Security-57740.60.18.tar.gz

diff --git a/OSX/authd/authorization.plist b/OSX/authd/authorization.plist
index 797feb8638fcb147bb73c69f8c6c4ff6b8448198..d7cef74ff50243ccb8437ab346802c1dcc818200 100644 (file)
--- a/OSX/authd/authorization.plist
+++ b/OSX/authd/authorization.plist
@@ -484,6 +484,10 @@ See remaining rules for examples.
                        <true/>
                        <key>timeout</key>
                        <integer>0</integer>
+                       <key>password-only</key>
+                       <true/>
+                       <key>version</key>
+                       <integer>1</integer>
                </dict>
                <key>com.apple.library-repair</key>
                <dict>

diff --git a/OSX/authd/engine.c b/OSX/authd/engine.c
index 4a4605081474defc36802ea4829397d0c7753979..faee89e16a13959ddbd1cd4ea9c55070e07dc82e 100644 (file)
--- a/OSX/authd/engine.c
+++ b/OSX/authd/engine.c
@@ -1040,7 +1040,7 @@ static bool _verify_sandbox(engine_t engine, const char * right)
     }
     
     pid = auth_token_get_pid(engine->auth);
-    if (auth_token_get_sandboxed(engine->auth) && sandbox_check(pid, "authorization-right-obtain", SANDBOX_FILTER_RIGHT_NAME, right)) {
+    if (auth_token_get_sandboxed(engine->auth) && sandbox_check_by_audit_token(auth_token_get_audit_info(engine->auth)->opaqueToken, "authorization-right-obtain", SANDBOX_FILTER_RIGHT_NAME, right)) {
         LOGE("Sandbox denied authorizing right '%s' for authorization created by '%s' [%d]", right, auth_token_get_code_url(engine->auth), pid);
         return false;
     }

diff --git a/OSX/libsecurity_codesigning/lib/SecTask.c b/OSX/libsecurity_codesigning/lib/SecTask.c
index 6639f459d2c75bea63acfa6d2ab290cfbe822f04..96140c3ea5387f1694606b4f88cb629ccf6c46ec 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecTask.c
+++ b/OSX/libsecurity_codesigning/lib/SecTask.c
@@ -31,6 +31,8 @@
 #include <pthread.h>
 #include <syslog.h>
 #include <sys/sysctl.h>
+#include <utilities/SecCFWrappers.h>
+
 
 #include "SecCode.h"
 #include "SecCodePriv.h"
@@ -43,15 +45,17 @@
 struct __SecTask {
        CFRuntimeBase base;
 
-       pid_t pid;
+       pid_t pid_self;
 
-       audit_token_t *token;
-       audit_token_t token_storage;
+       audit_token_t token;
 
        /* Track whether we've loaded entitlements independently since after the
         * load, entitlements may legitimately be NULL */
        Boolean entitlementsLoaded;
        CFDictionaryRef entitlements;
+
+    /* for debugging only, shown by debugDescription */
+    int lastFailure;
 };
 
 enum {
@@ -64,11 +68,7 @@ CFTypeID _kSecTaskTypeID = _kCFRuntimeNotATypeID;
 static void SecTaskFinalize(CFTypeRef cfTask)
 {
        SecTaskRef task = (SecTaskRef) cfTask;
-
-       if (task->entitlements != NULL) {
-               CFRelease(task->entitlements);
-               task->entitlements = NULL;
-       }
+    CFReleaseNull(task->entitlements);
 }
 
 
@@ -78,8 +78,16 @@ static void SecTaskFinalize(CFTypeRef cfTask)
 static CFStringRef SecTaskCopyDebugDescription(CFTypeRef cfTask)
 {
     SecTaskRef task = (SecTaskRef) cfTask;
+    pid_t pid;
+
+    if (task->pid_self==-1) {
+        audit_token_to_au32(task->token, NULL, NULL, NULL, NULL, NULL, &pid, NULL, NULL);
+    } else {
+        pid = task->pid_self;
+    }
+
     const char *task_name;
-    int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, task->pid};
+    int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
     struct kinfo_proc kp;
     size_t len = sizeof(kp);
     if (sysctl(mib, 4, &kp, &len, NULL, 0) == -1 || len == 0)
@@ -87,7 +95,7 @@ static CFStringRef SecTaskCopyDebugDescription(CFTypeRef cfTask)
     else
         task_name = kp.kp_proc.p_comm;
 
-    return CFStringCreateWithFormat(CFGetAllocator(task), NULL, CFSTR("%s[%" PRIdPID "]"), task_name, task->pid);
+    return CFStringCreateWithFormat(CFGetAllocator(task), NULL, CFSTR("%s[%" PRIdPID "]"), task_name, pid);
 }
 
 static void SecTaskRegisterClass(void)
@@ -117,37 +125,38 @@ CFTypeID SecTaskGetTypeID(void)
        return _kSecTaskTypeID;
 }
 
-static SecTaskRef SecTaskCreateWithPID(CFAllocatorRef allocator, pid_t pid)
+static SecTaskRef init_task_ref(CFAllocatorRef allocator)
 {
-       CFIndex extra = sizeof(struct __SecTask) - sizeof(CFRuntimeBase);
-       SecTaskRef task = (SecTaskRef) _CFRuntimeCreateInstance(allocator, SecTaskGetTypeID(), extra, NULL);
-       if (task != NULL) {
-               task->pid = pid;
-               task->entitlementsLoaded = false;
-               task->entitlements = NULL;
-       }
-
-       return task;
+    CFIndex extra = sizeof(struct __SecTask) - sizeof(CFRuntimeBase);
+    return (SecTaskRef) _CFRuntimeCreateInstance(allocator, SecTaskGetTypeID(), extra, NULL);
 }
 
 SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef allocator, audit_token_t token)
 {
-       SecTaskRef task;
-
-       task = SecTaskCreateWithPID(allocator, audit_token_to_pid(token));
-       if (task != NULL) {
-#if 0
-               task->token_storage = token;
-               task->token = &task->token_storage;
-#endif
-       }
+    SecTaskRef task = init_task_ref(allocator);
+    if (task != NULL) {
 
-       return task;
+        memcpy(&task->token, &token, sizeof(token));
+        task->entitlementsLoaded = false;
+        task->entitlements = NULL;
+        task->pid_self = -1;
+    }
+
+    return task;
 }
 
 SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef allocator)
 {
-       return SecTaskCreateWithPID(allocator, getpid());
+    SecTaskRef task = init_task_ref(allocator);
+    if (task != NULL) {
+
+        memset(&task->token, 0, sizeof(task->token));
+        task->entitlementsLoaded = false;
+        task->entitlements = NULL;
+        task->pid_self = getpid();
+    }
+
+    return task;
 }
 
