135241 2014-07-24 10:07:06 -0700 [Cocoa] WebProtectionSpace::receivesCredentialSecurely incorrectly returns false in some cases 2014-07-25 09:40:26 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mitz mitz ap beidson oldest_to_newest 1024527 0 mitz 2014-07-24 10:07:06 -0700 WebProtectionSpace::receivesCredentialSecurely uses the generic test in WebCore::ProtectionSpace (perhaps soon to be in ProtectionSpaceBase), rather than -[NSURLProtectionSpace receivesCredentialSecurely]. This leads to false negatives, such as in the case of an HTTP server with NEGO/NTLM authentication. This causes the authentication sheet in Safari to falsely say that the password will be sent unencrypted. 1024791 1 235502 mitz 2014-07-24 22:33:19 -0700 Created attachment 235502 Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa 1024842 2 mitz 2014-07-25 09:40:26 -0700 Fixed in <http://trac.webkit.org/r171599>. 235502 2014-07-24 22:33:19 -0700 2014-07-24 22:58:43 -0700 Add an override or receivesCredentialSecurely in ProtectionSpaceCocoa bug-135241-20140724223304.patch text/plain 3433 mitz SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3MTU4MCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE0LTA3LTI0ICBEYW4gQmVy bnN0ZWluICA8bWl0ekBhcHBsZS5jb20+CisKKyAgICAgICAgW0NvY29hXSBXZWJQcm90ZWN0aW9u U3BhY2U6OnJlY2VpdmVzQ3JlZGVudGlhbFNlY3VyZWx5IGluY29ycmVjdGx5IHJldHVybnMgZmFs c2UgaW4gc29tZSBjYXNlcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1 Zy5jZ2k/aWQ9MTM1MjQxCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgKiBXZWJDb3JlLmV4cC5pbjogRXhwb3J0IFByb3RlY3Rpb25TcGFjZTo6cmVjZWl2 ZXNDcmVkZW50aWFsU2VjdXJlbHkuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL2NvY29h L1Byb3RlY3Rpb25TcGFjZUNvY29hLmg6IERlY2xhcmUgb3ZlcnJpZGUgb2YgcmVjZWl2ZXNDcmVk ZW50aWFsU2VjdXJlbHkuCisgICAgICAgICogcGxhdGZvcm0vbmV0d29yay9jb2NvYS9Qcm90ZWN0 aW9uU3BhY2VDb2NvYS5tbToKKyAgICAgICAgKFdlYkNvcmU6OlByb3RlY3Rpb25TcGFjZTo6cmVj ZWl2ZXNDcmVkZW50aWFsU2VjdXJlbHkpOiBVc2UgLVtOU1VSTFByb3RlY3Rpb25TcGFjZSByZWNl aXZlc0NyZWRlbnRpYWxTZWN1cmVseV0uCisKIDIwMTQtMDctMjQgIFJ5b3N1a2UgTml3YSAgPHJu aXdhQHdlYmtpdC5vcmc+CiAKICAgICAgICAgUkVHUkVTU0lPTihyMTY0NDAxKTogUGxhY2luZyBh IGNhcmV0IGRvZXNuJ3QgYnJpbmcgdXAgYXV0b2NvcnJlY3Rpb24gcGFuZWwKSW5kZXg6IFNvdXJj ZS9XZWJDb3JlL1dlYkNvcmUuZXhwLmluCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL1dl YkNvcmUuZXhwLmluCShyZXZpc2lvbiAxNzE1NzgpCisrKyBTb3VyY2UvV2ViQ29yZS9XZWJDb3Jl LmV4cC5pbgkod29ya2luZyBjb3B5KQpAQCAtMTc0Miw2ICsxNzQyLDcgQEAgX19aTks3V2ViQ29y ZTE1R3JhcGhpY3NMYXllckNBNDRwbGF0Zm9ybQogX19aTks3V2ViQ29yZTE1R3JhcGhpY3NMYXll ckNBNDlwbGF0Zm9ybUNBTGF5ZXJDb250ZW50c1NjYWxlTXVsdGlwbGllckZvck5ld1RpbGVzRVBO U18xNVBsYXRmb3JtQ0FMYXllckUKIF9fWk5LN1dlYkNvcmUxNUdyYXBoaWNzTGF5ZXJDQTQ5cGxh