Swiftdiff options
| author | Tobias Markmann <tm@ayena.de> | 2015-11-03 12:20:20 (GMT) |
|---|---|---|
| committer | Swift Review <review@swift.im> | 2015-11-06 10:50:52 (GMT) |
| commit | 7302ee18a137f6810ef1cc40a395f99d2f46a644 (patch) | |
| tree | 6360ffe3666118ad4e30628336c8705e240bd465 /Swiften | |
| parent | 8405fa16b738b6ef6a5920cd9d0f5735f8b62369 (diff) | |
| download | swift-7302ee18a137f6810ef1cc40a395f99d2f46a644.zip swift-7302ee18a137f6810ef1cc40a395f99d2f46a644.tar.bz2 | |
Fix potential memory leaks in Cocoa API usage
These errors were reported by Clang Analyzer.
Test-Information:
Verified that behavior is still as expected and Clang
Analyzer does not report the warnings anymore.
Change-Id: I149d75241f7680a6d2f2b6b710dd38d1ed81a209
Diffstat (limited to 'Swiften')
| -rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportCertificate.mm | 16 | ||||
| -rw-r--r-- | Swiften/TLS/SecureTransport/SecureTransportContext.mm | 8 |
2 files changed, 14 insertions, 10 deletions
diff --git a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm index 3b4e00f..4270a6f 100644 --- a/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm +++ b/Swiften/TLS/SecureTransport/SecureTransportCertificate.mm @@ -35,12 +35,13 @@ SecureTransportCertificate::SecureTransportCertificate(SecCertificateRef certifi } SecureTransportCertificate::SecureTransportCertificate(const ByteArray& der) { CFDataRef derData = CFDataCreateWithBytesNoCopy(NULL, der.data(), static_cast<CFIndex>(der.size()), NULL); SecCertificateRef certificate = SecCertificateCreateWithData(NULL, derData); + CFRelease(derData); if (certificate) { certificateHandle_ = boost::shared_ptr<SecCertificate>(certificate, CFRelease); parse(); } } @@ -54,30 +55,29 @@ SecureTransportCertificate::~SecureTransportCertificate() { void SecureTransportCertificate::parse() { assert(certificateHandle_); CFErrorRef error = NULL; // The SecCertificateCopyValues function is not part of the iOS Secure Transport API. CFDictionaryRef valueDict = SecCertificateCopyValues(certificateHandle_.get(), 0, &error); - if (error) { - CFRelease(error); - } - else { + if (valueDict) { // Handle subject. CFStringRef subject = SecCertificateCopySubjectSummary(certificateHandle_.get()); if (subject) { NSString* subjectStr = bridge_cast<NSString*>(subject); subjectName_ = NS2STDSTRING(subjectStr); CFRelease(subject); } // Handle a single Common Name. - CFStringRef commonName; + CFStringRef commonName = NULL; OSStatus error = SecCertificateCopyCommonName(certificateHandle_.get(), &commonName); - if (!error) { + if (!error && commonName) { NSString* commonNameStr = bridge_cast<NSString*>(commonName); commonNames_.push_back(NS2STDSTRING(commonNameStr)); + } + if (commonName) { CFRelease(commonName); } // Handle Subject Alternative Names NSDictionary* certDict = bridge_cast<NSDictionary*>(valueDict); NSDictionary* subjectAltNamesDict = certDict[@"2.5.29.17"][@"value"]; @@ -92,12 +92,16 @@ void SecureTransportCertificate::parse() { else if ([entry[@"label"] isEqualToString:@"DNS Name"]) { dnsNames_.push_back(NS2STDSTRING(entry[@"value"])); } } CFRelease(valueDict); } + + if (error) { + CFRelease(error); + } } std::string SecureTransportCertificate::getSubjectName() const { return subjectName_; } diff --git a/Swiften/TLS/SecureTransport/SecureTransportContext.mm b/Swiften/TLS/SecureTransport/SecureTransportContext.mm index 7f44f7d..a702cde 100644 --- a/Swiften/TLS/SecureTransport/SecureTransportContext.mm +++ b/Swiften/TLS/SecureTransport/SecureTransportContext.mm @@ -35,13 +35,13 @@ T bridge_cast(S source) { namespace Swift { namespace { -CFArrayRef getClientCertificateChainAsCFArrayRef(CertificateWithKey::ref key) { +CFArrayRef CreateClientCertificateChainAsCFArrayRef(CertificateWithKey::ref key) { boost::shared_ptr<PKCS12Certificate> pkcs12 = boost::dynamic_pointer_cast<PKCS12Certificate>(key); if (!key) { return NULL; } SafeByteArray safePassword = pkcs12->getPassword(); @@ -61,25 +61,25 @@ CFArrayRef getClientCertificateChainAsCFArrayRef(CertificateWithKey::ref key) { CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); CFArrayRef items = NULL; CFDataRef pkcs12Data = bridge_cast<CFDataRef>([NSData dataWithBytes: static_cast<const void *>(pkcs12->getData().data()) length:pkcs12->getData().size()]); securityError = SecPKCS12Import(pkcs12Data, options, &items); + CFRelease(options); NSArray* nsItems = bridge_cast<NSArray*>(items); switch(securityError) { case errSecSuccess: break; case errSecAuthFailed: // Password did not work for decoding the certificate. case errSecDecode: // Other decoding error. default: CFRelease(certChain); CFRelease(items); - CFRelease(options); certChain = NULL; } if (certChain) { CFArrayAppendValue(certChain, nsItems[0][@"identity"]); @@ -147,13 +147,13 @@ void SecureTransportContext::setState(State newState) { state_ = newState; } void SecureTransportContext::connect() { SWIFT_LOG_ASSERT(state_ == None, error) << "current state '" << stateToString(state_) << " invalid." << std::endl; if (clientCertificate_) { - CFArrayRef certs = getClientCertificateChainAsCFArrayRef(clientCertificate_); + CFArrayRef certs = CreateClientCertificateChainAsCFArrayRef(clientCertificate_); if (certs) { boost::shared_ptr<CFArray> certRefs(certs, CFRelease); OSStatus result = SSLSetCertificate(sslContext_.get(), certRefs.get()); if (result != noErr) { SWIFT_LOG(error) << "SSLSetCertificate failed with error " << result << "." << std::endl; } @@ -271,13 +271,13 @@ void SecureTransportContext::verifyServerCertificate() { } } #pragma clang diagnostic pop bool SecureTransportContext::setClientCertificate(CertificateWithKey::ref cert) { - CFArrayRef nativeClientChain = getClientCertificateChainAsCFArrayRef(cert); + CFArrayRef nativeClientChain = CreateClientCertificateChainAsCFArrayRef(cert); if (nativeClientChain) { clientCertificate_ = cert; CFRelease(nativeClientChain); return true; } else { |