adium/adium

Remember kids, -[NSObject hash] has absolutely no cryptographic guarantees. Using it to decide to trust a certificate is RETARDED.
adium-1.5.7
2013-06-25, Thijs Alkemade
f378111148c4
Parents 38a86a06aa15
Children b21557d6db300a2dce3d481bf0897fb5fb95
Remember kids, -[NSObject hash] has absolutely no cryptographic guarantees. Using it to decide to trust a certificate is RETARDED.

Also, fix a possible overrelease of a trustref, which might be related to #16365

Refs #16365
1 files changed, 1 insertions(+), 35 deletions(-)
  • +1 -35
    Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m
    • --- a/Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m Sun Jun 23 13:32:14 2013 +0200
    +++ b/Plugins/Purple Service/AIPurpleCertificateTrustWarningAlert.m Tue Jun 25 21:41:03 2013 +0200
    @@ -26,8 +26,6 @@
    //#define ALWAYS_SHOW_TRUST_WARNING
    -static NSMutableDictionary *acceptedCertificates = nil;
    -
    @interface AIPurpleCertificateTrustWarningAlert ()
    - (id)initWithAccount:(AIAccount*)account
    hostname:(NSString*)hostname
    @@ -80,8 +78,6 @@
    userData:(void*)ud
    {
    if((self = [super init])) {
    - if(!acceptedCertificates)
    - acceptedCertificates = [[NSMutableDictionary alloc] init];
    query_cert_cb = _query_cert_cb;
    certificates = certs;
    @@ -111,23 +107,6 @@
    CSSM_DATA data;
    err = SecCertificateGetData((SecCertificateRef)CFArrayGetValueAtIndex(certificates, 0), &data);
    - if(err == noErr) {
    - // Did we ask the user to confirm this certificate before?
    - // Note that this information is not stored on the disk, which is on purpose.
    - NSUInteger oldCertHash = [[acceptedCertificates objectForKey:hostname] unsignedIntegerValue];
    - if (oldCertHash) {
    - NSData *certData = [[NSData alloc] initWithBytesNoCopy:data.Data length:data.Length freeWhenDone:NO];
    - NSUInteger newCertHash = [certData hash];
    - [certData release];
    -
    - if (oldCertHash == newCertHash) {
    - query_cert_cb(true, userdata);
    - [self release];
    - return;
    - }
    - }
    - }
    -
    err = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, NULL, &searchRef);
    if(err != noErr) {
    @@ -166,8 +145,6 @@
    if(err != noErr) {
    CFRelease(searchRef);
    CFRelease(policyRef);
    - if (trustRef)
    - CFRelease(trustRef);
    NSBeep();
    [self release];
    return;
    @@ -285,7 +262,7 @@
    didEndSelector:@selector(certificateTrustSheetDidEnd:returnCode:contextInfo:)
    contextInfo:window
    trust:trustRef
    - message:title];
    + message:title];
    }
    @@ -299,17 +276,6 @@
    NSWindow *parentWindow = (NSWindow *)contextInfo;
    query_cert_cb(didTrustCerficate, userdata);
    - /* If the user confirmed this cert, we store this information until the app is closed so the user doesn't have to re-confirm it every time
    - * (doing otherwise might be particularily annoying on auto-reconnect)
    - */
    - if (didTrustCerficate) {
    - CSSM_DATA certdata;
    - OSStatus err = SecCertificateGetData((SecCertificateRef)CFArrayGetValueAtIndex(certificates, 0), &certdata);
    - if(err == noErr) {
    - [acceptedCertificates setObject:[NSNumber numberWithUnsignedInteger:[[NSData dataWithBytes:certdata.Data length:certdata.Length] hash]]
    - forKey:hostname];
    - }
    - }
    [trustpanel release];