From 0d97babf2ffcc3762e2398c319786a0f78df8aa6 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 3 Jul 2017 16:34:19 +0200 Subject: QSslSocket - fix two memory management issues (Secure Transport) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I noticed we never release 'items' imported by SecPKCS12Import. But looking at the actual code (SecImportExport.c), it appears we own these 'items' and must release them. And this leads to a crash (on over-release) which reveals another bug: a value from a dictionary obtained with 'Get' method should follow the 'get rule' - we do not own it and QCFType RAII object is not needed. Change-Id: I219015fadedb256c401e50cf7e955f3d7e0a6c5f Reviewed-by: Tor Arne Vestbø Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslsocket_mac.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/network') diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 10f6fb4e41..2aecf3407f 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -931,7 +931,7 @@ bool QSslSocketBackendPrivate::setSessionCertificate(QString &errorDescription, #endif QCFType options = CFDictionaryCreate(nullptr, keys, values, nKeys, nullptr, nullptr); - CFArrayRef items = nullptr; + QCFType items; OSStatus err = SecPKCS12Import(pkcs12, options, &items); if (err != noErr) { #ifdef QSSLSOCKET_DEBUG @@ -972,7 +972,7 @@ bool QSslSocketBackendPrivate::setSessionCertificate(QString &errorDescription, CFArrayAppendValue(certs, identity); - QCFType chain((CFArrayRef)CFDictionaryGetValue(import, kSecImportItemCertChain)); + CFArrayRef chain = (CFArrayRef)CFDictionaryGetValue(import, kSecImportItemCertChain); if (chain) { for (CFIndex i = 1, e = CFArrayGetCount(chain); i < e; ++i) CFArrayAppendValue(certs, CFArrayGetValueAtIndex(chain, i)); -- cgit v1.2.3