X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/b04fe171f0375ecd5d8a24747ca1dff85720a0ca..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c

diff --git a/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c b/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c
index 12de9f6f..b85f36ea 100644
--- a/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c
+++ b/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c
@@ -42,6 +42,7 @@
 #include <CoreFoundation/CoreFoundation.h>
 #include <CoreServices/CoreServices.h>
 #include <Security/Security.h>
+#include <Security/SecKey.h>
 #include <Security/SecPolicyPriv.h>
 
 #include <stdlib.h>
@@ -50,7 +51,7 @@
 #include <unistd.h>
 #include <time.h>
 #include <sys/param.h>
-#include "test/testenv.h"
+#include "regressions/test/testenv.h"
 #include "utilities/SecCFRelease.h"
 
 #include "keychain_regressions.h"
@@ -1051,10 +1052,20 @@ static void PrintStringToMatch(CFStringRef nameStr)
 	}
 }
 
+static void PrintStringToMatchRelease(CFStringRef CF_CONSUMED nameStr)
+{
+    PrintStringToMatch(nameStr);
+    CFReleaseNull(nameStr);
+}
+
 
 static void PrintSecCertificate(SecCertificateRef certificate)
 {
 	CFStringRef nameStr;
+    if(!certificate) {
+        return;
+    }
+
 	OSStatus status = SecCertificateCopyCommonName(certificate, &nameStr);
 	if (status) {
 		fprintf(stderr, "### SecCertificateCopyCommonName error %d\n", (int)status);
@@ -1075,6 +1086,10 @@ static void PrintSecCertificate(SecCertificateRef certificate)
 static void PrintSecIdentity(SecIdentityRef identity)
 {
 	SecCertificateRef certRef;
+    if(!identity) {
+        return;
+    }
+
 	OSStatus status = SecIdentityCopyCertificate(identity, &certRef);
 	if (status) {
 		fprintf(stderr, "### SecIdentityCopyCertificate error %d\n", (int)status);
@@ -1220,6 +1235,7 @@ static int TestAddItems(SecKeychainRef keychain)
 		};
 		status = SecItemImport(p12DataRef,
 			NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
+        CFReleaseSafe(p12DataRef);
 		CFRelease(keyUsagesArray);
 		CFRelease(keyAttrsArray);
 	#endif
@@ -1266,6 +1282,7 @@ static int TestAddItems(SecKeychainRef keychain)
 		};
 		status = SecItemImport(p12DataRef,
 			NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
+        CFReleaseSafe(p12DataRef);
 		CFRelease(keyUsagesArray);
 		CFRelease(keyAttrsArray);
 	#endif
@@ -1297,6 +1314,7 @@ static int TestAddItems(SecKeychainRef keychain)
 		};
 		status = SecItemImport(p12DataRef,
 			NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
+        CFReleaseNull(p12DataRef);
 		CFRelease(keyUsagesArray);
 		CFRelease(keyAttrsArray);
         ok_status(status, "Unable to import TestIDSSL2007_p12 identity: error %d\n", (int)status);
@@ -1327,6 +1345,7 @@ static int TestAddItems(SecKeychainRef keychain)
 		};
 		status = SecItemImport(p12DataRef,
 			NULL, &format, &itemType, flags, &keyParams, keychain, NULL);
+        CFReleaseSafe(p12DataRef);
 		CFRelease(keyUsagesArray);
 		CFRelease(keyAttrsArray);
         ok_status(status, "Unable to import TestIDSMIME2007_p12 identity: error %d\n", (int)status);
@@ -1658,7 +1677,7 @@ static int FindCertificateByNameAndValidDate(SecKeychainRef keychain,
 	CFTypeRef results = NULL;
 	if (debug) {
 		PrintStringToMatch(nameStr);
-		PrintStringToMatch(CFCopyDescription(validOnDate));
+		PrintStringToMatchRelease(CFCopyDescription(validOnDate));
 	}
 
 	OSStatus status = SecItemCopyMatching(query, &results);
@@ -1719,8 +1738,8 @@ static int FindCertificateForSMIMEEncryption(SecKeychainRef keychain,
 	CFTypeRef results = NULL;
 	if (debug) {
 		PrintStringToMatch(emailAddr);
-		PrintStringToMatch(CFCopyDescription(kSecPolicyAppleSMIME));
-		PrintStringToMatch(CFCopyDescription(validOnDate));
+		PrintStringToMatchRelease(CFCopyDescription(kSecPolicyAppleSMIME));
+		PrintStringToMatchRelease(CFCopyDescription(validOnDate));
 	}
 
