Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(AWSIoT): Fixing crash in AWSIoTMQTTClient #5185

Merged
merged 18 commits into from
Feb 7, 2024
Merged

fix(AWSIoT): Fixing crash in AWSIoTMQTTClient #5185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
b6b1a1b
fix(iot): change default runloop mode to NSRunLoopCommonModes
thisisabhash Jan 29, 2024
43d2805
fix(iot): attempt for retain reference variable
5d Jan 29, 2024
6117177
Releasing some CF objects.
ruisebas Jan 31, 2024
56c4e07
fix: Releasing more CF objects, adding weak self for some async blocks.
ruisebas Jan 31, 2024
1dd6d1e
fix: Adding some thread safety. Invalidating timers in dealloc
ruisebas Jan 31, 2024
712dcd7
fix: Using NSDefaultRunLoopMode in SocketRocket
ruisebas Feb 1, 2024
5b65f67
Reverting NSDefaultRunLoopMode chan ges
ruisebas Feb 2, 2024
23d0c28
fix: Moving to NSThread subclass
ruisebas Feb 2, 2024
78cf4d7
Reverting sync dispatch
ruisebas Feb 5, 2024
1cfca8f
Adding new files to the project
ruisebas Feb 5, 2024
56e76a9
Moving AWSIoTStreamThread properties to implementation file
ruisebas Feb 5, 2024
ee6f183
Add barrier to notifyStatus
ruisebas Feb 5, 2024
a62e8fd
Improving disconnect notification
ruisebas Feb 5, 2024
fadbb40
Updating changelog
ruisebas Feb 6, 2024
c92accf
Improving nil check for status callback
ruisebas Feb 6, 2024
73d0180
Adding validations before releasing CF objects. Adding unit tests. Re…
ruisebas Feb 7, 2024
73682ac
Fixing flaky unit tests
ruisebas Feb 7, 2024
93d2dfe
Removing duplicated nil validations
ruisebas Feb 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions AWSIoT/AWSIoTDataManager.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,11 @@ - (instancetype)init {
return nil;
}

- (void)dealloc
{
[self.timer invalidate];
}

- (instancetype)initWithName:(NSString *)name
debug:(BOOL)enableDebugging
versioned:(BOOL)enableVersioning
Expand Down
101 changes: 56 additions & 45 deletions AWSIoT/AWSIoTManager.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,19 +206,29 @@ - (void)createKeysAndCertificateFromCsr:(NSDictionary<NSString *, NSString*> *)c

SecKeyRef publicKeyRef = [AWSIoTKeychain getPublicKeyRef:publicTag];
SecKeyRef privateKeyRef = [AWSIoTKeychain getPrivateKeyRef:privateTag];
SecIdentityRef identityRef = [AWSIoTKeychain getIdentityRef:newPrivateTag certificateLabel:newCertTag];

if ([AWSIoTKeychain deleteAsymmetricKeysWithPublicTag:publicTag privateTag:privateTag] &&
[AWSIoTKeychain addPrivateKeyRef:privateKeyRef tag:newPrivateTag] &&
[AWSIoTKeychain addPublicKeyRef:publicKeyRef tag:newPublicTag] &&
[AWSIoTKeychain addCertificateToKeychain:certificatePem tag:newCertTag] &&
[AWSIoTKeychain getIdentityRef:newPrivateTag certificateLabel:newCertTag] != nil) {
identityRef != nil) {
AWSIoTCreateCertificateResponse* resp = [[AWSIoTCreateCertificateResponse alloc] init];
resp.certificateId = certificateId;
resp.certificatePem = certificatePem;
resp.certificateArn = certificateArn;

validatedResponse = resp;
}
if (identityRef) {
CFRelease(identityRef);
}
if (privateKeyRef) {
CFRelease(privateKeyRef);
}
if (publicKeyRef) {
CFRelease(publicKeyRef);
}
}
}

Expand All @@ -229,13 +239,11 @@ - (void)createKeysAndCertificateFromCsr:(NSDictionary<NSString *, NSString*> *)c
}

+ (BOOL)importIdentityFromPKCS12Data:(NSData *)pkcs12Data passPhrase:(NSString *)passPhrase certificateId:(NSString *)certificateId {
SecKeyRef privateKey = NULL;
SecKeyRef publicKey = NULL;
SecCertificateRef certRef = NULL;

[AWSIoTManager readPk12:pkcs12Data passPhrase:passPhrase certRef:&certRef privateKeyRef:&privateKey publicKeyRef:&publicKey];
__block SecKeyRef privateKey = NULL;
__block SecKeyRef publicKey = NULL;
__block SecCertificateRef certRef = NULL;

if (!certRef || !privateKey || !publicKey) {
void (^cleanup)(void) = ^void {
if (certRef) {
CFRelease(certRef);
}
Expand All @@ -245,6 +253,12 @@ + (BOOL)importIdentityFromPKCS12Data:(NSData *)pkcs12Data passPhrase:(NSString *
if (publicKey) {
CFRelease(publicKey);
}
};

