Security-55178.0.1.tar.gz

author Apple <opensource@apple.com>

Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)

committer Apple <opensource@apple.com>

Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)
author Apple <opensource@apple.com>
Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)
committer Apple <opensource@apple.com>
Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)
diff --git a/lib/Info-Security.plist b/lib/Info-Security.plist

index f8cf6e9a85ef885df25461b8e3a3eb98f1250ec6..99d3cebab2e737bc09d46d7c47b4f79e57a1bb68 100644 (file)
--- a/lib/Info-Security.plist
+++ b/lib/Info-Security.plist
@@ -19,6 +19,6 @@
         <key>CFBundleSignature</key>
         <string>????</string>
         <key>CFBundleVersion</key>
-       <string>55163.44</string>
+       <string>55178.0.1</string>
  </dict>
  </plist>
diff --git a/lib/plugins/csparser-Info.plist b/lib/plugins/csparser-Info.plist

index 0f0f8b4495f75858dee25f23d00278591be2524b..a17c62bcf2ffe328d7b6de9d859a4869256a98d4 100644 (file)
--- a/lib/plugins/csparser-Info.plist
+++ b/lib/plugins/csparser-Info.plist
@@ -17,7 +17,7 @@
         <key>CFBundleSignature</key>
         <string>????</string>
         <key>CFBundleVersion</key>
-       <string>55163.44</string>
+       <string>55178.0.1</string>
         <key>CFBundleShortVersionString</key>
         <string>3.0</string>
  </dict>
diff --git a/libsecurity_keychain/lib/StorageManager.cpp b/libsecurity_keychain/lib/StorageManager.cpp

index 54af54ee7e93fff77e5057e301ed857941678f6e..4ecee452dc1f81da9d7a6d2b5104a47f875c9a1c 100644 (file)
--- a/libsecurity_keychain/lib/StorageManager.cpp
+++ b/libsecurity_keychain/lib/StorageManager.cpp
@@ -51,6 +51,7 @@
  #include <Security/AuthorizationTagsPriv.h>
  #include <Security/SecTask.h>
  #include <security_keychain/SecCFTypes.h>
+#include "TrustSettingsSchema.h"
  
  //%%% add this to AuthorizationTagsPriv.h later
  #ifndef AGENT_HINT_LOGIN_KC_SUPPRESS_RESET_PANEL
@@ -134,11 +135,6 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
         if (!dLDbIdentifier)
                 return Keychain();
  
-       if (gServerMode) {
-               secdebug("servermode", "keychain reference in server mode");
-               return Keychain();
-       }
-
      KeychainMap::iterator it = mKeychains.find(dLDbIdentifier);
      if (it != mKeychains.end())
         {
@@ -152,6 +148,13 @@ StorageManager::keychain(const DLDbIdentifier &dLDbIdentifier)
                 }
         }
  
+       if (gServerMode) {
+               secdebug("servermode", "keychain reference in server mode");
+        const char *dbname = dLDbIdentifier.dbName();
+        if (!dbname || (strcmp(dbname, SYSTEM_ROOT_STORE_PATH)!=0))
+            return Keychain();
+       }
+
         // The keychain is not in our cache.  Create it.
         Module module(dLDbIdentifier.ssuid().guid());
         DL dl;
diff --git a/libsecurity_keychain/lib/Trust.cpp b/libsecurity_keychain/lib/Trust.cpp

index 4105717bb7e3531879c967fea002399d6f336bbe..92236a0b54c89b1bc43aa9b90fe5699f41c688f3 100644 (file)
--- a/libsecurity_keychain/lib/Trust.cpp
+++ b/libsecurity_keychain/lib/Trust.cpp
@@ -64,6 +64,7 @@ ModuleNexus<TrustStore> Trust::gStore;
  
