<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[136958] trunk/dports/security/certsync/files/certsync.m</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/136958">136958</a></dd>
<dt>Author</dt> <dd>cal@macports.org</dd>
<dt>Date</dt> <dd>2015-05-31 10:38:47 -0700 (Sun, 31 May 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>certsync: Avoid segfault in absence of kSecTrustSettingsResult, closes #47906
Root certificates apparently sometimes do not have a kSecTrustSettingsResult,
and the absence should be treated as kSecTrustSettingsResultTrustRoot. This
change implements that.
Additionally, this silences a few warnings emitted by clang about functions
that are never NULL (at least not on the platform you're compiling for). Since
these checks are required for other platforms, employ the address-of operator
as suggested by clang to turn off the warning.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkdportssecuritycertsyncfilescertsyncm">trunk/dports/security/certsync/files/certsync.m</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportssecuritycertsyncfilescertsyncm"></a>
<div class="modfile"><h4>Modified: trunk/dports/security/certsync/files/certsync.m (136957 => 136958)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/security/certsync/files/certsync.m 2015-05-31 15:03:29 UTC (rev 136957)
+++ trunk/dports/security/certsync/files/certsync.m 2015-05-31 17:38:47 UTC (rev 136958)
</span><span class="lines">@@ -107,17 +107,17 @@
</span><span class="cx"> * @return BOOL indicating whether this system supports retrieving CNs from certificates
</span><span class="cx"> */
</span><span class="cx"> static BOOL GetCertSubject(SecCertificateRef cert, CFStringRef *subject, NSError **subjectError) {
</span><del>- if (SecCertificateCopyShortDescription != NULL /* 10.7 */) {
</del><ins>+ if (&SecCertificateCopyShortDescription != NULL /* 10.7 */) {
</ins><span class="cx"> *subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, cert, (CFErrorRef *) subjectError));
</span><span class="cx"> return YES;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (SecCertificateCopySubjectSummary != NULL /* 10.6 */) {
</del><ins>+ if (&SecCertificateCopySubjectSummary != NULL /* 10.6 */) {
</ins><span class="cx"> *subject = PLCFAutorelease(SecCertificateCopySubjectSummary(cert));
</span><span class="cx"> return YES;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (SecCertificateCopyCommonName != NULL /* 10.5 */) {
</del><ins>+ if (&SecCertificateCopyCommonName != NULL /* 10.5 */) {
</ins><span class="cx"> OSStatus err;
</span><span class="cx"> if ((err = SecCertificateCopyCommonName(cert, subject)) == errSecSuccess && *subject != NULL) {
</span><span class="cx"> PLCFAutorelease(*subject);
</span><span class="lines">@@ -158,7 +158,7 @@
</span><span class="cx"> SecTrustRef trust;
</span><span class="cx"> {
</span><span class="cx"> SecPolicyRef policy;
</span><del>- if (SecPolicyCreateBasicX509 != NULL) /* >= 10.6 */ {
</del><ins>+ if (&SecPolicyCreateBasicX509 != NULL) /* >= 10.6 */ {
</ins><span class="cx"> policy = SecPolicyCreateBasicX509();
</span><span class="cx"> } else /* < 10.6 */ {
</span><span class="cx"> SecPolicySearchRef searchRef = NULL;
</span><span class="lines">@@ -265,7 +265,7 @@
</span><span class="cx"> OSStatus err;
</span><span class="cx">
</span><span class="cx"> /* Mac OS X >= 10.5 provides SecTrustSettingsCopyCertificates() */
</span><del>- if (SecTrustSettingsCopyCertificates != NULL) {
</del><ins>+ if (&SecTrustSettingsCopyCertificates != NULL) {
</ins><span class="cx"> /* Fetch all certificates in the given domain */
</span><span class="cx"> err = SecTrustSettingsCopyCertificates(domain, &certs);
</span><span class="cx"> if (err == errSecSuccess) {
</span><span class="lines">@@ -316,7 +316,12 @@
</span><span class="cx"> SInt32 settingsResult;
</span><span class="cx">
</span><span class="cx"> settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
</span><del>- CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
</del><ins>+ if (settingsResultNum == nil) {
+ /* "If this key is not present, a default value of kSecTrustSettingsResultTrustRoot is assumed." */
+ settingsResult = kSecTrustSettingsResultTrustRoot;
+ } else {
+ CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
+ }
</ins><span class="cx">
</span><span class="cx"> /* If a root, add to the result set */
</span><span class="cx"> if (settingsResult == kSecTrustSettingsResultTrustRoot || settingsResult == kSecTrustSettingsResultTrustAsRoot) {
</span><span class="lines">@@ -403,7 +408,7 @@
</span><span class="cx"> /* Set the keychain preference domain to user, this causes
</span><span class="cx"> * ValidateSystemTrust to use the user's keychain */
</span><span class="cx"> if ((err = SecKeychainSetPreferenceDomain(kSecPreferencesDomainUser)) != errSecSuccess) {
</span><del>- if (SecCopyErrorMessageString != NULL) {
</del><ins>+ if (&SecCopyErrorMessageString != NULL) {
</ins><span class="cx"> /* >= 10.5 */
</span><span class="cx"> CFStringRef errMsg = PLCFAutorelease(SecCopyErrorMessageString(err, NULL));
</span><span class="cx"> nsfprintf(stderr, @"Failed to set keychain preference domain: %@\n", errMsg);
</span><span class="lines">@@ -429,7 +434,7 @@
</span><span class="cx"> /* Admin & System */
</span><span class="cx"> /* Causes ValidateSystemTrust to ignore the user's keychain */
</span><span class="cx"> if ((err = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem)) != errSecSuccess) {
</span><del>- if (SecCopyErrorMessageString != NULL) {
</del><ins>+ if (&SecCopyErrorMessageString != NULL) {
</ins><span class="cx"> /* >= 10.5 */
</span><span class="cx"> CFStringRef errMsg = PLCFAutorelease(SecCopyErrorMessageString(err, NULL));
</span><span class="cx"> nsfprintf(stderr, @"Failed to set keychain preference domain: %@\n", errMsg);
</span><span class="lines">@@ -484,7 +489,7 @@
</span><span class="cx">
</span><span class="cx"> /* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
</span><span class="cx"> nsfprintf(stderr, @"Exporting certificates from the keychain\n");
</span><del>- if (SecItemExport != NULL) {
</del><ins>+ if (&SecItemExport != NULL) {
</ins><span class="cx"> err = SecItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
</span><span class="cx"> } else {
</span><span class="cx"> err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
</span></span></pre>
</div>
</div>
</body>
</html>