 	OSStatus status = SecItemCopyMatching(query, &results);
@@ -1793,7 +1812,7 @@ static int FindPreferredCertificateForSMIMEEncryption(SecKeychainRef keychain,
 
 		if (debug) {
 			PrintStringToMatch(emailAddr);
-			PrintStringToMatch(CFCopyDescription(validOnDate));
+			PrintStringToMatchRelease(CFCopyDescription(validOnDate));
 		}
 
 		status = SecItemCopyMatching(query, (CFTypeRef*)&validatedCertificate);
@@ -2018,7 +2037,7 @@ static int FindIdentityByPolicyAndValidDate(SecKeychainRef keychain,
 		&kCFTypeDictionaryKeyCallBacks,
 		&kCFTypeDictionaryValueCallBacks);
 
-	if (debug) PrintStringToMatch(CFCopyDescription(policyIdentifier));
+	if (debug) PrintStringToMatchRelease(CFCopyDescription(policyIdentifier));
 
 	status = SecItemCopyMatching(query, &results);
 
@@ -2087,7 +2106,7 @@ static int FindIdentityByNameAndValidDate(SecKeychainRef keychain,
 	CFTypeRef results = NULL;
 	if (debug) {
 		PrintStringToMatch(nameStr);
-		PrintStringToMatch(CFCopyDescription(validOnDate));
+		PrintStringToMatchRelease(CFCopyDescription(validOnDate));
 	}
 
 	OSStatus status = SecItemCopyMatching(query, &results);
@@ -2157,7 +2176,7 @@ static int FindPreferredIdentityForSMIMESigning(SecKeychainRef keychain, CFStrin
 
 		if (debug) {
 			PrintStringToMatch(emailAddr);
-			PrintStringToMatch(CFCopyDescription(validOnDate));
+			PrintStringToMatchRelease(CFCopyDescription(validOnDate));
 		}
 
 		status = SecItemCopyMatching(query, (CFTypeRef*)&validatedIdentity);
@@ -2488,9 +2507,9 @@ static int FindMailPassword(SecKeychainRef keychain,
 
 
 
-const CFStringRef gPrefix = CFSTR("Test Key");
-const CFStringRef gLabel = CFSTR("Test AES Encryption Key");
-const CFStringRef gUUID = CFSTR("550e8400-e29b-41d4-a716-446655441234");
+const CFStringRef g18Prefix = CFSTR("Test Key");
+const CFStringRef g18Label = CFSTR("Test AES Encryption Key");
+const CFStringRef g18UUID = CFSTR("550e8400-e29b-41d4-a716-446655441234");
 
 // CreateSymmetricKey will create a new AES-128 symmetric encryption key
 // with the provided label, application label, and application tag.
@@ -2517,7 +2536,7 @@ static int CreateSymmetricKey(
 	// note: the access descriptor should be the same string as will be used for the item's label,
 	// since it's the string that is displayed by the access confirmation dialog to describe the item.
 	SecAccessRef access = NULL;
-	status = SecAccessCreate(gLabel, NULL, &access);
+	status = SecAccessCreate(g18Label, NULL, &access);
 
 	// create a dictionary of parameters describing the key we want to create
 	CFMutableDictionaryRef params = CFDictionaryCreateMutable(NULL, 0,
@@ -2529,7 +2548,7 @@ static int CreateSymmetricKey(
 	CFDictionaryAddValue( params, kSecAttrAccess, access );
 	CFDictionaryAddValue( params, kSecAttrKeyClass, kSecAttrKeyClassSymmetric );
 	CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeAES );
-	CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
+    CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize);
 	CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue );
 	CFDictionaryAddValue( params, kSecAttrCanEncrypt, kCFBooleanTrue );
 	CFDictionaryAddValue( params, kSecAttrCanDecrypt, kCFBooleanTrue );
@@ -2754,9 +2773,11 @@ static int TestIdentityLookup(SecKeychainRef keychain)
 
 	// look up identity by policy, want first result as a CFDictionary of attributes (should find "Test SSL User" identity)
 	result += FindIdentityByPolicy(keychain, sslPolicy, kSecReturnAttributes, kSecMatchLimitOne, 1, noErr);
+    CFReleaseNull(sslPolicy);
 
 	// look up identity by policy, expect errSecItemNotFound error (this assumes no code signing identity is present!)
 	result += FindIdentityByPolicy(keychain, codeSigningPolicy, kSecReturnRef, kSecMatchLimitOne, 0, errSecItemNotFound);
+    CFReleaseNull(codeSigningPolicy);
 
 	// -------------------------
 	// test kSecMatchValidOnDate
@@ -2788,11 +2809,13 @@ static int TestIdentityLookup(SecKeychainRef keychain)
 	CFDateRef aPastValidDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastValidGDate, NULL));
 	if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), aPastValidDate, kSecReturnRef, kSecMatchLimitAll, 0, noErr))
 		++result;
+    CFReleaseNull(aPastValidDate);
 
