137009 CVE-2014-4452 2014-09-22 13:11:08 -0700 WebSocket crash when a connection is closed from server side 2014-11-30 14:25:42 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ap ap ayao stuartmorgan oldest_to_newest 1036582 0 ap 2014-09-22 13:11:08 -0700 rdar://problem/12708225 rdar://problem/18333977 1036586 1 238494 ap 2014-09-22 13:18:45 -0700 Created attachment 238494 proposed fix 1036598 2 ap 2014-09-22 14:10:54 -0700 Committed <http://trac.webkit.org/r173848>. 1051365 3 ap 2014-11-30 14:25:42 -0800 *** Bug 138749 has been marked as a duplicate of this bug. *** 238494 2014-09-22 13:18:45 -0700 2014-09-22 13:20:00 -0700 proposed fix ClosingHandshakeCrash.txt text/plain 4122 ap SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3Mzg0NikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBACisyMDE0LTA5LTIyICBBbGV4ZXkg UHJvc2t1cnlha292ICA8YXBAYXBwbGUuY29tPgorCisgICAgICAgIFdlYlNvY2tldCBjcmFzaCB3 aGVuIGEgY29ubmVjdGlvbiBpcyBjbG9zZWQgZnJvbSBzZXJ2ZXIgc2lkZQorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM3MDA5CisgICAgICAgIHJkYXI6 Ly9wcm9ibGVtLzE4MzMzOTc3CisgICAgICAgIHJkYXI6Ly9wcm9ibGVtLzEyNzA4MjI1CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSSBkb24ndCB0aGlu ayB0aGF0IHRoaXMgY2FuIGJlIHRlc3RlZCB3aXRoIG91ciB0ZXN0IHNlcnZlci4KKworICAgICAg ICAqIE1vZHVsZXMvd2Vic29ja2V0cy9XZWJTb2NrZXRDaGFubmVsLmNwcDoKKyAgICAgICAgKFdl YkNvcmU6OldlYlNvY2tldENoYW5uZWw6OldlYlNvY2tldENoYW5uZWwpOiBBZGRlZCBsb2dnaW5n LgorICAgICAgICAoV2ViQ29yZTo6V2ViU29ja2V0Q2hhbm5lbDo6fldlYlNvY2tldENoYW5uZWwp OiBEaXR0by4KKyAgICAgICAgKFdlYkNvcmU6OldlYlNvY2tldENoYW5uZWw6OmNsb3NlKTogUHJv dGVjdCBzZWxmLCBiZWNhdXNlIHN0YXJ0Q2xvc2luZ0hhbmRzaGFrZQorICAgICAgICBjYW4gcmVs ZWFzZSB0aGUgbGFzdCByZWZlcmVuY2UuCisgICAgICAgIChXZWJDb3JlOjpXZWJTb2NrZXRDaGFu bmVsOjpmYWlsKTogQWRkZWQgYW4gYXNzZXJ0aW9uIHRoYXQgdGhlIGNoYW5uZWwgaXMgYWx3YXlz CisgICAgICAgIGNsb3NlZCBhZnRlciB0aGlzIGZ1bmN0aW9uLgorICAgICAgICAoV2ViQ29yZTo6 V2ViU29ja2V0Q2hhbm5lbDo6c3RhcnRDbG9zaW5nSGFuZHNoYWtlKTogUHJvdGVjdCBzZWxmLCBh bmQgZG9uJ3QgY2hhbmdlCisgICAgICAgIHRoZSBzdGFjayBmcm9tIGNsb3NlZCBiYWNrIHRvIGNs b3NpbmcgaWYgYWZ0ZXIgZmFpbGluZyB0byBzZW5kIGNsb3NpbmcgaGFuZHNoYWtlLgorICAgICAg