1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
|
// RUN: %clang_cc1 -analyze -analyzer-checker=osx.SecKeychainAPI %s -verify
// Fake typedefs.
typedef unsigned int OSStatus;
typedef unsigned int SecKeychainAttributeList;
typedef unsigned int SecKeychainItemRef;
typedef unsigned int SecItemClass;
typedef unsigned int UInt32;
typedef unsigned int CFTypeRef;
typedef unsigned int UInt16;
typedef unsigned int SecProtocolType;
typedef unsigned int SecAuthenticationType;
typedef unsigned int SecKeychainAttributeInfo;
enum {
noErr = 0,
GenericError = 1
};
// Functions that allocate data.
OSStatus SecKeychainItemCopyContent (
SecKeychainItemRef itemRef,
SecItemClass *itemClass,
SecKeychainAttributeList *attrList,
UInt32 *length,
void **outData
);
OSStatus SecKeychainFindGenericPassword (
CFTypeRef keychainOrArray,
UInt32 serviceNameLength,
const char *serviceName,
UInt32 accountNameLength,
const char *accountName,
UInt32 *passwordLength,
void **passwordData,
SecKeychainItemRef *itemRef
);
OSStatus SecKeychainFindInternetPassword (
CFTypeRef keychainOrArray,
UInt32 serverNameLength,
const char *serverName,
UInt32 securityDomainLength,
const char *securityDomain,
UInt32 accountNameLength,
const char *accountName,
UInt32 pathLength,
const char *path,
UInt16 port,
SecProtocolType protocol,
SecAuthenticationType authenticationType,
UInt32 *passwordLength,
void **passwordData,
SecKeychainItemRef *itemRef
);
OSStatus SecKeychainItemCopyAttributesAndData (
SecKeychainItemRef itemRef,
SecKeychainAttributeInfo *info,
SecItemClass *itemClass,
SecKeychainAttributeList **attrList,
UInt32 *length,
void **outData
);
// Functions which free data.
OSStatus SecKeychainItemFreeContent (
SecKeychainAttributeList *attrList,
void *data
);
OSStatus SecKeychainItemFreeAttributesAndData (
SecKeychainAttributeList *attrList,
void *data
);
void errRetVal() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
if (st == GenericError) // expected-warning{{Allocated data is not released: missing a call to 'SecKeychainItemFreeContent'.}}
SecKeychainItemFreeContent(ptr, outData); // expected-warning{{Call to free data when error was returned during allocation.}}
}
// If null is passed in, the data is not allocated, so no need for the matching free.
void fooDoNotReportNull() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 *length = 0;
void **outData = 0;
SecKeychainItemCopyContent(2, ptr, ptr, 0, 0);
SecKeychainItemCopyContent(2, ptr, ptr, length, outData);
}// no-warning
void doubleAlloc() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData); // expected-warning {{Allocated data should be released before another call to the allocator:}}
if (st == noErr)
SecKeychainItemFreeContent(ptr, outData);
}
void fooOnlyFree() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData = &length;
SecKeychainItemFreeContent(ptr, outData);// expected-warning{{Trying to free data which has not been allocated}}
}
// Do not warn if undefined value is passed to a function.
void fooOnlyFreeUndef() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
SecKeychainItemFreeContent(ptr, outData);
}// no-warning
// Do not warn if the address is a parameter in the enclosing function.
void fooOnlyFreeParam(void *attrList, void* X) {
SecKeychainItemFreeContent(attrList, X);
}// no-warning
// If we are returning the value, do not report.
void* returnContent() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
return outData;
} // no-warning
// Password was passed in as an argument and does nt have to be deleted.
OSStatus getPasswordAndItem(void** password, UInt32* passwordLength) {
OSStatus err;
SecKeychainItemRef item;
err = SecKeychainFindGenericPassword(0, 3, "xx", 3, "xx",
passwordLength, password, &item);
return err;
} // no-warning
// Make sure we do not report an error if we call free only if password != 0.
// Also, do not report double allocation if first allocation returned an error.
OSStatus testSecKeychainFindGenericPassword(UInt32* passwordLength,
CFTypeRef keychainOrArray, SecProtocolType protocol,
SecAuthenticationType authenticationType) {
OSStatus err;
SecKeychainItemRef item;
void *password;
err = SecKeychainFindGenericPassword(0, 3, "xx", 3, "xx",
passwordLength, &password, &item);
if( err == GenericError ) {
err = SecKeychainFindInternetPassword(keychainOrArray,
16, "server", 16, "domain", 16, "account",
16, "path", 222, protocol, authenticationType,
passwordLength, &(password), 0);
}
if (err == noErr && password) {
SecKeychainItemFreeContent(0, password);
}
return err;
}
int apiMismatch(SecKeychainItemRef itemRef,
SecKeychainAttributeInfo *info,
SecItemClass *itemClass) {
OSStatus st = 0;
SecKeychainAttributeList *attrList;
UInt32 length;
void *outData;
st = SecKeychainItemCopyAttributesAndData(itemRef, info, itemClass,
&attrList, &length, &outData);
if (st == noErr)
SecKeychainItemFreeContent(attrList, outData); // expected-warning{{Allocator doesn't match the deallocator}}
return 0;
}
int ErrorCodesFromDifferentAPISDoNotInterfere(SecKeychainItemRef itemRef,
SecKeychainAttributeInfo *info,
SecItemClass *itemClass) {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
OSStatus st2 = 0;
SecKeychainAttributeList *attrList;
UInt32 length2;
void *outData2;
st2 = SecKeychainItemCopyAttributesAndData(itemRef, info, itemClass,
&attrList, &length2, &outData2);
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
if (st == noErr) {
SecKeychainItemFreeContent(ptr, outData);
if (st2 == noErr) {
SecKeychainItemFreeAttributesAndData(attrList, outData2);
}
}
return 0; // expected-warning{{Allocated data is not released: missing a call to 'SecKeychainItemFreeAttributesAndData'}}
}
int foo(CFTypeRef keychainOrArray, SecProtocolType protocol,
SecAuthenticationType authenticationType, SecKeychainItemRef *itemRef) {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData[5];
st = SecKeychainFindInternetPassword(keychainOrArray,
16, "server", 16, "domain", 16, "account",
16, "path", 222, protocol, authenticationType,
&length, &(outData[3]), itemRef);
if (length == 5) {
if (st == noErr)
SecKeychainItemFreeContent(ptr, outData[3]);
}
if (length) { // expected-warning{{Allocated data is not released: missing a call to 'SecKeychainItemFreeContent'.}}
length++;
}
return 0;
}// no-warning
|