dGZvcm1DQUxheWVyU2hvdWxkVGVtcG9yYXJpbHlSZXRhaW5UaWxlQ29ob3J0c0VQTlNfMTVQbGF0 Zm9ybUNBTGF5ZXJFCiBfX1pOSzdXZWJDb3JlMTVQcm9ncmVzc1RyYWNrZXIxN2VzdGltYXRlZFBy b2dyZXNzRXYKK19fWk5LN1dlYkNvcmUxNVByb3RlY3Rpb25TcGFjZTI2cmVjZWl2ZXNDcmVkZW50 aWFsU2VjdXJlbHlFdgogX19aTks3V2ViQ29yZTE1UHJvdGVjdGlvblNwYWNlN25zU3BhY2VFdgog X19aTks3V2ViQ29yZTE1UmVzb3VyY2VSZXF1ZXN0MTJjZlVSTFJlcXVlc3RFTlNfMjBIVFRQQm9k eVVwZGF0ZVBvbGljeUUKIF9fWk5LN1dlYkNvcmUxNVJlc291cmNlUmVxdWVzdDEybnNVUkxSZXF1 ZXN0RU5TXzIwSFRUUEJvZHlVcGRhdGVQb2xpY3lFCkBAIC0xODAzLDcgKzE4MDQsNiBAQCBfX1pO SzdXZWJDb3JlMTlNZWRpYVNlc3Npb25NYW5hZ2VyMzBhcHBsCiBfX1pOSzdXZWJDb3JlMTlNZWRp YVNlc3Npb25NYW5hZ2VyMzBhcHBsaWNhdGlvbldpbGxFbnRlckZvcmVncm91bmRFdgogX19aTks3 V2ViQ29yZTE5UHJvdGVjdGlvblNwYWNlQmFzZTEwc2VydmVyVHlwZUV2CiBfX1pOSzdXZWJDb3Jl MTlQcm90ZWN0aW9uU3BhY2VCYXNlMjBhdXRoZW50aWNhdGlvblNjaGVtZUV2Ci1fX1pOSzdXZWJD b3JlMTlQcm90ZWN0aW9uU3BhY2VCYXNlMjZyZWNlaXZlc0NyZWRlbnRpYWxTZWN1cmVseUV2CiBf X1pOSzdXZWJDb3JlMTlQcm90ZWN0aW9uU3BhY2VCYXNlNGhvc3RFdgogX19aTks3V2ViQ29yZTE5 UHJvdGVjdGlvblNwYWNlQmFzZTRwb3J0RXYKIF9fWk5LN1dlYkNvcmUxOVByb3RlY3Rpb25TcGFj ZUJhc2U1cmVhbG1FdgpJbmRleDogU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9jb2Nv YS9Qcm90ZWN0aW9uU3BhY2VDb2NvYS5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3Bs YXRmb3JtL25ldHdvcmsvY29jb2EvUHJvdGVjdGlvblNwYWNlQ29jb2EuaAkocmV2aXNpb24gMTcx NTc4KQorKysgU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9jb2NvYS9Qcm90ZWN0aW9u U3BhY2VDb2NvYS5oCSh3b3JraW5nIGNvcHkpCkBAIC01OCw2ICs1OCw4IEBAIHB1YmxpYzoKICAg ICBib29sIGVuY29kaW5nUmVxdWlyZXNQbGF0Zm9ybURhdGEoKSBjb25zdCB7IHJldHVybiBtX25z U3BhY2UgJiYgZW5jb2RpbmdSZXF1aXJlc1BsYXRmb3JtRGF0YShtX25zU3BhY2UuZ2V0KCkpOyB9 CiAjZW5kaWYKIAorICAgIGJvb2wgcmVjZWl2ZXNDcmVkZW50aWFsU2VjdXJlbHkoKSBjb25zdDsK KwogI2lmIFVTRShDRk5FVFdPUkspCiAgICAgQ0ZVUkxQcm90ZWN0aW9uU3BhY2VSZWYgY2ZTcGFj ZSgpIGNvbnN0OwogI2VuZGlmCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3Jr L2NvY29hL1Byb3RlY3Rpb25TcGFjZUNvY29hLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJD b3JlL3BsYXRmb3JtL25ldHdvcmsvY29jb2EvUHJvdGVjdGlvblNwYWNlQ29jb2EubW0JKHJldmlz aW9uIDE3MTU3OCkKKysrIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvY29jb2EvUHJv dGVjdGlvblNwYWNlQ29jb2EubW0JKHdvcmtpbmcgY29weSkKQEAgLTE5NSw2ICsxOTUsMTEgQEAg Ym9vbCBQcm90ZWN0aW9uU3BhY2U6OnBsYXRmb3JtQ29tcGFyZShjbwogICAgIHJldHVybiBbYS5u c1NwYWNlKCkgaXNFcXVhbDpiLm5zU3BhY2UoKV07CiB9CiAKK2Jvb2wgUHJvdGVjdGlvblNwYWNl OjpyZWNlaXZlc0NyZWRlbnRpYWxTZWN1cmVseSgpIGNvbnN0Cit7CisgICAgcmV0dXJuIG5zU3Bh Y2UoKS5yZWNlaXZlc0NyZWRlbnRpYWxTZWN1cmVseTsKK30KKwogI2lmIFBMQVRGT1JNKElPUykg fHwgX19NQUNfT1NfWF9WRVJTSU9OX01JTl9SRVFVSVJFRCA+PSAxMDkwCiBib29sIFByb3RlY3Rp b25TcGFjZTo6ZW5jb2RpbmdSZXF1aXJlc1BsYXRmb3JtRGF0YShOU1VSTFByb3RlY3Rpb25TcGFj ZSAqc3BhY2UpCiB7Cg==