Home/ Questions/Q 6713957
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T08:26:25+00:00

Sometimes when trying to get a path to a keychain returned by SecKeychainCopySearchList I

  • 0

Sometimes when trying to get a path to a keychain returned by SecKeychainCopySearchList I get error with code -25301 which from the list of errors stands for errSecBufferTooSmall. The SecCopyErrorMessageString states:

There is not enough memory available to use the specified item.

Weird thing is that it doesn’t always return the error on the very same keychain reference.

Here’s how I try to get the path to the keychain:

- (NSString *)getKeychainPath:(SecKeychainRef)keychain {
    char *pathName = malloc(sizeof(*pathName) * 1024);
    UInt32 pathLength;
    OSStatus errCode = SecKeychainGetPath(keychain, &pathLength, pathName);
    if (errCode != errSecSuccess) {
        NSString *errString = (NSString *)SecCopyErrorMessageString(errCode, NULL);
        DLog(@"%d: %@", errCode, errString);
    }
    NSData *d = [NSData dataWithBytes:pathName length:pathLength];
    return [[[NSString alloc] initWithData:d encoding:NSUTF8StringEncoding] autorelease];
}

I’m interested in what buffer does the function use? I’ve tried outputting the pathLength variable but it’s way bellow the 1K bytes. What am I doing wrong? What should I do to avoid these errors? Can they be bypassed by any way at all?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From the SecKeychainGetPath documentation:

    ioPathLength

    On entry, a pointer to a variable containing the length (in bytes) of the buffer specified by pathName.
    On return, the string length of pathName, not including the null termination.

    You’re not doing the “on input” part. You need to initialize pathLength to the size of the pathName buffer. For example:

    UInt32 pathLength = 1024;
char *pathName = malloc(pathLength);
    • 0