What sort of bugs does the “Misuse of Keychain Services API” analysis find?

Question

Xcode 4.6 has a build setting labeled “Misuse of Keychain Services API”, a.k.a. CLANG_ANALYZER_SECURITY_KEYCHAIN_API. The Quick Help is unhelpful:

Check for misuse of Keychain Services API.

So, what sort of “misuses” does the Clang Static Analyzer look for when this is on?

Answer 1

It's intended to ensure that memory allocated by functions in the Keychain Services API is deallocated in the correct manner by the caller. For instance, SecKeychainFindGenericPassword returns password data via an output parameter. The caller is required to deallocate this data via SecKeychainItemFreeContent rather than alternative APIs like free. Failing to use the correct API can leave sensitive data (e.g., the password) in memory.

You can see the implementation of this checker in the LLVM SVN repository if you're interested in more detail.

Answer 2

Comments in the source code explain that:

// This checker flags misuses of KeyChainAPI. In particular, the password data
// allocated/returned by SecKeychainItemCopyContent,
// SecKeychainFindGenericPassword, SecKeychainFindInternetPassword functions has
// to be freed using a call to SecKeychainItemFreeContent.

It doesn't appear to do anything more fancy than that.