From 6dec6530c5ba895a55edcf1db8f4bdeec5521acc Mon Sep 17 00:00:00 2001 From: relikd Date: Wed, 5 Nov 2025 02:04:28 +0100 Subject: [PATCH] fix: check for empty entitlements dict --- src/Entitlements.swift | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/Entitlements.swift b/src/Entitlements.swift index 49d050d..ff9e17c 100644 --- a/src/Entitlements.swift +++ b/src/Entitlements.swift @@ -67,6 +67,8 @@ struct Entitlements { // MARK: - SecCode in-memory reader + // Same as system call: + // `codesign -d ./binary --entitlements - --xml` or: `codesign -d ./binary --entitlements :-` /// use in-memory `SecCode` for entitlement extraction private func getSecCodeEntitlements() -> PlistDict? { let url = URL(fileURLWithPath: self.binaryPath) @@ -84,13 +86,13 @@ struct Entitlements { // if 'entitlements-dict' key exists, use that one os_log(.debug, log: log, "[entitlements] read SecCode 'entitlements-dict' key") - if let plist = requirementInfo[kSecCodeInfoEntitlementsDict as String] as? PlistDict { + if let plist = requirementInfo[kSecCodeInfoEntitlementsDict as String] as? PlistDict, !plist.isEmpty { return plist } // else, fallback to parse data from 'entitlements' key os_log(.debug, log: log, "[entitlements] read SecCode 'entitlements' key") - guard let data = requirementInfo[kSecCodeInfoEntitlements as String] as? Data else { + guard let data = requirementInfo[kSecCodeInfoEntitlements as String] as? Data, !data.isEmpty else { return nil } @@ -107,7 +109,10 @@ struct Entitlements { os_log(.error, log: log, "[entitlements] unpack error for FADE7171 size %lu != %lu", data.count, size) // but try anyway } - return data.subdata(in: 8..