 /*
@@ -159,25 +168,33 @@ SecTaskValidateForRequirement(SecTaskRef task, CFStringRef requirement)
     OSStatus status;
     SecCodeRef code = NULL;
     SecRequirementRef req = NULL;
-    pid_t pid = task->pid;
-    if (pid <= 0) {
-        return errSecParam;
+    CFDataRef auditData = NULL;
+    CFNumberRef pidRef = NULL;
+
+    CFMutableDictionaryRef codeDict = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+    if(task->pid_self==-1) {
+        auditData = CFDataCreate(kCFAllocatorDefault, (const UInt8 *)&task->token, sizeof(audit_token_t));
+        CFDictionarySetValue(codeDict, kSecGuestAttributeAudit, auditData);
+    } else {
+        pidRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &task->pid_self);
+        CFDictionarySetValue(codeDict, kSecGuestAttributePid, pidRef);
     }
-    status = SecCodeCreateWithPID(pid, kSecCSDefaultFlags, &code);
-    //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCreateWithPID=%d", status);
+
+    status = SecCodeCopyGuestWithAttributes(NULL, codeDict, kSecCSDefaultFlags, &code);
+    CFReleaseNull(codeDict);
+    CFReleaseNull(auditData);
+    CFReleaseNull(pidRef);
+
     if (!status) {
         status = SecRequirementCreateWithString(requirement,
                                                 kSecCSDefaultFlags, &req);
-        //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecRequirementCreateWithString=%d", status);
     }
     if (!status) {
         status = SecCodeCheckValidity(code, kSecCSDefaultFlags, req);
-        //syslog(LOG_NOTICE, "SecTaskValidateForRequirement: SecCodeCheckValidity=%d", status);
     }
-    if (req)
-        CFRelease(req);
-    if (code)
-        CFRelease(code);
+
+    CFReleaseNull(req);
+    CFReleaseNull(code);
 
     return status;
 }
@@ -194,12 +211,16 @@ struct csheader {
 static int
 csops_task(SecTaskRef task, int ops, void *blob, size_t size)
 {
-#if 0
-       if (task->token)
-               return csops_audittoken(task->pid, ops, blob, size, task->token);
-       else
-#endif
-               return csops(task->pid, ops, blob, size);
+    int rc;
+    if (task->pid_self==-1) {
+        pid_t pid;
+        audit_token_to_au32(task->token, NULL, NULL, NULL, NULL, NULL, &pid, NULL, NULL);
+        rc = csops_audittoken(pid, ops, blob, size, &task->token);
+    }
+    else
+        rc = csops(task->pid_self, ops, blob, size);
+    task->lastFailure = (rc == -1) ? errno : 0;
+    return rc;
 }
 
 static int SecTaskLoadEntitlements(SecTaskRef task, CFErrorRef *error)

diff --git a/OSX/libsecurity_keychain/lib/SecCertificateInternalP.h b/OSX/libsecurity_keychain/lib/SecCertificateInternalP.h
index b8303e42e7cde956ce7ac9e6af19186198804594..276de2292b3d5b888339a6dcea1b964ed63a025c 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecCertificateInternalP.h
+++ b/OSX/libsecurity_keychain/lib/SecCertificateInternalP.h
@@ -293,6 +293,7 @@ CFArrayRef SecCertificateExtensionGetContentArrayP(SecCertificateExtensionRef ex
 void appendPropertyP(CFMutableArrayRef properties,
     CFStringRef propertyType, CFStringRef label, CFTypeRef value);
 
+#if 0
 /* Utility functions. */
 CFStringRef SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator,
     const DERItem *oid);
@@ -304,6 +305,7 @@ CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
    NULL_TIME otherwise. */
 CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
     size_t length);
+#endif
 
 #if defined(__cplusplus)
 }

diff --git a/OSX/libsecurity_keychain/lib/SecCertificateP.c b/OSX/libsecurity_keychain/lib/SecCertificateP.c
index 87accb37d10c1ab6812871eed7a09d80a5b329fb..a273273db94e891c3c47c9e83e1e1ee9bd145493 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecCertificateP.c
+++ b/OSX/libsecurity_keychain/lib/SecCertificateP.c
@@ -232,24 +232,27 @@ static CFStringRef SecCertificateCopyDescription(CFTypeRef cf) {
 
 static void SecCertificateDestroy(CFTypeRef cf) {
     SecCertificateRefP certificate = (SecCertificateRefP)cf;
-    if (certificate->_certificatePolicies.policies)
+    if (certificate->_certificatePolicies.policies) {
         free(certificate->_certificatePolicies.policies);
-    CFReleaseSafe(certificate->_policyMappings);
-    CFReleaseSafe(certificate->_crlDistributionPoints);
-    CFReleaseSafe(certificate->_ocspResponders);
-    CFReleaseSafe(certificate->_caIssuers);
+        certificate->_certificatePolicies.policies = NULL;
+    }
+    CFReleaseNull(certificate->_policyMappings);
+    CFReleaseNull(certificate->_crlDistributionPoints);
+    CFReleaseNull(certificate->_ocspResponders);
+    CFReleaseNull(certificate->_caIssuers);
     if (certificate->_extensions) {
         free(certificate->_extensions);
+        certificate->_extensions = NULL;
     }
-    CFReleaseSafe(certificate->_pubKey);
-    CFReleaseSafe(certificate->_der_data);
-    CFReleaseSafe(certificate->_properties);
-    CFReleaseSafe(certificate->_serialNumber);
-    CFReleaseSafe(certificate->_normalizedIssuer);
-    CFReleaseSafe(certificate->_normalizedSubject);
-    CFReleaseSafe(certificate->_authorityKeyID);
-    CFReleaseSafe(certificate->_subjectKeyID);
-    CFReleaseSafe(certificate->_sha1Digest);
+    CFReleaseNull(certificate->_pubKey);
+    CFReleaseNull(certificate->_der_data);
+    CFReleaseNull(certificate->_properties);
+    CFReleaseNull(certificate->_serialNumber);
+    CFReleaseNull(certificate->_normalizedIssuer);
+    CFReleaseNull(certificate->_normalizedSubject);
+    CFReleaseNull(certificate->_authorityKeyID);
+    CFReleaseNull(certificate->_subjectKeyID);
+    CFReleaseNull(certificate->_sha1Digest);
 }
 
 static Boolean SecCertificateEqual(CFTypeRef cf1, CFTypeRef cf2) {
@@ -1124,7 +1127,7 @@ static void SecCertificateRegisterClass(void) {
 
 /* Given the contents of an X.501 Name return the contents of a normalized
    X.501 name. */
-CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
+static CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
        const DERItem *x501name) {
     CFMutableDataRef result = CFDataCreateMutable(allocator, x501name->length);
     CFIndex length = x501name->length;
@@ -1305,6 +1308,7 @@ CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
             atvTagLocation += atvTLLength + atvContentLength;
             atvTag = atvSeq.nextItem;
                }
+        require_quiet(drtn == DR_EndOfSequence, badDER);
         rdnTagLocation += rdnTLLength + rdnContentLength;
         rdnTag = rdnSeq.nextItem;
        }
@@ -1639,7 +1643,7 @@ const UInt8 *SecCertificateGetBytePtrP(SecCertificateRefP certificate) {
 /* Oids longer than this are considered invalid. */
 #define MAX_OID_SIZE                           32
 
