashFileData(fd, 0, types, ^(CodeDirectory::HashAlgorithm type, Security::DynamicHash *hasher) {
                size_t length = hasher->digestLength();
-               Hashing::Byte digest[length];
-               hasher->finish(digest);
-               CFDictionaryAddValue(resultRef, CFTempString(hashName(type)), CFTempData(digest, length));
+               vector<Hashing::Byte> digest_vector(length);
+               hasher->finish(digest_vector.data());
+               CFDictionaryAddValue(resultRef, CFTempString(hashName(type)), CFTempData(digest_vector.data(), length));
        });
        return result.yield();
 }