santad: Reject addRules requests with empty/nil array. Also switch to NSUInteger for rule counts.

Source/santad/SNTRuleTable.h

@@ -27,17 +27,17 @@
 ///
 ///  @return Number of rules in the database
 ///
-- (long)ruleCount;
+- (NSUInteger)ruleCount;
 
 ///
 ///  @return Number of binary rules in the database
 ///
-- (long)binaryRuleCount;
+- (NSUInteger)binaryRuleCount;
 
 ///
 ///  @return Number of certificate rules in the database
 ///
-- (long)certificateRuleCount;
+- (NSUInteger)certificateRuleCount;
 
 ///
 ///  @return Rule for binary with given SHA-256

Source/santad/SNTRuleTable.m

@@ -16,6 +16,7 @@
 
 #import "SNTCertificate.h"
 #import "SNTCodesignChecker.h"
+#import "SNTLogging.h"
 #import "SNTRule.h"
 
 @implementation SNTRuleTable
@@ -54,22 +55,24 @@
 
 #pragma mark Entry Counts
 
-- (long)ruleCount {
-  __block long count = 0;
-  [self inDatabase:^(FMDatabase *db) { count = [db longForQuery:@"SELECT COUNT(*) FROM rules"]; }];
+- (NSUInteger)ruleCount {
+  __block NSUInteger count = 0;
+  [self inDatabase:^(FMDatabase *db) {
+    count = [db longForQuery:@"SELECT COUNT(*) FROM rules"];
+  }];
   return count;
 }
 
-- (long)binaryRuleCount {
-  __block long count = 0;
+- (NSUInteger)binaryRuleCount {
+  __block NSUInteger count = 0;
   [self inDatabase:^(FMDatabase *db) {
       count = [db longForQuery:@"SELECT COUNT(*) FROM binrules"];
   }];
   return count;
 }
 
-- (long)certificateRuleCount {
-  __block long count = 0;
+- (NSUInteger)certificateRuleCount {
+  __block NSUInteger count = 0;
   [self inDatabase:^(FMDatabase *db) {
       count = [db longForQuery:@"SELECT COUNT(*) FROM certrules"];
   }];
@@ -120,6 +123,11 @@
 - (BOOL)addRules:(NSArray *)rules cleanSlate:(BOOL)cleanSlate {
   __block BOOL failed = NO;
 
+  if (!rules || rules.count < 1) {
+    LOGE(@"Received request to add rules with nil/empty array.");
+    return NO;
+  }
+
   [self inTransaction:^(FMDatabase *db, BOOL *rollback) {
       if (cleanSlate) {
         [db executeUpdate:@"DELETE FROM rules"];