-CFStringRef SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator,
+static CFStringRef SecDERItemCopyOIDDecimalRepresentation(CFAllocatorRef allocator,
     const DERItem *oid) {
 
        if (oid->length == 0) {
@@ -1805,7 +1809,7 @@ static inline SInt32 parseDecimalPair(const DERByte **p) {
 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
    true if the date was valid and properly decoded, also return the result in
    absTime.  Return false otherwise. */
-CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
+static CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
     size_t length) {
        check(bytes);
        if (length == 0)
@@ -2887,6 +2891,7 @@ static void appendCertificatePolicies(CFMutableArrayRef properties,
                     &pqi.qualifier);
             }
         }
+        require_quiet(drtn == DR_EndOfSequence, badDER);
     }
     require_quiet(drtn == DR_EndOfSequence, badDER);
        return;

diff --git a/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c b/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c
index 55a591466c196da4fc90f9167d69e46623aae204..d665dd3a0e7b8d6c67cf0c1ccc430a4f326aedf7 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c
+++ b/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c
@@ -38,6 +38,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <utilities/SecCFRelease.h>
+#include <utilities/debugging.h>
 
 CFStringRef kSecRecVersionNumber = CFSTR("SRVersionNumber");
 CFStringRef kSecRecQuestions = CFSTR("SRQuestions");
@@ -261,23 +262,41 @@ encryptString(SecKeyRef wrapKey, CFDataRef iv, CFStringRef str)
        CFDataRef retval = NULL;
        CFErrorRef error = NULL;
     CFDataRef inputString = CFStringCreateExternalRepresentation(kCFAllocatorDefault, str, kCFStringEncodingMacRoman, 0xff);
-
-       SecTransformRef encryptTrans = SecEncryptTransformCreate(wrapKey, &error);
-    if(error == NULL) {
-               SecTransformRef group = SecTransformCreateGroupTransform();
-               
-        SecTransformSetAttribute(encryptTrans, kSecEncryptionMode, kSecModeCBCKey, &error);
-        if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecPaddingKey, kSecPaddingPKCS7Key, &error);
-        if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecTransformInputAttributeName, inputString, &error);
-        if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecIVKey, iv, &error);
-               SecTransformRef encodeTrans = SecEncodeTransformCreate(kSecBase64Encoding, &error);
-               SecTransformConnectTransforms(encryptTrans, kSecTransformOutputAttributeName, encodeTrans, kSecTransformInputAttributeName, group, &error);
-               CFRelease(encodeTrans);  
-               CFRelease(encryptTrans);
-               if(error == NULL) retval = SecTransformExecute(group, &error);
-        if(error != NULL) secDebug(ASL_LEVEL_ERR, "Failed to encrypt recovery password\n", NULL);
-        CFRelease(group);
+    SecTransformRef encrypt = NULL;
+    SecTransformRef encode = NULL;
+    SecTransformRef group = NULL;
+
+    encrypt = SecEncryptTransformCreate(wrapKey, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(encrypt, kSecEncryptionMode, kSecModeCBCKey, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(encrypt, kSecPaddingKey, kSecPaddingPKCS7Key, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(encrypt, kSecTransformInputAttributeName, inputString, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(encrypt, kSecIVKey, iv, &error);
+    if (error) goto out;
+    
+    encode = SecEncodeTransformCreate(kSecBase64Encoding, &error);
+    if (error) goto out;
+    
+    group = SecTransformCreateGroupTransform();
+    SecTransformConnectTransforms(encrypt, kSecTransformOutputAttributeName, encode, kSecTransformInputAttributeName, group, &error);
+    if (error) goto out;
+    retval = SecTransformExecute(group, &error);
+    if (error) goto out;
+    
+out:
+    if (error) {
+        secerror("Failed to encrypt recovery password: %@", error);
     }
+    
+    CFReleaseNull(error);
+    CFReleaseNull(inputString);
+    CFReleaseNull(encrypt);
+    CFReleaseNull(encode);
+    CFReleaseNull(group);
+    
     return retval;
 }
 
@@ -287,28 +306,43 @@ decryptString(SecKeyRef wrapKey, CFDataRef iv, CFDataRef wrappedPassword)
 {
        CFStringRef retval = NULL;
        CFDataRef retData = NULL;
-       CFErrorRef error = NULL;
-
-       SecTransformRef decryptTrans = SecDecryptTransformCreate(wrapKey, &error);
-    if(error == NULL) {
-               SecTransformRef group = SecTransformCreateGroupTransform();
-      
-               SecTransformRef decodeTrans = SecDecodeTransformCreate(kSecBase64Encoding, &error);
-               if(error == NULL) SecTransformSetAttribute(decodeTrans, kSecTransformInputAttributeName, wrappedPassword, &error);
-        
-               if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecEncryptionMode, kSecModeCBCKey, &error);
-               if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecPaddingKey, kSecPaddingPKCS7Key, &error);
-               if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecIVKey, iv, &error);
-               SecTransformConnectTransforms(decodeTrans, kSecTransformOutputAttributeName, decryptTrans, kSecTransformInputAttributeName, group, &error);
-               CFRelease(decodeTrans);  
-               CFRelease(decryptTrans);
-        if(error == NULL) retData =  SecTransformExecute(group, &error);
-        
-        if(error == NULL) retval = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, retData, kCFStringEncodingMacRoman);
-        else secDebug(ASL_LEVEL_ERR, "Failed to decrypt recovery password\n", NULL);
-        CFRelease(group);
+    CFErrorRef error = NULL;
+    SecTransformRef decode = NULL;
+    SecTransformRef decrypt = NULL;
+    SecTransformRef group = NULL;
+
+    decode = SecDecodeTransformCreate(kSecBase64Encoding, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(decode, kSecTransformInputAttributeName, wrappedPassword, &error);
+    if (error) goto out;
+    
+    decrypt = SecDecryptTransformCreate(wrapKey, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(decrypt, kSecEncryptionMode, kSecModeCBCKey, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(decrypt, kSecPaddingKey, kSecPaddingPKCS7Key, &error);
+    if (error) goto out;
+    SecTransformSetAttribute(decrypt, kSecIVKey, iv, &error);
+    if (error) goto out;
+    
+    group = SecTransformCreateGroupTransform();
+    SecTransformConnectTransforms(decode, kSecTransformOutputAttributeName, decrypt, kSecTransformInputAttributeName, group, &error);
+    if (error) goto out;
+    retData =  SecTransformExecute(group, &error);
+    if (error) goto out;
+    retval = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, retData, kCFStringEncodingMacRoman);
+    
+out:
+    if (error) {
+        secerror("Failed to decrypt recovery password: %@", error);
     }
-    CFReleaseNull(decryptTrans);
+    
+    CFReleaseNull(retData);
+    CFReleaseNull(error);
+    CFReleaseNull(decode);
+    CFReleaseNull(decrypt);
+    CFReleaseNull(group);
+    
     return retval;
 }
 

diff --git a/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.c b/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.c
index 6e8802b444beddc94cfcd486fbf4237443a1fd3b..04374a35cb293a739a2b8ab87e60bf53e5601f0a 100644 (file)
--- a/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.c
+++ b/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005-2016 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2005-2017 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -64,7 +64,7 @@ DERReturn DERDecodeItem(
                         const DERItem        *der,                        /* data to decode */
                         DERDecodedInfo        *decoded)                /* RETURNED */
 {
-    return DERDecodeItemPartialBuffer(der, decoded, false);
+    return DERDecodeItemPartialBufferGetLength(der, decoded, NULL);
 }
 
