NSURLSession Leaks During client authentication
| Originator: | bur | ||
| Number: | rdar://27501834 | Date Originated: | 22-Jul-2016 05:31 PM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.11.6 |
| Classification: | Security | Reproducible: | Always |
Summary:
NSURLSession's dataTaskWithRequest:completionHandler: leaks when performing a request that invokes URLSession:didReceiveChallenge:completionHandler: for client certificate authentication. A delegate does not even need to be setup to handle the challenge, as seen in the following example. There are no issues with actually getting client authentication working, but the leaks are alarming for long running processes.
Changing the URL to another site that does not require client authentication results in no leaks.
NSURLRequest *req = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://clientauth.exaple.com"]];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration ephemeralSessionConfiguration]];
[[session dataTaskWithRequest:req completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
NSLog(@"%@", response);
}] resume];
[session finishTasksAndInvalidate];
Steps to Reproduce:
1. Run the attached test app through Instruments.
Expected Results:
There should be no leaks.
Actual Results:
The test program leaks:
Leaked Object # Address Size Responsible Library Responsible Frame
Malloc 64 Bytes 1 0x600000269940 64 Bytes Security DefaultAllocator::malloc(unsigned long)
Malloc 16 Bytes 1 0x600000010430 16 Bytes Security DefaultAllocator::malloc(unsigned long)
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!