  #pragma mark -- TrustKeychains --
  
+static const CSSM_DL_DB_HANDLE nullCSSMDLDBHandle = {0,};
  //
  // TrustKeychains maintains a global reference to standard system keychains,
  // to avoid having them be opened anew for each Trust instance.
@@ -73,8 +74,8 @@ class TrustKeychains
  public:
         TrustKeychains();
         ~TrustKeychains()       {}
-       CSSM_DL_DB_HANDLE       rootStoreHandle()       { return mRootStore->database()->handle(); }
-       CSSM_DL_DB_HANDLE       systemKcHandle()        { return mSystem->database()->handle(); }
+       CSSM_DL_DB_HANDLE       rootStoreHandle()       { return mRootStore ? mRootStore->database()->handle() : nullCSSMDLDBHandle; }
+       CSSM_DL_DB_HANDLE       systemKcHandle()        { return mSystem ? mSystem->database()->handle() : nullCSSMDLDBHandle; }
         Keychain                        &rootStore()            { return mRootStore; }
         Keychain                        &systemKc()                     { return mSystem; }
  private:
@@ -380,7 +381,9 @@ void Trust::evaluate(bool disableEV)
                 if(mUsingTrustSettings) {
                         /* Append system anchors for use with Trust Settings */
                         try {
-                               dlDbList.push_back(trustKeychains().rootStoreHandle());
+                CSSM_DL_DB_HANDLE rootStoreHandle = trustKeychains().rootStoreHandle();
+                if (rootStoreHandle.DBHandle)
+                    dlDbList.push_back(rootStoreHandle);
                                 actionDataP->ActionFlags |= CSSM_TP_ACTION_TRUST_SETTINGS;
                         }
                         catch (...) {
@@ -388,7 +391,9 @@ void Trust::evaluate(bool disableEV)
                                 mUsingTrustSettings = false;
                         }
                         try {
-                               dlDbList.push_back(trustKeychains().systemKcHandle());
+                CSSM_DL_DB_HANDLE systemKcHandle = trustKeychains().systemKcHandle();
+                if (systemKcHandle.DBHandle)
+                    dlDbList.push_back(systemKcHandle);
                         }
                         catch(...) {
                                 /* Oh well, at least we got the root store DB */
diff --git a/libsecurity_smime/lib/tsaSupport.c b/libsecurity_smime/lib/tsaSupport.c

index e25ebf35098275e58ac91f7518c33a9d332cbd74..3087e9154778bd3f7345f25a47e055fb8be598cc 100644 (file)
--- a/libsecurity_smime/lib/tsaSupport.c
+++ b/libsecurity_smime/lib/tsaSupport.c
@@ -1038,7 +1038,7 @@ static OSStatus verifySigners(SecCmsSignedDataRef signedData, int numberOfSigner
          dtprintf("[%s] SecCmsSignedDataVerifySignerInfo: result: %d, signer: %d\n",
              __FUNCTION__, result, jx);
           require_noerr(result, xit);
-        
+
          result = SecTrustEvaluate (trustRef, &trustResultType);
          dtprintf("[%s] SecTrustEvaluate: result: %d, trustResult: %s (%d)\n",
              __FUNCTION__, result, trustResultTypeString(trustResultType), trustResultType);
@@ -1142,8 +1142,9 @@ xit:
  static void saveTSACertificates(CSSM_DATA **signingCerts, CFMutableArrayRef    outArray)
  {
      SecKeychainRef defaultKeychain = NULL;
-    if (SecKeychainCopyDefault(&defaultKeychain))
-        return;
+    // Don't save certificates in keychain to avoid securityd issues
+//  if (SecKeychainCopyDefault(&defaultKeychain))
+//     defaultKeychain = NULL;
  
      unsigned certCount = SecCmsArrayCount((void **)signingCerts);
      unsigned dex;
@@ -1260,6 +1261,10 @@ OSStatus decodeTimeStampToken(SecCmsSignerInfoRef signerinfo, CSSM_DATA_PTR inDa
      OSStatus                result = errSecUnknownFormat;
      CSSM_DATA               **signingCerts = NULL;
  
+    OSStatus currentPORTErr = PORT_GetError();
+    dtprintf("decodeTimeStampToken top: PORT_GetError() %d -----\n", (int)currentPORTErr);
+    PORT_SetError(0);
+    
      /* decode the message */
      require_noerr(result = SecCmsDecoderCreate (NULL, NULL, NULL, NULL, NULL, NULL, NULL, &decoderContext), xit);
      result = SecCmsDecoderUpdate(decoderContext, inData->Data, inData->Length);
diff --git a/libsecurity_ssl/lib/cipherSpecs.c b/libsecurity_ssl/lib/cipherSpecs.c

index 3dde84cb6d3e19d187a238222a6f6680dfbc350b..67c4e344e04dc6552712847a5ace657d65a783f0 100644 (file)
--- a/libsecurity_ssl/lib/cipherSpecs.c
+++ b/libsecurity_ssl/lib/cipherSpecs.c
@@ -1379,7 +1379,7 @@ cipherSuitesToCipherSuites(
         if(*numCiphers < numCipherSuites) {
                 return errSSLBufferOverflow;
         }
-    memcpy(ciphers, cipherSuites, numCipherSuites * 2);
+       memcpy(ciphers, cipherSuites, numCipherSuites * sizeof(SSLCipherSuite));
         *numCiphers = numCipherSuites;
         return noErr;
  }
author	Apple <opensource@apple.com>
	Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)
committer	Apple <opensource@apple.com>
	Thu, 9 Aug 2012 00:04:44 +0000 (00:04 +0000)
lib/Info-Security.plist		patch \| blob \| blame \| history
lib/plugins/csparser-Info.plist		patch \| blob \| blame \| history
libsecurity_keychain/lib/StorageManager.cpp		patch \| blob \| blame \| history
libsecurity_keychain/lib/Trust.cpp		patch \| blob \| blame \| history
libsecurity_smime/lib/tsaSupport.c		patch \| blob \| blame \| history
libsecurity_ssl/lib/cipherSpecs.c		patch \| blob \| blame \| history