 	// test the ability of kCFNull to denote "currently valid" (should not find anything, since the " 2007" certs are expired)
 	if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), kCFNull, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound))
 		++result;
 
+
 	// test Ian's bug: <rdar://8197632>; the 4th argument is a string which should NOT be present in any found items
 	if (FindIdentityByPolicyAndValidDate(keychain, kSecPolicyAppleSMIME, FALSE, kCFNull, CFSTR(" 2007"), kSecReturnAttributes, kSecMatchLimitAll, 0, errSecSuccess))
 		++result;
@@ -3032,12 +3055,12 @@ static int TestSymmetricKeyLookup(SecKeychainRef keychain)
 	int result = 0;
 
 	// look up our symmetric key by label and UUID (it might not exist yet)
-	if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecItemNotFound) != errSecSuccess) {
+	if (FindSymmetricKey(keychain, g18Label, g18UUID, NULL, errSecItemNotFound) != errSecSuccess) {
 		// create test key (unique by UUID only)
-		if (CreateSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
+		if (CreateSymmetricKey(keychain, g18Label, g18UUID, NULL, errSecSuccess) != errSecSuccess)
 			++result;
 		// look it up again (it should exist now!)
-		if (FindSymmetricKey(keychain, gLabel, gUUID, NULL, errSecSuccess) != errSecSuccess)
+		if (FindSymmetricKey(keychain, g18Label, g18UUID, NULL, errSecSuccess) != errSecSuccess)
 			++result;
 	}
 
@@ -3045,7 +3068,7 @@ static int TestSymmetricKeyLookup(SecKeychainRef keychain)
 	// (so we can make sure on a daily basis that SecKeyGenerateSymmetric is still working)
 	CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
 	CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
-		gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
+		g18Prefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
 
 	//
 	//%%% FIXME Creating a symmetric key with attributes that would duplicate an existing
@@ -3055,17 +3078,17 @@ static int TestSymmetricKeyLookup(SecKeychainRef keychain)
 	CFStringRef curAppTag = CFSTR("SecItemFind");
 
 	// look up our date-based symmetric key by label, UUID, and tag (it might not exist yet)
-	if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecItemNotFound) != errSecSuccess) {
+	if (FindSymmetricKey(keychain, curDateLabel, g18UUID, curAppTag, errSecItemNotFound) != errSecSuccess) {
 		// create test key (unique by combination of UUID and application tag)
-		if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
+		if (CreateSymmetricKey(keychain, curDateLabel, g18UUID, curAppTag, errSecSuccess) != errSecSuccess)
 			++result;
 		// look it up again (it should exist now!)
-		if (FindSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecSuccess) != errSecSuccess)
+		if (FindSymmetricKey(keychain, curDateLabel, g18UUID, curAppTag, errSecSuccess) != errSecSuccess)
 			++result;
 	}
 
 	// test handling of duplicate symmetric key items (<rdar://8289559>)
-	if (CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, errSecDuplicateItem) != errSecDuplicateItem)
+	if (CreateSymmetricKey(keychain, curDateLabel, g18UUID, curAppTag, errSecDuplicateItem) != errSecDuplicateItem)
 		++result;
 
 	CFRelease(curDateLabel);
@@ -3140,7 +3163,7 @@ static int TestUpdateItems(SecKeychainRef keychain)
 	CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue);
 	CFStringRef keyLabel = CFSTR("AppleID 8658820 test key");
 	CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA );
-	CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize );
+    CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize);
 	CFDictionaryAddValue( params, kSecAttrLabel, keyLabel );
 	CFDictionaryAddValue( params, kSecUseKeychain, keychain );
 //	CFDictionaryAddValue( params, kSecAttrAccess, access );
@@ -3247,11 +3270,11 @@ static int TestDeleteItems(SecKeychainRef keychain)
 		++result;
 
 	// delete our test symmetric keys (no partial string matching for key items! need an ER Radar...)
-	if (FindAndDeleteItemsByName(keychain, gLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
+	if (FindAndDeleteItemsByName(keychain, g18Label, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
 		++result;
 	CFGregorianDate curGDate = CFAbsoluteTimeGetGregorianDate(CFAbsoluteTimeGetCurrent(), NULL);
 	CFStringRef curDateLabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("%@ (%4d-%02d-%02d)"),
-		gPrefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
+		g18Prefix, (int32_t) curGDate.year, (int8_t) curGDate.month, (int8_t) curGDate.day);
 	if (FindAndDeleteItemsByName(keychain, curDateLabel, NULL, kSecClassKey, kSecMatchLimitAll, 1, noErr))
 		++result;
 	CFRelease(curDateLabel);