[AWSIoTManager readPk12:pkcs12Data passPhrase:passPhrase certRef:&certRef privateKeyRef:&privateKey publicKeyRef:&publicKey];

if (!certRef || !privateKey || !publicKey) {
cleanup();
AWSDDLogError(@"Unable to extract PKCS12 data. Ensure the passPhrase is correct.");
return NO;
}
Expand All @@ -254,27 +268,26 @@ + (BOOL)importIdentityFromPKCS12Data:(NSData *)pkcs12Data passPhrase:(NSString *
NSString *certTag = [AWSIoTManager certTagWithCertificateId:certificateId];

if (![AWSIoTKeychain addPrivateKeyRef:privateKey tag:privateTag]) {
if (publicKey) {
CFRelease(publicKey);
}
cleanup();
AWSDDLogError(@"Unable to add private key");
return NO;
}

if (![AWSIoTKeychain addPublicKeyRef:publicKey tag:publicTag]) {
[AWSIoTKeychain deleteAsymmetricKeysWithPublicTag:publicTag privateTag:privateTag];

cleanup();
AWSDDLogError(@"Unable to add public key");
return NO;
}

if (![AWSIoTKeychain addCertificateRef:certRef tag:certTag]) {
[AWSIoTKeychain deleteAsymmetricKeysWithPublicTag:publicTag privateTag:privateTag];

cleanup();
AWSDDLogError(@"Unable to add certificate");
return NO;
}

cleanup();
return YES;
}

Expand All @@ -283,40 +296,38 @@ + (BOOL)importIdentityFromPKCS12Data:(NSData *)pkcs12Data passPhrase:(NSString *
//
+ (BOOL)readPk12:(NSData *)pk12Data passPhrase:(NSString *)passPhrase certRef:(SecCertificateRef *)certRef privateKeyRef:(SecKeyRef *)privateKeyRef publicKeyRef:(SecKeyRef *)publicKeyRef
{
SecPolicyRef policy = NULL;
SecTrustRef trust = NULL;

__block SecPolicyRef policy = NULL;
__block SecTrustRef trust = NULL;
__block CFArrayRef secImportItems = NULL;

// cleanup stuff in a block so we don't need to do this over and over again.
static BOOL (^cleanup)(void);
static BOOL (^errorCleanup)(void);
static dispatch_once_t once;
dispatch_once(&once, ^{
cleanup = ^BOOL {
if(policy) {
CFRelease(policy);
}

if(trust) {
CFRelease(trust);
}

return YES;
};

errorCleanup = ^BOOL {
*privateKeyRef = NULL;
*publicKeyRef = NULL;
*certRef = NULL;

cleanup();

return NO;
};
});

BOOL (^cleanup)(void) = ^BOOL {
if (secImportItems) {
CFRelease(secImportItems);
}

if (policy) {
CFRelease(policy);
}

if (trust) {
CFRelease(trust);
}

return YES;
};

BOOL (^errorCleanup)(void) = ^BOOL {
*privateKeyRef = NULL;
*publicKeyRef = NULL;
*certRef = NULL;

cleanup();

return NO;
};

CFDictionaryRef secImportOptions = (__bridge CFDictionaryRef) @{(__bridge id) kSecImportExportPassphrase : passPhrase};
CFArrayRef secImportItems = NULL;

OSStatus status = SecPKCS12Import((__bridge CFDataRef) pk12Data, (CFDictionaryRef) secImportOptions, &secImportItems);

if (status == errSecSuccess && CFArrayGetCount(secImportItems) > 0)
Expand Down Expand Up @@ -369,7 +380,7 @@ + (BOOL)readPk12:(NSData *)pk12Data passPhrase:(NSString *)passPhrase certRef:(S
AWSDDLogError(@"Unable to copy public key");
return errorCleanup();
}

return cleanup();
}
AWSDDLogError(@"Unable to import from PKCS12 data");
Expand Down
11 changes: 8 additions & 3 deletions AWSIoT/Internal/AWSIoTCSR.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,9 +64,12 @@ - (NSData*)generateCSRForCertificate:(NSString*)certificateId {
NSString *privateTag = [AWSIoTKeychain.privateKeyTag stringByAppendingString:certificateId];

_publicKeyBits = [AWSIoTKeychain getPublicKeyBits:publicTag];
SecKeyRef privateKeyRef = [AWSIoTKeychain getPrivateKeyRef:privateTag];
if (!_publicKeyBits) {
return nil;
}

if (!_publicKeyBits || !privateKeyRef) {
SecKeyRef privateKeyRef = [AWSIoTKeychain getPrivateKeyRef:privateTag];
if (!privateKeyRef) {
return nil;
}

