在收据验证期间提取 PKCS7 容器内存泄漏
Extract PKCS7 Container memory leak during receipt validation
XCode 在我的一个函数中检测到内存泄漏:
func 负责提取 PKCS7 容器。这里是函数的代码:
func extractPKCS7Container() throws -> UnsafeMutablePointer<PKCS7> {
guard let receiptURL = Bundle.main.appStoreReceiptURL,
let certificateURL = Bundle.main.url(forResource: "AppleIncRootCertificate", withExtension: "cer"),
let receiptData = NSData(contentsOf: receiptURL),
let certificateData = NSData(contentsOf: certificateURL) else {
throw ReceiptError.couldNotFindReceipt
}
let bio = BIOWrapper(data: receiptData)
let p7 = d2i_PKCS7_bio(bio.bio, nil)
guard p7 != nil else {
throw ReceiptError.emptyReceiptContents
}
OpenSSL_add_all_digests()
let x509Store = X509StoreWrapper()
let certificate = X509Wrapper(data: certificateData)
x509Store.addCert(x509: certificate)
let payload = BIOWrapper()
guard PKCS7_verify(p7, nil, x509Store.store, nil, payload.bio, 0) == 1 else {
throw ReceiptError.receiptNotSigned
}
return p7!
}
我也有补充类:
class BIOWrapper {
let bio = BIO_new(BIO_s_mem())
init(data:NSData) {
BIO_write(bio, data.bytes, Int32(data.length))
}
init() {}
deinit {
BIO_free(bio)
}
}
class X509StoreWrapper {
let store = X509_STORE_new()
deinit {
X509_STORE_free(store)
}
func addCert(x509:X509Wrapper) {
X509_STORE_add_cert(store, x509.x509)
}
}
class X509Wrapper {
let x509 : UnsafeMutablePointer<X509>!
init(data:NSData){
let certBIO = BIOWrapper(data: data)
x509 = d2i_X509_bio(certBIO.bio, nil)
}
deinit {
X509_free(x509)
}
}
所有包装器都有 init 和 deinit 部分。其他功能来自内置的 Crypto 模块......坦率地说,我不知道泄漏可能在这里。谁能帮帮我?
您正在分配一个 PKCS7 对象,但似乎您从未调用 PKCS7_free。例如,您需要在 throw ReceiptError.receiptNotSigned.
之前调用它
请注意右侧堆栈跟踪中缺少堆栈帧。您可以通过单击图标来查看它们,该图标看起来像一个正方形,上面和下面都有一条线。这样您就可以确切地知道哪个函数调用负责分配(因此很可能泄漏的是什么)。
XCode 在我的一个函数中检测到内存泄漏:
func 负责提取 PKCS7 容器。这里是函数的代码:
func extractPKCS7Container() throws -> UnsafeMutablePointer<PKCS7> {
guard let receiptURL = Bundle.main.appStoreReceiptURL,
let certificateURL = Bundle.main.url(forResource: "AppleIncRootCertificate", withExtension: "cer"),
let receiptData = NSData(contentsOf: receiptURL),
let certificateData = NSData(contentsOf: certificateURL) else {
throw ReceiptError.couldNotFindReceipt
}
let bio = BIOWrapper(data: receiptData)
let p7 = d2i_PKCS7_bio(bio.bio, nil)
guard p7 != nil else {
throw ReceiptError.emptyReceiptContents
}
OpenSSL_add_all_digests()
let x509Store = X509StoreWrapper()
let certificate = X509Wrapper(data: certificateData)
x509Store.addCert(x509: certificate)
let payload = BIOWrapper()
guard PKCS7_verify(p7, nil, x509Store.store, nil, payload.bio, 0) == 1 else {
throw ReceiptError.receiptNotSigned
}
return p7!
}
我也有补充类:
class BIOWrapper {
let bio = BIO_new(BIO_s_mem())
init(data:NSData) {
BIO_write(bio, data.bytes, Int32(data.length))
}
init() {}
deinit {
BIO_free(bio)
}
}
class X509StoreWrapper {
let store = X509_STORE_new()
deinit {
X509_STORE_free(store)
}
func addCert(x509:X509Wrapper) {
X509_STORE_add_cert(store, x509.x509)
}
}
class X509Wrapper {
let x509 : UnsafeMutablePointer<X509>!
init(data:NSData){
let certBIO = BIOWrapper(data: data)
x509 = d2i_X509_bio(certBIO.bio, nil)
}
deinit {
X509_free(x509)
}
}
所有包装器都有 init 和 deinit 部分。其他功能来自内置的 Crypto 模块......坦率地说,我不知道泄漏可能在这里。谁能帮帮我?
您正在分配一个 PKCS7 对象,但似乎您从未调用 PKCS7_free。例如,您需要在 throw ReceiptError.receiptNotSigned.
请注意右侧堆栈跟踪中缺少堆栈帧。您可以通过单击图标来查看它们,该图标看起来像一个正方形,上面和下面都有一条线。这样您就可以确切地知道哪个函数调用负责分配(因此很可能泄漏的是什么)。