X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_apple_x509_tp/lib/TPDatabase.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_apple_x509_tp/lib/TPDatabase.cpp b/OSX/libsecurity_apple_x509_tp/lib/TPDatabase.cpp
index 5ba632f9..3870a8c8 100644
--- a/OSX/libsecurity_apple_x509_tp/lib/TPDatabase.cpp
+++ b/OSX/libsecurity_apple_x509_tp/lib/TPDatabase.cpp
@@ -119,7 +119,7 @@ TPCertInfo *tpDbFindIssuerCert(
 		dlDb = dbList->DLDBHandle[dbDex];
 		cert.Data = NULL;
 		cert.Length = 0;
-		resultHand = 0;
+		resultHand = CSSM_INVALID_HANDLE;
 		record = tpCertLookup(dlDb,
 			subjectItem->issuerName(),
 			&resultHand,
@@ -157,7 +157,7 @@ TPCertInfo *tpDbFindIssuerCert(
 			 * Handle temporal invalidity - if so and this is the first one
 			 * we've seen, hold on to it while we search for better one.
 			 */
-			if((crtn == CSSM_OK) && (expiredIssuer == NULL)) {
+			if(crtn == CSSM_OK) {
 				if(issuerCert->isExpired() || issuerCert->isNotValidYet()) {
 					/*
 					 * Exact value not important here, this just uniquely identifies
@@ -165,6 +165,11 @@ TPCertInfo *tpDbFindIssuerCert(
 					 */
 					tpDbDebug("tpDbFindIssuerCert: holding expired cert (1)");
 					crtn = CSSM_CERT_STATUS_EXPIRED;
+					/* Delete old stashed expired issuer */
+					if (expiredIssuer) {
+						expiredIssuer->freeUniqueRecord();
+						delete expiredIssuer;
+					}
 					expiredIssuer = issuerCert;
 					expiredIssuer->dlDbHandle(dlDb);
 					expiredIssuer->uniqueRecord(record);
@@ -174,18 +179,33 @@ TPCertInfo *tpDbFindIssuerCert(
 			 * Prefer a root over an intermediate issuer if we can get one
 			 * (in case a cross-signed intermediate and root are both available)
 			 */
-			if((crtn == CSSM_OK) && (nonRootIssuer == NULL)) {
-				if(!issuerCert->isSelfSigned()) {
-					/*
-					 * Exact value not important here, this just uniquely identifies
-					 * this situation in the switch below.
-					 */
-					tpDbDebug("tpDbFindIssuerCert: holding non-root cert (1)");
-					crtn = CSSM_CERT_STATUS_IS_ROOT;
+			if(crtn == CSSM_OK && !issuerCert->isSelfSigned()) {
+				/*
+				 * Exact value not important here, this just uniquely identifies
+				 * this situation in the switch below.
+				 */
+				tpDbDebug("tpDbFindIssuerCert: holding non-root cert (1)");
+				crtn = CSSM_CERT_STATUS_IS_ROOT;
+				/*
+				 * If the old intermediate was temporally invalid, replace it.
+				 * (Regardless of temporal validity of new one we found, because
+				 * as far as this code is concerned they're equivalent.)
+				 */
+				if(!nonRootIssuer ||
+				   (nonRootIssuer && (nonRootIssuer->isExpired() || nonRootIssuer->isNotValidYet()))) {
+					if(nonRootIssuer) {
+						nonRootIssuer->freeUniqueRecord();
+						delete nonRootIssuer;
+					}
 					nonRootIssuer = issuerCert;
 					nonRootIssuer->dlDbHandle(dlDb);
 					nonRootIssuer->uniqueRecord(record);
 				}
+				else {
+					delete issuerCert;
+					CSSM_DL_FreeUniqueRecord(dlDb, record);
+					issuerCert = NULL;
+				}
 			}
 			switch(crtn) {
 				case CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE:
@@ -248,24 +268,44 @@ TPCertInfo *tpDbFindIssuerCert(
 						}
 
 						/* temporal validity check, again */
-						if((crtn == CSSM_OK) && (expiredIssuer == NULL)) {
+						if(crtn == CSSM_OK) {
 							if(issuerCert->isExpired() || issuerCert->isNotValidYet()) {
 								tpDbDebug("tpDbFindIssuerCert: holding expired cert (2)");
 								crtn = CSSM_CERT_STATUS_EXPIRED;
+								/* Delete old stashed expired issuer */
+								if (expiredIssuer) {
+									expiredIssuer->freeUniqueRecord();
+									delete expiredIssuer;
+								}
 								expiredIssuer = issuerCert;
 								expiredIssuer->dlDbHandle(dlDb);
 								expiredIssuer->uniqueRecord(record);
 							}
 						}
 						/* self-signed check, again */
-						if((crtn == CSSM_OK) && (nonRootIssuer == NULL)) {
-							if(!issuerCert->isSelfSigned()) {
-								tpDbDebug("tpDbFindIssuerCert: holding non-root cert (2)");
-								crtn = CSSM_CERT_STATUS_IS_ROOT;
+						if(crtn == CSSM_OK && !issuerCert->isSelfSigned()) {
+							tpDbDebug("tpDbFindIssuerCert: holding non-root cert (2)");
+							crtn = CSSM_CERT_STATUS_IS_ROOT;
+							/*
+							 * If the old intermediate was temporally invalid, replace it.
+							 * (Regardless of temporal validity of new one we found, because
+							 * as far as this code is concerned they're equivalent.)
+							 */
+							if(!nonRootIssuer ||
+							   (nonRootIssuer && (nonRootIssuer->isExpired() || nonRootIssuer->isNotValidYet()))) {
+								if(nonRootIssuer) {
+									nonRootIssuer->freeUniqueRecord();
+									delete nonRootIssuer;
+								}
 								nonRootIssuer = issuerCert;
 								nonRootIssuer->dlDbHandle(dlDb);
 								nonRootIssuer->uniqueRecord(record);
 							}
+							else {
+								delete issuerCert;
+								CSSM_DL_FreeUniqueRecord(dlDb, record);
+								issuerCert = NULL;
+							}
 						}
 
 						foundIt = false;
@@ -467,6 +507,7 @@ TPCrlInfo *tpDbFindIssuerCrl(
 		dlDb = dbList->DLDBHandle[dbDex];
 		crl.Data = NULL;
 		crl.Length = 0;
+		resultHand = CSSM_INVALID_HANDLE;
 		record = tpCrlLookup(dlDb,
 			&issuer,
 			vfyCtx.verifyTime,