Expand Down Expand Up @@ -113,7 +116,9 @@ - (NSData*)generateCSRForCertificate:(NSString*)certificateId {
[scr appendData:signdata];

[self addByte:seqTag intoData:scr];


CFRelease(privateKeyRef);
ruisebas marked this conversation as resolved.
Show resolved Hide resolved

return [scr copy];
}

Expand Down
20 changes: 10 additions & 10 deletions AWSIoT/Internal/AWSIoTKeychain.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,13 +137,13 @@ + (BOOL)isValidCertificate:(NSString*)privateKeyTag certificateLabel:(NSString*)
if (identityRef) {
SecCertificateRef cert = NULL;
OSStatus status = SecIdentityCopyCertificate(identityRef, &cert);
CFRelease(identityRef);
if (status == noErr) {
return YES;
} else {
AWSDDLogError(@"SecIdentityCopyCertificate failed [%d]", (int)status);
}
}

return NO;
}

Expand Down Expand Up @@ -205,7 +205,10 @@ + (BOOL)addCertificate:(NSData*)cert withTag:(NSString*)tag {
AWSDDLogError(@"Error create Sec Certificate from data");
return NO;
}
return [AWSIoTKeychain addCertificateRef:certRef tag:tag];

BOOL result = [AWSIoTKeychain addCertificateRef:certRef tag:tag];
CFRelease(certRef);
return result;
}

+ (BOOL)addCertificateRef:(SecCertificateRef)certRef {
Expand Down Expand Up @@ -305,7 +308,7 @@ + (NSData *)getPublicKeyBits:(NSString*)tag {
publicKeyRef = NULL;
}

return (__bridge NSData *)publicKeyRef;
return (__bridge_transfer NSData *)publicKeyRef;
}

+ (SecKeyRef)getPrivateKeyRef:(NSString*)tag {
Expand Down Expand Up @@ -347,7 +350,7 @@ + (NSData *)getPrivateKeyBits:(NSString*)tag {
privateKeyBits = NULL;
}

return (__bridge NSData *)privateKeyBits;
return (__bridge_transfer NSData *)privateKeyBits;
}

+ (SecIdentityRef)getIdentityRef:(NSString*)privateKeyTag certificateLabel:(NSString *)certificateLabel {
Expand All @@ -374,8 +377,7 @@ + (SecIdentityRef)getIdentityRef:(NSString*)privateKeyTag certificateLabel:(NSSt
+ (BOOL)addPublicKeyRef:(SecKeyRef)pubkeyRef tag:(NSString*)tag {

OSStatus sanityCheck = noErr;
CFTypeRef persistPeer = NULL;


NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];

[publicKeyAttr setObject:(id)kSecClassKey forKey:(id)kSecClass];
Expand All @@ -386,7 +388,7 @@ + (BOOL)addPublicKeyRef:(SecKeyRef)pubkeyRef tag:(NSString*)tag {
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnPersistentRef];
[publicKeyAttr setObject:(__bridge id)[AWSIoTKeychain accessibilityType] forKey:(id)kSecAttrAccessible];

sanityCheck = SecItemAdd((CFDictionaryRef) publicKeyAttr, (CFTypeRef *)&persistPeer);
sanityCheck = SecItemAdd((CFDictionaryRef) publicKeyAttr, nil);
if ((sanityCheck != noErr) && (sanityCheck != errSecDuplicateItem)){
AWSDDLogError(@"addPublicKeyRef error: %d",(int)sanityCheck);
return NO;
Expand Down Expand Up @@ -422,8 +424,6 @@ + (BOOL)addPublicKey:(NSData*)pubkey tag:(NSString*)tag {
+ (BOOL)addPrivateKeyRef:(SecKeyRef)privkeyRef tag:(NSString*)tag {

OSStatus sanityCheck = noErr;
CFTypeRef persistPeer = NULL;

NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];

[privateKeyAttr setObject:(id)kSecClassKey forKey:(id)kSecClass];
Expand All @@ -434,7 +434,7 @@ + (BOOL)addPrivateKeyRef:(SecKeyRef)privkeyRef tag:(NSString*)tag {
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnPersistentRef];
[privateKeyAttr setObject:(__bridge id)[AWSIoTKeychain accessibilityType] forKey:(id)kSecAttrAccessible];

sanityCheck = SecItemAdd((CFDictionaryRef) privateKeyAttr, (CFTypeRef *)&persistPeer);
sanityCheck = SecItemAdd((CFDictionaryRef) privateKeyAttr, nil);
if ((sanityCheck != noErr) && (sanityCheck != errSecDuplicateItem)){
AWSDDLogError(@"addPrivateKeyRef error: %d",(int)sanityCheck);
return NO;
Expand Down
Loading
Loading