X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..000f55fd2f6b3f7217715c0b319b6af746005756:/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp

diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
index 96a32b50..e80d7213 100644
--- a/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
+++ b/OSX/libsecurity_cdsa_utilities/lib/cssmaclpod.cpp
@@ -71,12 +71,17 @@ void AuthorizationGroup::destroy(Allocator &alloc)
 {
 	alloc.free(AuthTags);
 }
-
+	
 bool AuthorizationGroup::contains(CSSM_ACL_AUTHORIZATION_TAG tag) const
 {
 	return find(AuthTags, &AuthTags[NumberOfAuthTags], tag) != &AuthTags[NumberOfAuthTags];
 }
 
+bool AuthorizationGroup::containsOnly(CSSM_ACL_AUTHORIZATION_TAG tag) const
+{
+	return count() == 1 && (*this)[0] == tag;
+}
+
 
 AuthorizationGroup::operator AclAuthorizationSet() const
 {
@@ -211,11 +216,12 @@ uint32 pinFromAclTag(const char *tag, const char *suffix /* = NULL */)
 	if (tag) {
 		char format[20];
 		snprintf(format, sizeof(format), "PIN%%d%s%%n", suffix ? suffix : "");
-		uint32 pin;
-		unsigned consumed;
-		sscanf(tag, format, &pin, &consumed);
-		if (consumed == strlen(tag))	// complete and sufficient
+        uint32 pin = 0;
+        unsigned consumed = 0;
+        // sscanf does not count %n as a filled value so number of read variables should be just 1
+        if (sscanf(tag, format, &pin, &consumed) == 1 && consumed == strlen(tag)) {	// complete and sufficient
 			return pin;
+        }
 	}
 	return 0;
 }