X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..refs/heads/master:/OSX/libsecurity_keychain/lib/Item.cpp?ds=inline

diff --git a/OSX/libsecurity_keychain/lib/Item.cpp b/OSX/libsecurity_keychain/lib/Item.cpp
index ff064c1a..f6720512 100644
--- a/OSX/libsecurity_keychain/lib/Item.cpp
+++ b/OSX/libsecurity_keychain/lib/Item.cpp
@@ -46,9 +46,7 @@
 #include <utilities/der_plist.h>
 
 #include <security_utilities/CSPDLTransaction.h>
-#include <SecBasePriv.h>
-
-#define SENDACCESSNOTIFICATIONS 1
+#include <Security/SecBasePriv.h>
 
 //%%% schema indexes should be defined in Schema.h
 #define _kSecAppleSharePasswordItemClass		'ashp'
@@ -196,14 +194,22 @@ ItemImpl::ItemImpl(ItemImpl &item) :
 }
 
 ItemImpl::~ItemImpl()
-{
+try {
 	if (secd_PersistentRef) {
 		CFRelease(secd_PersistentRef);
 	}
+} catch (...) {
+#ifndef NDEBUG
+    /* if we get an exception in destructor, presumably the mutex, lets throw if we
+     * are in a debug build (ie reach end of block) */
+#else
+    return;
+#endif
 }
 
 
 
+
 Mutex*
 ItemImpl::getMutexForObject() const
 {
@@ -325,7 +331,7 @@ DbAttributes* ItemImpl::getCurrentAttributes() {
 
 void ItemImpl::encodeAttributes(CssmOwnedData &attributeBlob) {
     // Sometimes we don't have our attributes. Find them.
-    auto_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
+    unique_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
     encodeAttributesFromDictionary(attributeBlob, dbAttributes.get());
 
 }
@@ -450,7 +456,7 @@ void ItemImpl::encodeAttributesFromDictionary(CssmOwnedData &attributeBlob, DbAt
 }
 
 void ItemImpl::computeDigest(CssmOwnedData &sha2) {
-    auto_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
+    unique_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
     ItemImpl::computeDigestFromDictionary(sha2, dbAttributes.get());
 }
 
@@ -587,7 +593,7 @@ bool ItemImpl::checkIntegrity(AclBearer& aclBearer) {
         return true;
     }
 
-    auto_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
+    unique_ptr<DbAttributes> dbAttributes(getCurrentAttributes());
     return checkIntegrityFromDictionary(aclBearer, dbAttributes.get());
 }
 
@@ -601,7 +607,7 @@ bool ItemImpl::checkIntegrityFromDictionary(AclBearer& aclBearer, DbAttributes*
         // them.
 
         AclEntryInfo &info = aclInfos.at(0);
-        auto_ptr<ACL> acl(new ACL(info, Allocator::standard()));
+        unique_ptr<ACL> acl(new ACL(info, Allocator::standard()));
 
         for(int i = 1; i < aclInfos.count(); i++) {
             secnotice("integrity", "*** DUPLICATE INTEGRITY ACL, something has gone wrong");
@@ -632,7 +638,7 @@ bool ItemImpl::checkIntegrityFromDictionary(AclBearer& aclBearer, DbAttributes*
             return false; // No MAC, no integrity.
         }
 
-        throw cssme;
+        throw;
     }
 
     secnotice("integrity", "***** INVALID ITEM");
@@ -1067,7 +1073,7 @@ ItemImpl::doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryC
     } catch (CssmError cssme) {
         // If there's a "duplicate" of this item, it might be an item with corrupt/invalid attributes
         // Try to extract the item and check its attributes, then try again if necessary
-        auto_ptr<CssmClient::DbAttributes> primaryKeyAttrs;
+        unique_ptr<CssmClient::DbAttributes> primaryKeyAttrs;
         if(cssme.error == CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA) {
             secnotice("integrity", "possible duplicate, trying to delete invalid items");
 
@@ -1107,7 +1113,7 @@ ItemImpl::doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryC
 
                     // The item on-disk might have more or different attributes than we do, since we're
                     // only searching via primary key. Fetch all of its attributes.
-                    auto_ptr<DbAttributes>dbDupAttributes (new DbAttributes(kc->database(), 1));
+                    unique_ptr<DbAttributes>dbDupAttributes (new DbAttributes(kc->database(), 1));
                     fillDbAttributesFromSchema(*dbDupAttributes, recordType, kc);
 
                     // Occasionally this cursor won't return the item attributes (for an unknown reason).
@@ -1407,23 +1413,12 @@ ItemImpl::getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList
     {
 		getLocalContent(attrList, length, outData);
 	}
-
-	// Inform anyone interested that we are doing this
-#if SENDACCESSNOTIFICATIONS
-    if (outData)
-    {
-		secinfo("kcnotify", "ItemImpl::getContent(%p, %p, %p, %p) retrieved content",
-			itemClass, attrList, length, outData);
-
-        KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
-    }
-#endif
 }
 
 void
 ItemImpl::freeContent(SecKeychainAttributeList *attrList, void *data)
 {
-    Allocator &allocator = Allocator::standard(); // @@@ This might not match the one used originally
+    Allocator &allocator = Allocator::standard(Allocator::sensitive); // @@@ This might not match the one used originally
     if (data)
 		allocator.free(data);
 
@@ -1531,7 +1526,7 @@ ItemImpl::getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *ite
             theList->count = 0;
             theList->attr = NULL;
         } else {
-            SecKeychainAttribute *attr=reinterpret_cast<SecKeychainAttribute *>(malloc(sizeof(SecKeychainAttribute)*attrCount));
+            SecKeychainAttribute *attr=reinterpret_cast<SecKeychainAttribute *>(calloc(attrCount, sizeof(SecKeychainAttribute)));
             theList->count=attrCount;
             theList->attr=attr;
 
@@ -1565,13 +1560,6 @@ ItemImpl::getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *ite
 
 		if (length) *length=(UInt32)itemData.length();
 		itemData.Length=0;
-
-#if SENDACCESSNOTIFICATIONS
-		secinfo("kcnotify", "ItemImpl::getAttributesAndData(%p, %p, %p, %p, %p) retrieved data",
-			info, itemClass, attrList, length, outData);
-
-		KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
-#endif
 	}
 
 }
@@ -1579,7 +1567,7 @@ ItemImpl::getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *ite
 void
 ItemImpl::freeAttributesAndData(SecKeychainAttributeList *attrList, void *data)
 {
-	Allocator &allocator = Allocator::standard(); // @@@ This might not match the one used originally
+	Allocator &allocator = Allocator::standard(Allocator::sensitive); // @@@ This might not match the one used originally
 
 	if (data)
 		allocator.free(data);
@@ -1732,13 +1720,6 @@ ItemImpl::getData(CssmDataContainer& outData)
 	}
 
     getContent(NULL, &outData);
-
-#if SENDACCESSNOTIFICATIONS
-    secinfo("kcnotify", "ItemImpl::getData retrieved data");
-
-	//%%%<might> be done elsewhere, but here is good for now
-	KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
-#endif
 }
 
 SSGroup
@@ -1825,7 +1806,7 @@ ItemImpl::getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData)
                 }
             } catch(CssmError cssme) {
                 secnotice("integrity", "error while checking integrity, denying access: %s", cssme.what());
-                throw cssme;
+                throw;
             }
 
 			SSDbUniqueRecordImpl* impl = dynamic_cast<SSDbUniqueRecordImpl *>(&(*dbUniqueRecord()));