diff options
| author | Benoit Foucher <benoit@zeroc.com> | 2017-04-03 11:58:25 +0200 |
|---|---|---|
| committer | Benoit Foucher <benoit@zeroc.com> | 2017-04-03 11:58:25 +0200 |
| commit | 1b08fada02668508d6af77941487bbc1dd31a787 (patch) | |
| tree | 0ad800808137e1d763323ede75b2e6b504a6f343 /cpp/src/IceSSL/SecureTransportUtil.cpp | |
| parent | Better fix for VC90 handleException overloads (diff) | |
| download | ice-1b08fada02668508d6af77941487bbc1dd31a787.tar.bz2 ice-1b08fada02668508d6af77941487bbc1dd31a787.tar.xz ice-1b08fada02668508d6af77941487bbc1dd31a787.zip | |
Fixed leak in IceSSL secure transport implementatoin & minor code style fixes
Diffstat (limited to 'cpp/src/IceSSL/SecureTransportUtil.cpp')
| -rw-r--r-- | cpp/src/IceSSL/SecureTransportUtil.cpp | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/cpp/src/IceSSL/SecureTransportUtil.cpp b/cpp/src/IceSSL/SecureTransportUtil.cpp index d9e0a793afc..1ae54e0754d 100644 --- a/cpp/src/IceSSL/SecureTransportUtil.cpp +++ b/cpp/src/IceSSL/SecureTransportUtil.cpp @@ -145,9 +145,11 @@ loadKeychainItems(const string& file, SecExternalItemType type, SecKeychainRef k memset(¶ms, 0, sizeof(params)); params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; params.flags |= kSecKeyNoAccessControl; + UniqueRef<CFStringRef> passphraseHolder; if(!passphrase.empty()) { - params.passphrase = toCFString(passphrase); + passphraseHolder.reset(toCFString(passphrase)); + params.passphrase = passphraseHolder.get(); } UniqueRef<CFArrayRef> items; @@ -161,7 +163,6 @@ loadKeychainItems(const string& file, SecExternalItemType type, SecKeychainRef k // the password from the given prompt or configure the import to // prompt the user with an alert dialog. // - UniqueRef<CFStringRef> passphraseHolder; UniqueRef<CFStringRef> alertPromptHolder; if(passphrase.empty() && (err == errSecPassphraseRequired || err == errSecInvalidData || err == errSecPkcs12VerifyFailure)) @@ -363,7 +364,7 @@ loadPrivateKey(const string& file, SecCertificateRef cert, SecKeychainRef keycha UniqueRef<SecKeyRef> key; for(int i = 0; i < count; ++i) { - SecKeychainItemRef item = + SecKeychainItemRef item = static_cast<SecKeychainItemRef>(const_cast<void*>(CFArrayGetValueAtIndex(items.get(), 0))); if(SecKeyGetTypeID() == CFGetTypeID(item)) { @@ -526,11 +527,11 @@ loadCerts(const string& file) // Imports a certificate (it might contain an identity or certificate depending on the format). // CFArrayRef -IceSSL::SecureTransport::loadCertificateChain(const string& file, - const string& keyFile, +IceSSL::SecureTransport::loadCertificateChain(const string& file, + const string& keyFile, const std::string& keychainPath, const string& keychainPassword, - const string& password, + const string& password, const PasswordPromptPtr& prompt, int retryMax) { @@ -593,7 +594,7 @@ IceSSL::SecureTransport::loadCertificateChain(const string& file, // might already have been imported. // UniqueRef<CFArrayRef> items(loadKeychainItems(file, kSecItemTypeCertificate, 0, password, prompt, retryMax)); - SecCertificateRef cert = + SecCertificateRef cert = static_cast<SecCertificateRef>(const_cast<void*>(CFArrayGetValueAtIndex(items.get(), 0))); if(SecCertificateGetTypeID() != CFGetTypeID(cert)) { @@ -641,7 +642,7 @@ IceSSL::SecureTransport::loadCACertificates(const string& file) int count = CFArrayGetCount(items.get()); for(CFIndex i = 0; i < count; ++i) { - SecCertificateRef cert = + SecCertificateRef cert = static_cast<SecCertificateRef>(const_cast<void*>(CFArrayGetValueAtIndex(items.get(), i))); assert(SecCertificateGetTypeID() == CFGetTypeID(cert)); if(isCA(cert)) |