Browse files

Fix potential memory leak in SUUIDModelHash

This leak (caught by the static analyzer) would occur if the do-while loop hit a break before free() was called. Instead of allocating memory on the heap, it is now being dynamically allocated on the stack.

Additionally, there was a (very) small chance that the 'result' string would be nil if for some crazy reason the returned value for 'hw.machine' was not a proper UTF-8 encoded string. However unlikely for that to occur, the code was changed for correctness.
  • Loading branch information...
1 parent e57510c commit d0a268a216f88185369bc8287cbf2272dfde1f41 @appden appden committed Aug 28, 2012
Showing with 6 additions and 14 deletions.
  1. +6 −14 SecureUDID.m
View
20 SecureUDID.m
@@ -256,23 +256,17 @@ Applies the operation (encrypt or decrypt) to the NSData value with the provided
NSData* SUUIDModelHash(void) {
NSString* result;
- result = @"Unknown";
+ result = nil;
do {
size_t size;
- char* value;
-
- value = NULL;
// first get the size
if (sysctlbyname("hw.machine", NULL, &size, NULL, 0) != 0) {
break;
}
- value = malloc(size);
- if (!value) {
- break;
- }
+ char value[size];
// now get the value
if (sysctlbyname("hw.machine", value, &size, NULL, 0) != 0) {
@@ -281,14 +275,12 @@ Applies the operation (encrypt or decrypt) to the NSData value with the provided
// convert the value to an NSString
result = [NSString stringWithCString:value encoding:NSUTF8StringEncoding];
- if (!result) {
- break;
- }
-
- // free our buffer
- free(value);
} while (0);
+ if (!result) {
+ result = @"Unknown";
+ }
+
return SUUIDHash([result dataUsingEncoding:NSUTF8StringEncoding]);
}

0 comments on commit d0a268a

Please sign in to comment.