 /*
@@ -79,6 +79,11 @@ DERReturn DERDecodeItem(
  *
  * No malloc or copy of the contents is performed; the returned
  * content->content.data is a pointer into the incoming der data.
+ *
+ * WARNING: Using a partial buffer can return a DERDecodedInfo object with
+ * a length larger than the buffer.  It is recommended to instead use
+ * DERDecodeItemPartialBufferGetLength if you need partial buffers.
+ *
  */
 DERReturn DERDecodeItemPartialBuffer(
        const DERItem   *der,                   /* data to decode */
@@ -166,6 +171,114 @@ DERReturn DERDecodeItemPartialBuffer(
     return DR_Success;
 }
 
+/*
+ * Same as above, but returns a DERDecodedInfo with a length no larger than the buffer.
+ * The actual encoded length can be retrieved from encodedLength parameter.
+ * encodedLength can be NULL to achieve the same behavior as DERDecodeItemPartialBuffer,
+ * with allowPartialBuffer=false
+ *
+ * NOTE: The DERDecoded length will never be larger than the input buffer.
+ * This is a key difference from DERDecodeItemPartialBuffer which could return invalid length.
+ *
+ */
+DERReturn DERDecodeItemPartialBufferGetLength(
+    const DERItem      *der,                   /* data to decode */
+    DERDecodedInfo     *decoded,       /* RETURNED */
+    DERSize         *encodedLength)
+{
+    DERByte tag1;                      /* first tag byte */
+    DERByte len1;                      /* first length byte */
+    DERTag tagNumber;       /* tag number without class and method bits */
+    DERByte *derPtr = der->data;
+    DERSize derLen = der->length;
+
+    /* The tag decoding below is fully BER complient.  We support a max tag
+     value of 2 ^ ((sizeof(DERTag) * 8) - 3) - 1 so for tag size 1 byte we
+     support tag values from 0 - 0x1F.  For tag size 2 tag values
+     from 0 - 0x1FFF and for tag size 4 values from 0 - 0x1FFFFFFF. */
+    if(derLen < 2) {
+        return DR_DecodeError;
+    }
+    /* Grab the first byte of the tag. */
+    tag1 = *derPtr++;
+    derLen--;
+    tagNumber = tag1 & 0x1F;
+    if(tagNumber == 0x1F) {
+#ifdef DER_MULTIBYTE_TAGS
+        /* Long tag form: bit 8 of each octet shall be set to one unless it is
+         the last octet of the tag */
+        const DERTag overflowMask = ((DERTag)0x7F << (sizeof(DERTag) * 8 - 7));
+        DERByte tagByte;
+        tagNumber = 0;
+        if (*derPtr == 0x80 || *derPtr < 0x1F)
+            return DR_DecodeError;
+        do {
+            if(derLen < 2 || (tagNumber & overflowMask) != 0) {
+                return DR_DecodeError;
+            }
+            tagByte = *derPtr++;
+            derLen--;
+            tagNumber = (tagNumber << 7) | (tagByte & 0x7F);
+        } while((tagByte & 0x80) != 0);
+
+        /* Check for any of the top 3 reserved bits being set. */
+        if ((tagNumber & (overflowMask << 4)) != 0)
+#endif
+            return DR_DecodeError;
+    }
+    /* Returned tag, top 3 bits are class/method remaining bits are number. */
+    decoded->tag = ((DERTag)(tag1 & 0xE0) << ((sizeof(DERTag) - 1) * 8)) | tagNumber;
+
+    /* Tag decoding above ensured we have at least one more input byte left. */
+    len1 = *derPtr++;
+    derLen--;
+    if(len1 & 0x80) {
+        /* long length form - first byte is length of length */
+        DERSize longLen = 0;   /* long form length */
+        unsigned dex;
+
+        len1 &= 0x7f;
+        if((len1 > sizeof(DERSize)) || (len1 > derLen) || len1 == 0 || *derPtr == 0) {
+            /* no can do */
+            return DR_DecodeError;
+        }
+        for(dex=0; dex<len1; dex++) {
+            longLen <<= 8;
+            longLen |= *derPtr++;
+            derLen--;
+        }
+        if(longLen > derLen && !encodedLength) {
+            /* not enough data left for this encoding */
+            return DR_DecodeError;
+        }
+        if (longLen<derLen) {
+            derLen = longLen;
+        }
+        decoded->content.data = derPtr;
+        decoded->content.length = derLen;
+        if (encodedLength) {
+            *encodedLength = longLen;
+        }
+    }
+    else {
+        /* short length form, len1 is the length */
+        if(len1 > derLen && !encodedLength) {
+            /* not enough data left for this encoding */
+            return DR_DecodeError;
+        }
+        if (len1<derLen) {
+            derLen=len1;
+        }
+        decoded->content.data = derPtr;
+        decoded->content.length = derLen;
+        if (encodedLength) {
+            *encodedLength = len1;
+        }
+    }
+
+    return DR_Success;
+}
+
 /*
  * Given a BIT_STRING, in the form of its raw content bytes,
  * obtain the number of unused bits and the raw bit string bytes.

diff --git a/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.h b/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.h
index 048739fa0e62d5d557df9ea2f85c56b165990657..4f2c915c198b3a4e39f5457c88fefa45b461e633 100644 (file)
--- a/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.h
+++ b/OSX/libsecurity_keychain/libDER/libDER/DER_Decode.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005-2016 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2005-2017 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -69,12 +69,32 @@ DERReturn DERDecodeItem(
  *
  * No malloc or copy of the contents is performed; the returned
  * content->content.data is a pointer into the incoming der data.
+ *
+ * WARNING: Using a partial buffer can return a DERDecodedInfo object with
+ * a length larger than the buffer.  It is recommended to instead use
+ * DERDecodeItemPartialBufferGetLength if you need partial buffers.
+ *
  */
 DERReturn DERDecodeItemPartialBuffer(
     const DERItem        *der,                        /* data to decode */
     DERDecodedInfo        *decoded,       /* RETURNED */
     bool allowPartialBuffer);
 
+/*
+ * Same as above, but returns a DERDecodedInfo with a length no larger than the buffer.
+ * The actual encoded length can be retrieved from encodedLength parameter.
+ * encodedLength can be NULL to achieve the same behavior as DERDecodeItemPartialBuffer,
+ * with allowPartialBuffer=false
+ *
+ * NOTE: The DERDecoded length will never be larger than the input buffer.
+ * This is a key difference from DERDecodeItemPartialBuffer which could return invalid length.
+ *
+ */
+DERReturn DERDecodeItemPartialBufferGetLength(
+    const DERItem      *der,                   /* data to decode */
+    DERDecodedInfo     *decoded,       /* RETURNED */
+    DERSize         *encodedLength);
+
 /* 
  * Given a BIT_STRING, in the form of its raw content bytes, 
  * obtain the number of unused bits and the raw bit string bytes.

