Bug 27664 - SecRecord class bindings make invalid assumption that values are strings
Summary: SecRecord class bindings make invalid assumption that values are strings
Alias: None
Product: iOS
Classification: Xamarin
Component: Xamarin.iOS.dll ()
Version: XI 8.6.0
Hardware: PC Mac OS
: High normal
Target Milestone: Untriaged
Assignee: Bugzilla
Depends on:
Reported: 2015-03-04 15:28 UTC by Adam Kemp
Modified: 2015-04-06 22:54 UTC (History)
2 users (show)

Is this bug a regression?: ---
Last known good build:

Test case (8.56 KB, application/zip)
2015-03-04 15:28 UTC, Adam Kemp

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Adam Kemp 2015-03-04 15:28:50 UTC
Created attachment 10158 [details]
Test case

The SecRecord class wraps a dictionary that is used by the lower-level iOS keychain API. Using the lower-level API you can put different types of data in the dictionary, but the bindings assume the data is a string.

More concretely, I found that the Flurry analytics package (http://www.flurry.com/solutions/analytics) stores an NSMutableData object in the keychain for the "Account" key. Our app crashed when we tried to enumerate the records in the keychain and inspect the Account property because the SecRecord binding tried to cast the NSMutableData to an NSString.

To reproduce this I created an application that does the following:

1. Uses the lower-level API to add a keychain entry with an NSMutableData value for the Account key.
2. Uses the lower-level API to query the keychain and prove that the NSMutableData is accessible and usable.
3. Uses the Xamarin bindings to query the keychain and access the Account value for the previously added record. This crashes.

If the first two actions are possible (adding and then accessing a record with NSMutableData values) then the third should be as well.

To see the crash open the attached solution and run it. The work is done in the FinishedLaunching method of the app delegate.
Comment 1 Miguel de Icaza [MSFT] 2015-04-06 22:51:59 UTC
This should be fixed now.

The property will return null on this case, but I wonder if we should now surface a different convenience property that surfaces arbitrary NSObjects.
Comment 2 Adam Kemp 2015-04-06 22:54:56 UTC

The underlying API just uses dictionaries. If you exposed the dictionary and the string constants for keys that should be sufficient for low level use cases.