SecPKCS12是否在弧下漏电?

时间:2013-04-25 18:23:13

标签: iphone

在Arc下的代码的所有SecPKCS12Import行中,我发现了iOS工具的内存泄漏:

    SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, 0);
    CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
    NSData *data = (__bridge_transfer NSData *) SecCertificateCopyData(certRef);
    NSURL *indexURL = [[NSBundle mainBundle] URLForResource:@"cert1" withExtension:@"p12"];
    NSData *localP12 = [NSData dataWithContentsOfURL:indexURL];
    NSMutableDictionary * options = [[NSMutableDictionary alloc] init];
    NSString *password = ///
    [options setObject:password forKey:(__bridge id)kSecImportExportPassphrase];
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) localP12,(__bridge CFDictionaryRef)options, &items);
    if (securityError == noErr) { };/// good } else { //bad }
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
    CFArrayRef certificates =
    (CFArrayRef)CFDictionaryGetValue(identityDict,kSecImportItemCertChain);
    SecCertificateRef localCert = (SecCertificateRef)CFArrayGetValueAtIndex(certificates,0);
    CFDataRef dataLocal = SecCertificateCopyData(localCert);
    NSData *local = (__bridge NSData *)dataLocal;
    //NSLog(@"local:%@",local);
    NSURL *indexURLmac3 = [[NSBundle mainBundle] URLForResource:@"cert2" withExtension:@"p12"];
    NSData *localP12mac3 = [NSData dataWithContentsOfURL:indexURLmac3];
    NSMutableDictionary * optionsMac3 = [[NSMutableDictionary alloc] init];
    NSString *passwordMac3 = //
    [optionsMac3 setObject:passwordMac3 forKey:(__bridge id)kSecImportExportPassphrase];
    CFArrayRef itemsMac3 = CFArrayCreate(NULL, 0, 0, NULL);
    securityError = SecPKCS12Import((__bridge CFDataRef) localP12mac3, (__bridge CFDictionaryRef)optionsMac3, &itemsMac3);
    if (securityError == noErr) { };/// good } else { //bad }
    CFDictionaryRef identityDictMac3 = CFArrayGetValueAtIndex(itemsMac3, 0);
    CFArrayRef certificatesMac3 =
    (CFArrayRef)CFDictionaryGetValue(identityDictMac3, kSecImportItemCertChain);
    SecCertificateRef localCertMac3 = (SecCertificateRef)CFArrayGetValueAtIndex(certificatesMac3,0);
    CFDataRef dataLocalMac3 = SecCertificateCopyData(localCertMac3);
    NSData *localMac3 = (__bridge NSData *)dataLocalMac3;
    NSURL *indexURLwebcob3 = [[NSBundle mainBundle] URLForResource:@"cert3" withExtension:@"p12"];
    NSData *localP12wwebcob3 = [NSData dataWithContentsOfURL:indexURLwebcob3];
    NSMutableDictionary * optionsWebcob3 = [[NSMutableDictionary alloc] init];
    NSString *passwordWebcob3 = //
    [optionsWebcob3 setObject:passwordWebcob3 forKey:(__bridge id)kSecImportExportPassphrase];
    CFArrayRef itemsWebcob3 = CFArrayCreate(NULL, 0, 0, NULL);
    securityError = SecPKCS12Import((__bridge CFDataRef) localP12wwebcob3, (__bridge CFDictionaryRef)optionsWebcob3, &itemsWebcob3);
    if (securityError == noErr) { };/// good } else { //bad }
    CFDictionaryRef identityDictWebcob3 = CFArrayGetValueAtIndex(itemsWebcob3, 0);
    CFArrayRef certificatesWebcob3 =
    (CFArrayRef)CFDictionaryGetValue(identityDictWebcob3,
                                     kSecImportItemCertChain);
    SecCertificateRef localCertWebcob3 = (SecCertificateRef)CFArrayGetValueAtIndex(certificatesWebcob3,0);
    CFDataRef dataLocalWebcob3 = SecCertificateCopyData(localCertWebcob3);
    NSData *localWebcob3 = (__bridge NSData *)dataLocalWebcob3;
    if ([data isEqualToData:local] || [data isEqualToData:localMac3] || [data isEqualToData:localWebcob3]) trust = YES;

    CFRelease(certSummary);
    CFRelease((CFDataRef) dataLocal);
    CFRelease((CFDataRef) dataLocalMac3);
    CFRelease((CFDataRef) dataLocalWebcob3);

我哪里错了?

1 个答案:

答案 0 :(得分:2)

哇。那段代码真的难以理解。您似乎正在进行三种不同的PKCS12导入,您可能希望将该方法调用为三次。只是说。

无论如何,甚至没有遵循你的代码,我知道问题可能是什么 - 因为我以前见过这个。您使用的安全方法遵循CoreFoundation memory management patterns defined here。我不止一次发现PKCS12身份导入过程泄漏,因为有人没有意识到这一点,或者认为将桥接器转换为ARC会使其正常工作。

但是你应该注意的是 - 除了乐器试图告诉你的任何东西,当然:

  • 您需要将作为最后一个参数传递的项目释放到SecPKCS12Import(文档中的CFArrayRef)。请查看Apple's example获取指导。

  • 我看到更明显的一些事情 - 您在没有相应发布的情况下致电CFArrayCreate