diff --git a/OSX/libsecurity_keychain/regressions/kc-44-secrecoverypassword.c b/OSX/libsecurity_keychain/regressions/kc-44-secrecoverypassword.c
new file mode 100644 (file)
index 0000000..192474b
--- /dev/null
+++ b/OSX/libsecurity_keychain/regressions/kc-44-secrecoverypassword.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2017 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include <Security/SecRecoveryPassword.h>
+
+#include "keychain_regressions.h"
+
+static void tests(void)
+{
+    const void *qs[] = {CFSTR("q1"), CFSTR("q2"), CFSTR("q3")};
+    CFArrayRef questions = CFArrayCreate(kCFAllocatorDefault, qs, 3, NULL);
+    
+    const void *as[] = {CFSTR("a1"), CFSTR("a2"), CFSTR("a3")};
+    CFArrayRef answers = CFArrayCreate(kCFAllocatorDefault, as, 3, NULL);
+    
+    CFStringRef password = CFSTR("AAAA-AAAA-AAAA-AAAA-AAAA-AAAA");
+    
+    CFDictionaryRef wrappedPassword = SecWrapRecoveryPasswordWithAnswers(password, questions, answers);
+    isnt(wrappedPassword, NULL, "wrappedPassword NULL");
+    
+    CFStringRef recoveredPassword = SecUnwrapRecoveryPasswordWithAnswers(wrappedPassword, answers);
+    isnt(recoveredPassword, NULL, "recoveredPassword NULL");
+
+    is(CFStringCompare(password, recoveredPassword, 0), kCFCompareEqualTo, "SecRecoveryPassword");
+    
+    CFRelease(questions);
+    CFRelease(answers);
+    CFRelease(wrappedPassword);
+    CFRelease(recoveredPassword);
+}
+
+int kc_44_secrecoverypassword(int argc, char *const *argv)
+{
+    plan_tests(3);
+    tests();
+    
+    return 0;
+}
+

diff --git a/OSX/libsecurity_keychain/regressions/keychain_regressions.h b/OSX/libsecurity_keychain/regressions/keychain_regressions.h
index 188a7b1cddff633409a47440e5ee38168a40e37c..80ad5d9b1797a46aba0eb3b8a6d3f62feb291991 100644 (file)
--- a/OSX/libsecurity_keychain/regressions/keychain_regressions.h
+++ b/OSX/libsecurity_keychain/regressions/keychain_regressions.h
@@ -43,6 +43,7 @@ ONE_TEST(kc_40_seckey)
 ONE_TEST(kc_41_sececkey)
 ONE_TEST(kc_42_trust_revocation)
 ONE_TEST(kc_43_seckey_interop)
+ONE_TEST(kc_44_secrecoverypassword)
 ONE_TEST(si_20_sectrust_provisioning)
 ONE_TEST(si_33_keychain_backup)
 ONE_TEST(si_34_one_true_keychain)

diff --git a/OSX/libsecurity_utilities/lib/threading.cpp b/OSX/libsecurity_utilities/lib/threading.cpp
index 4146c3f4dfdee2b0498f62c3dcd5c87289c15e1e..4472c7f7c5ce09435ec34e4bde9ace779f596f86 100644 (file)
--- a/OSX/libsecurity_utilities/lib/threading.cpp
+++ b/OSX/libsecurity_utilities/lib/threading.cpp
@@ -255,6 +255,7 @@ Thread::~Thread()
 
 void Thread::run()
 {
+    pthread_t pt;
     pthread_attr_t ptattrs;
     int err, ntries = 10;       // 10 is arbitrary
 
@@ -263,7 +264,7 @@ void Thread::run()
     {
         syslog(LOG_ERR, "error %d setting thread detach state", err);
     }
-    while ((err = pthread_create(&self.mIdent, &ptattrs, runner, this) && 
+    while ((err = pthread_create(&pt, &ptattrs, runner, this) &&
            --ntries))
     {
         syslog(LOG_ERR, "pthread_create() error %d", err);
@@ -274,7 +275,7 @@ void Thread::run()
         syslog(LOG_ERR, "too many failed pthread_create() attempts");
     }
     else
-        secinfo("thread", "%p created", self.mIdent);
+        secinfo("thread", "%p created", pt);
 }
 
 void *Thread::runner(void *arg)
@@ -283,9 +284,9 @@ void *Thread::runner(void *arg)
         // otherwise it will crash if something underneath throws.
     {
         Thread *me = static_cast<Thread *>(arg);
-        secinfo("thread", "%p starting", me->self.mIdent);
+        secinfo("thread", "%p starting", pthread_self());
         me->action();
-        secinfo("thread", "%p terminating", me->self.mIdent);
+        secinfo("thread", "%p terminating", pthread_self());
         delete me;
         return NULL;
     }

diff --git a/OSX/libsecurity_utilities/lib/threading.h b/OSX/libsecurity_utilities/lib/threading.h
index dc433b30250f54b9daa7e91088f0bad407bf3213..5886f0475c61567447b3fb7965689b6f0667defd 100644 (file)
--- a/OSX/libsecurity_utilities/lib/threading.h
+++ b/OSX/libsecurity_utilities/lib/threading.h
@@ -380,25 +380,6 @@ public:
 //
 class Thread {
     NOCOPY(Thread)
-public:
-    class Identity {
-        friend class Thread;
-        
-        Identity(pthread_t id) : mIdent(id) { }
-    public:
-        Identity() { }
-        
-        static Identity current()      { return pthread_self(); }
-
-        bool operator == (const Identity &other) const
-        { return pthread_equal(mIdent, other.mIdent); }
-        
-        bool operator != (const Identity &other) const
-        { return !(*this == other); }
-    
-    private:
-        pthread_t mIdent;
-    };
 
 public:
     Thread() { }                               // constructor
@@ -412,8 +393,6 @@ protected:
     virtual void action() = 0;         // the action to be performed
 
 private:
-    Identity self;                             // my own identity (instance constant)
-
     static void *runner(void *); // argument to pthread_create
 };
 

diff --git a/OSX/libsecurityd/lib/eventlistener.cpp b/OSX/libsecurityd/lib/eventlistener.cpp
index 65cebe8ff550e9adb9ad3be122e5584d5994ec3f..8c768b877cfa0489452903e0be53d17352db02b4 100644 (file)
--- a/OSX/libsecurityd/lib/eventlistener.cpp
+++ b/OSX/libsecurityd/lib/eventlistener.cpp
@@ -125,6 +125,7 @@ static bool InitializeNotifications () {
 
                 // Send this event off to the listeners
                 {
+                    StLock<Mutex> lock (gNotificationLock ());
                     EventListenerList& eventList = gEventListeners();
 
                     // route the message to its destination

diff --git a/OSX/sec/Security/Regressions/Security_regressions.h b/OSX/sec/Security/Regressions/Security_regressions.h
index b9bf311ae3a1522b55f5c51388bd89f42d9b272f..38dbd32571f0ece24f7f9eaffb7c4942b4dd2efa 100644 (file)
--- a/OSX/sec/Security/Regressions/Security_regressions.h
+++ b/OSX/sec/Security/Regressions/Security_regressions.h
@@ -19,7 +19,7 @@ ONE_TEST(si_11_update_data)
 ONE_TEST(si_12_item_stress)
 ONE_TEST(si_13_item_system)
 ONE_TEST(si_14_dateparse)
-ONE_TEST(si_15_delete_access_group)
+DISABLED_ONE_TEST(si_15_delete_access_group)
 ONE_TEST(si_17_item_system_bluetooth)
 DISABLED_ONE_TEST(si_30_keychain_upgrade) //obsolete, needs updating
 DISABLED_ONE_TEST(si_31_keychain_bad)

diff --git a/OSX/sec/Security/SecCTKKey.c b/OSX/sec/Security/SecCTKKey.c
index 9087714bc41318944e48e43b3b0566949e391a60..079d467974e188a3fc8785b0f5f4dc33401df39d 100644 (file)
--- a/OSX/sec/Security/SecCTKKey.c
+++ b/OSX/sec/Security/SecCTKKey.c
@@ -52,12 +52,12 @@ typedef struct {
 
