feat(HttpsVerifier): uses ReleaseCFObject in the creation of smartpoi…

…nters
wazuh · Jan 14, 2025 · 87060ad · 87060ad
1 parent 2a24b4c
commit 87060ad
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 29 deletions.
diff --git a/src/agent/communicator/include/https_verifier_mac.hpp b/src/agent/communicator/include/https_verifier_mac.hpp
@@ -9,24 +9,13 @@
 
 namespace https_socket_verify_utils
 {
-    struct CFDeleter
-    {
-        void operator()(CFTypeRef obj) const
-        {
-            if (obj)
-            {
-                CFRelease(obj);
-            }
-        }
-    };
-
-    using CFDataPtr = std::unique_ptr<const __CFData, CFDeleter>;
-    using CFArrayPtr = std::unique_ptr<const __CFArray, CFDeleter>;
-    using CFStringPtr = std::unique_ptr<const __CFString, CFDeleter>;
-    using SecTrustPtr = std::unique_ptr<__SecTrust, CFDeleter>;
-    using CFErrorPtr = std::unique_ptr<__CFError, CFDeleter>;
-    using SecCertificatePtr = std::unique_ptr<__SecCertificate, CFDeleter>;
-    using SecPolicyPtr = std::unique_ptr<__SecPolicy, CFDeleter>;
+    using CFDataPtr = std::unique_ptr<const __CFData, std::function<void(CFTypeRef)>>;
+    using CFArrayPtr = std::unique_ptr<const __CFArray, std::function<void(CFTypeRef)>>;
+    using CFStringPtr = std::unique_ptr<const __CFString, std::function<void(CFTypeRef)>>;
+    using SecTrustPtr = std::unique_ptr<__SecTrust, std::function<void(CFTypeRef)>>;
+    using CFErrorPtr = std::unique_ptr<__CFError, std::function<void(CFTypeRef)>>;
+    using SecCertificatePtr = std::unique_ptr<__SecCertificate, std::function<void(CFTypeRef)>>;
+    using SecPolicyPtr = std::unique_ptr<__SecPolicy, std::function<void(CFTypeRef)>>;
 
     class HttpsVerifier
     {
@@ -40,6 +29,13 @@ namespace https_socket_verify_utils
             , m_host(host)
             , m_utils(std::move(utils))
         {
+            m_deleter = [this](CFTypeRef obj)
+            {
+                if (obj)
+                {
+                    m_utils->ReleaseCFObject(obj);
+                }
+            };
         }
 
         /// @brief Verifies the certificate of the HTTPS connection
@@ -78,5 +74,8 @@ namespace https_socket_verify_utils
 
         /// @brief The certificate utilities object to use
         std::unique_ptr<ICertificateUtils> m_utils;
+
+        /// @brief The deleter function to release CFTypeRef objects
+        std::function<void(CFTypeRef)> m_deleter;
     };
 } // namespace https_socket_verify_utils
diff --git a/src/agent/communicator/src/https_verifier_mac.cpp b/src/agent/communicator/src/https_verifier_mac.cpp
@@ -34,7 +34,7 @@ namespace https_socket_verify_utils
 
         if (m_mode == "full")
         {
-            SecCertificatePtr serverCert(m_utils->CreateCertificate(certData.get()));
+            SecCertificatePtr serverCert(m_utils->CreateCertificate(certData.get()), m_deleter);
             if (!serverCert || !ValidateHostname(serverCert))
             {
                 return false;
@@ -68,16 +68,15 @@ namespace https_socket_verify_utils
             return false;
         }
 
-        certData = CFDataPtr(m_utils->CreateCFData(certRawData, certLen));
+        certData = CFDataPtr(m_utils->CreateCFData(certRawData, certLen), m_deleter);
         OPENSSL_free(certRawData);
 
         return certData != nullptr;
     }
 
     bool HttpsVerifier::CreateTrustObject(const CFDataPtr& certData, SecTrustPtr& trust)
     {
-        SecCertificatePtr serverCert(m_utils->CreateCertificate(certData.get()));
-
+        SecCertificatePtr serverCert(m_utils->CreateCertificate(certData.get()), m_deleter);
         if (!serverCert)
         {
             LogError("Failed to create SecCertificateRef.");
@@ -86,8 +85,8 @@ namespace https_socket_verify_utils
 
         const void* certArrayValues[] = {serverCert.get()};
 
-        CFArrayPtr certArray(m_utils->CreateCertArray(certArrayValues, 1));
-        SecPolicyPtr policy(m_utils->CreateSSLPolicy(true, ""));
+        CFArrayPtr certArray(m_utils->CreateCertArray(certArrayValues, 1), m_deleter);
+        SecPolicyPtr policy(m_utils->CreateSSLPolicy(true, ""), m_deleter);
 
         SecTrustRef rawTrust = nullptr;
         OSStatus status = m_utils->CreateTrustObject(certArray.get(), policy.get(), &rawTrust);
@@ -99,7 +98,7 @@ namespace https_socket_verify_utils
             return false;
         }
 
-        trust.reset(rawTrust);
+        trust = SecTrustPtr(rawTrust, m_deleter);
         return true;
     }
 
@@ -110,20 +109,19 @@ namespace https_socket_verify_utils
 
         if (!trustResult && errorRef)
         {
-            CFErrorPtr error(const_cast<__CFError*>(errorRef));
+            CFErrorPtr error(const_cast<__CFError*>(errorRef), m_deleter);
 
-            CFStringPtr errorDesc(m_utils->CopyErrorDescription(errorRef));
+            CFStringPtr errorDesc(m_utils->CopyErrorDescription(errorRef), m_deleter);
             std::string errorString = m_utils->GetStringCFString(errorDesc.get());
             LogError("Trust evaluation failed: {}", errorString);
         }
 
-        m_utils->ReleaseCFObject(errorRef);
         return trustResult;
     }
 
     bool HttpsVerifier::ValidateHostname(const SecCertificatePtr& serverCert)
     {
-        CFStringPtr sanString(m_utils->CopySubjectSummary(serverCert.get()));
+        CFStringPtr sanString(m_utils->CopySubjectSummary(serverCert.get()), m_deleter);
         if (!sanString)
         {
             LogError("Failed to retrieve SAN or CN for hostname validation.");