WebKit Bugzilla
Attachment 340021 Details for
Bug 185489
: Restrict unarchiving of bundle parameters to a set of known classes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185489-20180509141003.patch (text/plain), 1.99 KB, created by
Brent Fulgham
on 2018-05-09 14:10:03 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2018-05-09 14:10:03 PDT
Size:
1.99 KB
patch
obsolete
>Subversion Revision: 231475 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 846d9ba8300eb880c984c2177f07851016c1615b..a62e58c3f5d02a61aa273fd10632f74362203fbb 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2018-05-09 Brent Fulgham <bfulgham@apple.com> >+ >+ Restrict unarchiving of bundle parameters to a set of known classes >+ https://bugs.webkit.org/show_bug.cgi?id=185489 >+ <rdar://problem/21912401> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Stop accepting anything derived from NSObject, and instead only agree to unarchive objects >+ from a set of things we actually pass as InjectedBundle parameters. >+ >+ * WebProcess/InjectedBundle/mac/InjectedBundleMac.mm: >+ (WebKit::InjectedBundle::setBundleParameter): >+ > 2018-05-07 Alex Christensen <achristensen@webkit.org> > > WebResourceLoadStatisticsStore::requestStorageAccess should call its completion handler on the main thread >diff --git a/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm b/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm >index 456907eb7b2ffb3f333722d8b6edad2181be2a50..b9d29a7b8e9fde1e84c41c2c9a6550f719996770 100644 >--- a/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm >+++ b/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm >@@ -181,7 +181,7 @@ void InjectedBundle::setBundleParameter(const String& key, const IPC::DataRefere > > id parameter = nil; > @try { >- parameter = [unarchiver decodeObjectOfClass:[NSObject class] forKey:@"parameter"]; >+ parameter = [unarchiver decodeObjectOfClasses:[NSSet setWithObjects:[NSArray class], [NSData class], [NSDate class], [NSDictionary class], [NSNull class], [NSNumber class], [NSSet class], [NSString class], [NSTimeZone class], [NSURL class], [NSUUID class], nil] forKey:@"parameter"]; > } @catch (NSException *exception) { > LOG_ERROR("Failed to decode bundle parameter: %@", exception); > return;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340021">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
rniwa
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185489
: 340021