 static void SecCTKKeyDestroy(SecKeyRef key) {
     SecCTKKeyData *kd = key->key;
-    CFReleaseSafe(kd->token);
-    CFReleaseSafe(kd->token_id);
-    CFReleaseSafe(kd->objectID);
-    CFReleaseSafe(kd->auth_params.mutable_dictionary);
-    CFReleaseSafe(kd->attributes.mutable_dictionary);
-    CFReleaseSafe(kd->params);
+    CFReleaseNull(kd->token);
+    CFReleaseNull(kd->token_id);
+    CFReleaseNull(kd->objectID);
+    CFReleaseNull(kd->auth_params.mutable_dictionary);
+    CFReleaseNull(kd->attributes.mutable_dictionary);
+    CFReleaseNull(kd->params);
 }
 
 static CFIndex SecCTKGetAlgorithmID(SecKeyRef key) {

diff --git a/OSX/sec/Security/SecCertificate.c b/OSX/sec/Security/SecCertificate.c
index a5ae201067e02ac1c65925d46a7eb826fa8af184..de16cfedd41502e3c6121f415fe4362f9ab85ef1 100644 (file)
--- a/OSX/sec/Security/SecCertificate.c
+++ b/OSX/sec/Security/SecCertificate.c
@@ -234,29 +234,33 @@ static CFStringRef SecCertificateCopyDescription(CFTypeRef cf) {
 
 static void SecCertificateDestroy(CFTypeRef cf) {
     SecCertificateRef certificate = (SecCertificateRef)cf;
-    if (certificate->_certificatePolicies.policies)
+    if (certificate->_certificatePolicies.policies) {
         free(certificate->_certificatePolicies.policies);
+        certificate->_certificatePolicies.policies = NULL;
+    }
     if (certificate->_policyMappings.mappings) {
         free(certificate->_policyMappings.mappings);
+        certificate->_policyMappings.mappings = NULL;
     }
-    CFReleaseSafe(certificate->_crlDistributionPoints);
-    CFReleaseSafe(certificate->_ocspResponders);
-    CFReleaseSafe(certificate->_caIssuers);
+    CFReleaseNull(certificate->_crlDistributionPoints);
+    CFReleaseNull(certificate->_ocspResponders);
+    CFReleaseNull(certificate->_caIssuers);
     if (certificate->_extensions) {
         free(certificate->_extensions);
+        certificate->_extensions = NULL;
     }
-    CFReleaseSafe(certificate->_pubKey);
-    CFReleaseSafe(certificate->_der_data);
-    CFReleaseSafe(certificate->_properties);
-    CFReleaseSafe(certificate->_serialNumber);
-    CFReleaseSafe(certificate->_normalizedIssuer);
-    CFReleaseSafe(certificate->_normalizedSubject);
-    CFReleaseSafe(certificate->_authorityKeyID);
-    CFReleaseSafe(certificate->_subjectKeyID);
-    CFReleaseSafe(certificate->_sha1Digest);
-    CFReleaseSafe(certificate->_keychain_item);
-    CFReleaseSafe(certificate->_permittedSubtrees);
-    CFReleaseSafe(certificate->_excludedSubtrees);
+    CFReleaseNull(certificate->_pubKey);
+    CFReleaseNull(certificate->_der_data);
+    CFReleaseNull(certificate->_properties);
+    CFReleaseNull(certificate->_serialNumber);
+    CFReleaseNull(certificate->_normalizedIssuer);
+    CFReleaseNull(certificate->_normalizedSubject);
+    CFReleaseNull(certificate->_authorityKeyID);
+    CFReleaseNull(certificate->_subjectKeyID);
+    CFReleaseNull(certificate->_sha1Digest);
+    CFReleaseNull(certificate->_keychain_item);
+    CFReleaseNull(certificate->_permittedSubtrees);
+    CFReleaseNull(certificate->_excludedSubtrees);
 }
 
 static Boolean SecCertificateEqual(CFTypeRef cf1, CFTypeRef cf2) {
@@ -1488,6 +1492,7 @@ CFDataRef createNormalizedX501Name(CFAllocatorRef allocator,
             atvTagLocation += atvTLLength + atvContentLength;
             atvTag = atvSeq.nextItem;
                }
+        require_quiet(drtn == DR_EndOfSequence, badDER);
         rdnTagLocation += rdnTLLength + rdnContentLength;
         rdnTag = rdnSeq.nextItem;
        }
@@ -3403,6 +3408,7 @@ static void appendCertificatePolicies(CFMutableArrayRef properties,
                     &pqi.qualifier);
             }
         }
+        require_quiet(drtn == DR_EndOfSequence, badDER);
     }
     require_quiet(drtn == DR_EndOfSequence, badDER);
        return;

diff --git a/OSX/sec/Security/SecIdentity.c b/OSX/sec/Security/SecIdentity.c
index ed2f9d6838493efa06f8289978ce03575483bbfc..9c33051d749cde0908ff5c8799e7d15bc9b8d5cd 100644 (file)
--- a/OSX/sec/Security/SecIdentity.c
+++ b/OSX/sec/Security/SecIdentity.c
@@ -1,15 +1,15 @@
 /*
- * Copyright (c) 2002-2004,2007-2008,2010,2012-2014 Apple Inc. All Rights Reserved.
- * 
+ * Copyright (c) 2002-2004,2007-2008,2010,2012-2017 Apple Inc. All Rights Reserved.
+ *
  * @APPLE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * compliance with the License. Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this
  * file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -17,7 +17,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_LICENSE_HEADER_END@
  */
 
@@ -55,8 +55,8 @@ static CFStringRef SecIdentityCopyFormatDescription(CFTypeRef cf, CFDictionaryRe
 
 static void SecIdentityDestroy(CFTypeRef cf) {
     SecIdentityRef identity = (SecIdentityRef)cf;
-       CFReleaseSafe(identity->_certificate);
-       CFReleaseSafe(identity->_privateKey);
+       CFReleaseNull(identity->_certificate);
+       CFReleaseNull(identity->_privateKey);
 }
 
 static Boolean SecIdentityCompare(CFTypeRef cf1, CFTypeRef cf2) {
@@ -83,7 +83,7 @@ OSStatus SecIdentityCopyCertificate(SecIdentityRef identity,
        return 0;
 }
 
