net/cert/cert_verify_proc_mac.cc - Issue 886933008: Fix a memory leak in net::CertVerifyProcMac::VerifyInternal

Side by Side Diff: net/cert/cert_verify_proc_mac.cc

Issue 886933008: Fix a memory leak in net::CertVerifyProcMac::VerifyInternal (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/cert/cert_verify_proc_mac.h"	5 #include "net/cert/cert_verify_proc_mac.h"

6	6

7 #include <CommonCrypto/CommonDigest.h>	7 #include <CommonCrypto/CommonDigest.h>

8 #include <CoreServices/CoreServices.h>	8 #include <CoreServices/CoreServices.h>

9 #include <Security/Security.h>	9 #include <Security/Security.h>

10	10

(...skipping 472 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
483 ScopedCFTypeRef<CFArrayRef> trust_policies;	483 ScopedCFTypeRef<CFArrayRef> trust_policies;

484 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies);	484 OSStatus status = CreateTrustPolicies(hostname, flags, &trust_policies);

485 if (status)	485 if (status)

486 return NetErrorFromOSStatus(status);	486 return NetErrorFromOSStatus(status);

487	487

488 // Create and configure a SecTrustRef, which takes our certificate(s)	488 // Create and configure a SecTrustRef, which takes our certificate(s)

489 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an	489 // and our SSL SecPolicyRef. SecTrustCreateWithCertificates() takes an

490 // array of certificates, the first of which is the certificate we're	490 // array of certificates, the first of which is the certificate we're

491 // verifying, and the subsequent (optional) certificates are used for	491 // verifying, and the subsequent (optional) certificates are used for

492 // chain building.	492 // chain building.

493 ScopedCFTypeRef<CFMutableArrayRef> cert_array(CFArrayCreateMutableCopy(	493 ScopedCFTypeRef<CFArrayRef> original_chain(cert->CreateOSCertChainForCert());
	davidben 2015/02/05 22:14:34 It looks like CreateOSCertChainForCert makes a CFM It looks like CreateOSCertChainForCert makes a CFMutableArrayRef anyway (and can conceivably return NULL but probably takes a malloc error?). Maybe we should just change the type signature of this function. https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_cert... Ryan Sleevi 2015/02/05 22:49:40 I considered that, but we have this same function Show quoted text On 2015/02/05 22:14:34, David Benjamin wrote: > It looks like CreateOSCertChainForCert makes a CFMutableArrayRef anyway (and can > conceivably return NULL but probably takes a malloc error?). Maybe we should > just change the type signature of this function. > > https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_cert... I considered that, but we have this same function on windows (which returns a PCCERT_CONTEXT), and making that ScopedPCCERT_CONTEXT would mean needing to either include the windows headers or forward declare the free functions. So for consistency I opted to have both return the native pointer, which feels a little gross, but less gross than adding more forward declare cruft. If you feel strongly though, happy to change.
494 kCFAllocatorDefault, 0, cert->CreateOSCertChainForCert()));	494 ScopedCFTypeRef<CFMutableArrayRef> cert_array(

	495 CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, original_chain));

495	496

496 // Serialize all calls that may use the Keychain, to work around various	497 // Serialize all calls that may use the Keychain, to work around various

497 // issues in OS X 10.6+ with multi-threaded access to Security.framework.	498 // issues in OS X 10.6+ with multi-threaded access to Security.framework.

498 base::AutoLock lock(crypto::GetMacSecurityServicesLock());	499 base::AutoLock lock(crypto::GetMacSecurityServicesLock());

499	500

500 ScopedCFTypeRef<SecTrustRef> trust_ref;	501 ScopedCFTypeRef<SecTrustRef> trust_ref;

501 SecTrustResultType trust_result = kSecTrustResultDeny;	502 SecTrustResultType trust_result = kSecTrustResultDeny;

502 ScopedCFTypeRef<CFArrayRef> completed_chain;	503 ScopedCFTypeRef<CFArrayRef> completed_chain;

503 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info = NULL;	504 CSSM_TP_APPLE_EVIDENCE_INFO* chain_info = NULL;

504 bool candidate_untrusted = true;	505 bool candidate_untrusted = true;

(...skipping 260 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
765 }	766 }

766 }	767 }

767 }	768 }

768 }	769 }

769 }	770 }

770	771

771 return OK;	772 return OK;

772 }	773 }

773	774

774 } // namespace net	775 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | tools/valgrind/memcheck/suppressions_mac.txt » ('j') | no next file with comments »