-OSStatus SecIdentityCopyPrivateKey(SecIdentityRef identity, 
+OSStatus SecIdentityCopyPrivateKey(SecIdentityRef identity,
        SecKeyRef *privateKeyRef) {
        *privateKeyRef = identity->_privateKey;
        CFRetain(*privateKeyRef);

diff --git a/OSX/sec/Security/SecItem.c b/OSX/sec/Security/SecItem.c
index 0a2e523c5b8b808463a2f21915576f193dbb9595..e44d8840fd8c5f1041c7f0810423ca93909bf911 100644 (file)
--- a/OSX/sec/Security/SecItem.c
+++ b/OSX/sec/Security/SecItem.c
@@ -1861,6 +1861,7 @@ agrps_client_to_error_request(enum SecXPCOperation op, CFArrayRef agrps, __unuse
 }
 
 bool SecItemDeleteAllWithAccessGroups(CFArrayRef accessGroups, CFErrorRef *error) {
+#if 0
     os_activity_t trace_activity = os_activity_start("SecItemDeleteAllWithAccessGroups", OS_ACTIVITY_FLAG_DEFAULT);
 
     bool ok = SECURITYD_XPC(sec_delete_items_with_access_groups, agrps_client_to_error_request, accessGroups,
@@ -1868,6 +1869,11 @@ bool SecItemDeleteAllWithAccessGroups(CFArrayRef accessGroups, CFErrorRef *error
 
     os_activity_end(trace_activity);
     return ok;
+#else
+    os_activity_t trace_activity = os_activity_start("SecItemDeleteAllWithAccessGroups", OS_ACTIVITY_FLAG_DEFAULT);
+    os_activity_end(trace_activity);
+    return true;
+#endif
 }
 
 OSStatus

diff --git a/OSX/sec/Security/SecKey.c b/OSX/sec/Security/SecKey.c
index 62fb980a9b2c7f58d6e0bc04689cdb3b130e17cb..8a7c75fe6465a29186881aece945dd24f8d523c7 100644 (file)
--- a/OSX/sec/Security/SecKey.c
+++ b/OSX/sec/Security/SecKey.c
@@ -166,7 +166,7 @@ static CFStringRef SecKeyCopyDescription(CFTypeRef cf) {
 static void SecKeyDestroy(CFTypeRef cf) {
     SecKeyRef key = (SecKeyRef)cf;
 #if !TARGET_OS_IPHONE
-    CFReleaseSafe(key->cdsaKey);
+    CFReleaseNull(key->cdsaKey);
 #endif
     if (key->key_class->destroy)
         key->key_class->destroy(key);

diff --git a/OSX/sec/Security/SecKeyAdaptors.c b/OSX/sec/Security/SecKeyAdaptors.c
index 35392ef8b479b41656bafb67f9997d85b3ac97db..901cf6fa0d4756fdf0da786d9a52335afebcc81f 100644 (file)
--- a/OSX/sec/Security/SecKeyAdaptors.c
+++ b/OSX/sec/Security/SecKeyAdaptors.c
@@ -127,7 +127,7 @@ const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 = CFSTR(
 const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard = CFSTR("algid:encrypt:ECIES:ECDH:SHA256:2PubKeys");
 
 void SecKeyOperationContextDestroy(SecKeyOperationContext *context) {
-    CFReleaseSafe(context->algorithm);
+    CFReleaseNull(context->algorithm);
 }
 
 static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buffer, CFDataRef data)) {

diff --git a/OSX/sec/securityd/SecDbQuery.c b/OSX/sec/securityd/SecDbQuery.c
index fd9f2860b3fba49ccbba3c1d314c8b061117f4b6..64338d3531bbee1ce6b670ec095f6a88daccf1d5 100644 (file)
--- a/OSX/sec/securityd/SecDbQuery.c
+++ b/OSX/sec/securityd/SecDbQuery.c
@@ -317,8 +317,13 @@ void query_add_attribute_with_desc(const SecDbAttr *desc, const void *value, Que
 
     if (desc->kind != kSecDbAccessControlAttr) {
         /* Record the new attr key, value in q_pairs. */
-        q->q_pairs[q->q_attr_end].key = desc->name;
-        q->q_pairs[q->q_attr_end++].value = attr;
+        if (q->q_attr_end + 1 < q->q_pairs_count) {
+            q->q_pairs[q->q_attr_end].key = desc->name;
+            q->q_pairs[q->q_attr_end++].value = attr;
+        } else {
+            SecError(errSecInternal, &q->q_error, CFSTR("q_pairs overflow"));
+            CFReleaseSafe(attr);
+        }
     } else {
         CFReleaseSafe(attr);
     }
@@ -898,6 +903,7 @@ Query *query_create(const SecDbClass *qclass,
         return NULL;
     }
 
+    q->q_pairs_count = key_count;
     q->q_musrView = (CFDataRef)CFRetain(musr);
     q->q_keybag = KEYBAG_DEVICE;
     q->q_class = qclass;

diff --git a/OSX/sec/securityd/SecDbQuery.h b/OSX/sec/securityd/SecDbQuery.h
index 651e4db60c34b3fb7534756e5f893c4f9595276c..8c52b14dd8067fb768fb3536ff12c34b0cdce283 100644 (file)
--- a/OSX/sec/securityd/SecDbQuery.h
+++ b/OSX/sec/securityd/SecDbQuery.h
@@ -134,6 +134,7 @@ typedef struct Query
     //trusted only certs and identities
     CFBooleanRef q_match_trusted_only;
 
+    CFIndex q_pairs_count;
     Pair q_pairs[];
 } Query;
 

diff --git a/OSX/sec/securityd/SecTrustServer.c b/OSX/sec/securityd/SecTrustServer.c
index d94f23acf56fa51fed3e29d9d66e315cadf88c8e..bfaba35bbf38989ab35e6e7328f36f1cf8b6f0c4 100644 (file)
--- a/OSX/sec/securityd/SecTrustServer.c
+++ b/OSX/sec/securityd/SecTrustServer.c
@@ -335,24 +335,32 @@ static void SecPathBuilderDestroy(SecPathBuilderRef builder) {
     secdebug("alloc", "%p", builder);
     dispatch_release_null(builder->queue);
     if (builder->anchorSource) {
-        SecMemoryCertificateSourceDestroy(builder->anchorSource); }
+        SecMemoryCertificateSourceDestroy(builder->anchorSource);
+        builder->anchorSource = NULL;
+    }
     if (builder->certificateSource) {
-        SecMemoryCertificateSourceDestroy(builder->certificateSource); }
+        SecMemoryCertificateSourceDestroy(builder->certificateSource);
+        builder->certificateSource = NULL;
+    }
     if (builder->itemCertificateSource) {
-        SecItemCertificateSourceDestroy(builder->itemCertificateSource); }
+        SecItemCertificateSourceDestroy(builder->itemCertificateSource);
+        builder->itemCertificateSource = NULL;
+    }
     if (builder->appleAnchorSource) {
-        SecMemoryCertificateSourceDestroy(builder->appleAnchorSource); }
-       CFReleaseSafe(builder->clientAuditToken);
-       CFReleaseSafe(builder->anchorSources);
-       CFReleaseSafe(builder->parentSources);
-       CFReleaseSafe(builder->allPaths);
-       CFReleaseSafe(builder->partialPaths);
-       CFReleaseSafe(builder->rejectedPaths);
-       CFReleaseSafe(builder->candidatePaths);
-       CFReleaseSafe(builder->leafDetails);
-    CFReleaseSafe(builder->ocspResponses);
-    CFReleaseSafe(builder->signedCertificateTimestamps);
-    CFReleaseSafe(builder->trustedLogs);
+        SecMemoryCertificateSourceDestroy(builder->appleAnchorSource);
+        builder->appleAnchorSource = NULL;
+    }
+       CFReleaseNull(builder->clientAuditToken);
+       CFReleaseNull(builder->anchorSources);
+       CFReleaseNull(builder->parentSources);
+       CFReleaseNull(builder->allPaths);
+       CFReleaseNull(builder->partialPaths);
+       CFReleaseNull(builder->rejectedPaths);
+       CFReleaseNull(builder->candidatePaths);
+       CFReleaseNull(builder->leafDetails);
+    CFReleaseNull(builder->ocspResponses);
+    CFReleaseNull(builder->signedCertificateTimestamps);
+    CFReleaseNull(builder->trustedLogs);
 
     SecPVCDelete(&builder->path);
 }

diff --git a/OSX/utilities/src/SecDb.c b/OSX/utilities/src/SecDb.c
index 4224a4e958fb50e12347dfff96fbb1dafa2887cf..414a69a9fe3f54477b547c1786341ec8839f24f6 100644 (file)
--- a/OSX/utilities/src/SecDb.c
+++ b/OSX/utilities/src/SecDb.c
@@ -1,15 +1,15 @@
 /*
- * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2012-2017 Apple Inc. All Rights Reserved.
  *
  * @APPLE_LICENSE_HEADER_START@
- * 
+ *
  * This file contains Original Code and/or Modifications of Original Code
  * as defined in and that are subject to the Apple Public Source License
  * Version 2.0 (the 'License'). You may not use this file except in
  * compliance with the License. Please obtain a copy of the License at
  * http://www.opensource.apple.com/apsl/ and read it before using this
  * file.
- * 
+ *
  * The Original Code and all software distributed under the License are
  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
@@ -17,7 +17,7 @@
  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  * Please see the License for the specific language governing rights and
  * limitations under the License.
- * 
+ *
  * @APPLE_LICENSE_HEADER_END@
  */
 
@@ -177,14 +177,28 @@ static void
 SecDbDestroy(CFTypeRef value)
 {
     SecDbRef db = (SecDbRef)value;
-    CFReleaseSafe(db->connections);
-    CFReleaseSafe(db->db_path);
-    dispatch_release(db->queue);
-    dispatch_release(db->commitQueue);
-    dispatch_release(db->read_semaphore);
-    dispatch_release(db->write_semaphore);
-    if (db->opened)
+    CFReleaseNull(db->connections);
+    CFReleaseNull(db->db_path);
+    if (db->queue) {
+        dispatch_release(db->queue);
+        db->queue = NULL;
+    }
+    if (db->commitQueue) {
+        dispatch_release(db->commitQueue);
+        db->commitQueue = NULL;
+    }
+    if (db->read_semaphore) {
+        dispatch_release(db->read_semaphore);
+        db->read_semaphore = NULL;
+    }
+    if (db->write_semaphore) {
+        dispatch_release(db->write_semaphore);
+        db->write_semaphore = NULL;
+    }
+    if (db->opened) {
         Block_release(db->opened);
+        db->opened = NULL;
+    }
     CFReleaseNull(db->notifyPhase);
 }
 

diff --git a/Security.xcodeproj/project.pbxproj b/Security.xcodeproj/project.pbxproj
index eabfe5349caf73c97c7d6bd94935e17e72edd803..770462c2494c69a1aade31cd456384d36c78c9ba 100644 (file)
--- a/Security.xcodeproj/project.pbxproj
+++ b/Security.xcodeproj/project.pbxproj
@@ -500,6 +500,7 @@
                18F7F67914D77F4400F88A12 /* NtlmGenerator.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C999BA10AB5F0BB0010451D /* NtlmGenerator.c */; };
                18F7F67A14D77F4400F88A12 /* ntlmBlobPriv.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C999BA30AB5F0BB0010451D /* ntlmBlobPriv.c */; };
                18F7F67C14D77F5000F88A12 /* SecTask.c in Sources */ = {isa = PBXBuildFile; fileRef = 107226D00D91DB32003CF14F /* SecTask.c */; };
+               24CBF8751E9D4E6100F09F0E /* kc-44-secrecoverypassword.c in Sources */ = {isa = PBXBuildFile; fileRef = 24CBF8731E9D4E4500F09F0E /* kc-44-secrecoverypassword.c */; };
                433E519E1B66D5F600482618 /* AppSupport.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 433E519D1B66D5F600482618 /* AppSupport.framework */; };
                4381603A1B4DCE8F00C54D58 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; };
                4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; };
@@ -7106,6 +7107,7 @@
                18351B8F14CB65870097860E /* SecBase64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBase64.h; sourceTree = "<group>"; };
                2281820D17B4686C0067C9C9 /* BackgroundTaskAgent.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = BackgroundTaskAgent.framework; path = System/Library/PrivateFrameworks/BackgroundTaskAgent.framework; sourceTree = SDKROOT; };
                22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = OTAPKIAssetTool.xcconfig; sourceTree = "<group>"; };
+               24CBF8731E9D4E4500F09F0E /* kc-44-secrecoverypassword.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-44-secrecoverypassword.c"; path = "regressions/kc-44-secrecoverypassword.c"; sourceTree = "<group>"; };
                433E519D1B66D5F600482618 /* AppSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppSupport.framework; path = System/Library/PrivateFrameworks/AppSupport.framework; sourceTree = SDKROOT; };
                4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SOSCCAuthPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; };
                4381690F1B4EDCBD00C54D58 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
@@ -14622,6 +14624,7 @@
                                DCB3446C1D8A35270054D16E /* kc-41-sececkey.m */,
                                DCB3446D1D8A35270054D16E /* kc-43-seckey-interop.m */,
                                DCB3446E1D8A35270054D16E /* kc-42-trust-revocation.c */,
+                               24CBF8731E9D4E4500F09F0E /* kc-44-secrecoverypassword.c */,
                                DCB3446F1D8A35270054D16E /* si-20-sectrust-provisioning.c */,
                                DCB344701D8A35270054D16E /* si-20-sectrust-provisioning.h */,
                                DCB344711D8A35270054D16E /* si-33-keychain-backup.c */,
@@ -23802,6 +23805,7 @@
                        files = (
                                DCB3447A1D8A35270054D16E /* kc-01-keychain-creation.c in Sources */,
                                DCB3447B1D8A35270054D16E /* kc-02-unlock-noui.c in Sources */,
+                               24CBF8751E9D4E6100F09F0E /* kc-44-secrecoverypassword.c in Sources */,
                                DCB3447D1D8A35270054D16E /* kc-03-keychain-list.c in Sources */,
                                DCB3447C1D8A35270054D16E /* kc-03-status.c in Sources */,
                                DCB3447E1D8A35270054D16E /* kc-04-is-valid.c in Sources */,

diff --git a/ntlm/ntlmBlobPriv.c b/ntlm/ntlmBlobPriv.c
index a868f9a8e2849f907821e43a4183a0e1a0f07834..d71073ab4929fe741349be93f8ddd494b1f89394 100644 (file)
--- a/ntlm/ntlmBlobPriv.c
+++ b/ntlm/ntlmBlobPriv.c
@@ -277,13 +277,7 @@ OSStatus ntlmHostName(
        unsigned char **flat,                   // mallocd and RETURNED
        unsigned *flatLen)                              // RETURNED
 {
-       char hostname[MAXHOSTNAMELEN];
-       if(gethostname(hostname, MAXHOSTNAMELEN)) {
-               #ifndef NDEBUG
-               perror("gethostname");
-               #endif
-               return errSecInternalComponent;
-       }
+       char hostname[] = "WORKSTATION";
        size_t len = strlen(hostname);
        if(unicode) {
                /* quickie "little endian unicode" conversion */