ICAoV2ViQ29yZTo6V2ViU29ja2V0Q2hhbm5lbDo6cHJvY2Vzc091dGdvaW5nRnJhbWVRdWV1ZSk6 IFByb3RlY3Qgc2VsZi4KKwogMjAxNC0wOS0yMiAgRGF2aWQgSHlhdHQgIDxoeWF0dEBhcHBsZS5j b20+CiAKICAgICAgICAgQmFkIGNhc3QgaW4gaXNWYWxpZENvbHVtblNwYW5uZXIuCkluZGV4OiBT b3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYnNvY2tldHMvV2ViU29ja2V0Q2hhbm5lbC5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJzb2NrZXRzL1dlYlNvY2tldENo YW5uZWwuY3BwCShyZXZpc2lvbiAxNzM4MzkpCisrKyBTb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dl YnNvY2tldHMvV2ViU29ja2V0Q2hhbm5lbC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTg1LDEwICs4 NSwxMyBAQCBXZWJTb2NrZXRDaGFubmVsOjpXZWJTb2NrZXRDaGFubmVsKERvY3VtCiB7CiAgICAg aWYgKFBhZ2UqIHBhZ2UgPSBtX2RvY3VtZW50LT5wYWdlKCkpCiAgICAgICAgIG1faWRlbnRpZmll ciA9IHBhZ2UtPnByb2dyZXNzKCkuY3JlYXRlVW5pcXVlSWRlbnRpZmllcigpOworCisgICAgTE9H KE5ldHdvcmssICJXZWJTb2NrZXRDaGFubmVsICVwIGN0b3IsIGlkZW50aWZpZXIgJWx1IiwgdGhp cywgbV9pZGVudGlmaWVyKTsKIH0KIAogV2ViU29ja2V0Q2hhbm5lbDo6fldlYlNvY2tldENoYW5u ZWwoKQogeworICAgIExPRyhOZXR3b3JrLCAiV2ViU29ja2V0Q2hhbm5lbCAlcCBkdG9yIiwgdGhp cyk7CiB9CiAKIHZvaWQgV2ViU29ja2V0Q2hhbm5lbDo6Y29ubmVjdChjb25zdCBVUkwmIHVybCwg Y29uc3QgU3RyaW5nJiBwcm90b2NvbCkKQEAgLTE4MSw2ICsxODQsNyBAQCB2b2lkIFdlYlNvY2tl dENoYW5uZWw6OmNsb3NlKGludCBjb2RlLCBjCiAgICAgQVNTRVJUKCFtX3N1c3BlbmRlZCk7CiAg ICAgaWYgKCFtX2hhbmRsZSkKICAgICAgICAgcmV0dXJuOworICAgIFJlZjxXZWJTb2NrZXRDaGFu bmVsPiBwcm90ZWN0KCp0aGlzKTsgLy8gQW4gYXR0ZW1wdCB0byBzZW5kIGNsb3NpbmcgaGFuZHNo YWtlIG1heSBmYWlsLCB3aGljaCB3aWxsIGdldCB0aGUgY2hhbm5lbCBjbG9zZWQgYW5kIGRlcmVm ZXJlbmNlZC4KICAgICBzdGFydENsb3NpbmdIYW5kc2hha2UoY29kZSwgcmVhc29uKTsKICAgICBp ZiAobV9jbG9zaW5nICYmICFtX2Nsb3NpbmdUaW1lci5pc0FjdGl2ZSgpKQogICAgICAgICBtX2Ns b3NpbmdUaW1lci5zdGFydE9uZVNob3QoMiAqIFRDUE1heGltdW1TZWdtZW50TGlmZXRpbWUpOwpA QCAtMjA4LDYgKzIxMiw4IEBAIHZvaWQgV2ViU29ja2V0Q2hhbm5lbDo6ZmFpbChjb25zdCBTdHJp bmcKIAogICAgIGlmIChtX2hhbmRsZSAmJiAhbV9jbG9zZWQpCiAgICAgICAgIG1faGFuZGxlLT5k aXNjb25uZWN0KCk7IC8vIFdpbGwgY2FsbCBkaWRDbG9zZSgpLgorCisgICAgQVNTRVJUKG1fY2xv c2VkKTsKIH0KIAogdm9pZCBXZWJTb2NrZXRDaGFubmVsOjpkaXNjb25uZWN0KCkKQEAgLTQ1OCw2 ICs0NjQsNyBAQCB2b2lkIFdlYlNvY2tldENoYW5uZWw6OnJlc3VtZVRpbWVyRmlyZWQoCiB2b2lk IFdlYlNvY2tldENoYW5uZWw6OnN0YXJ0Q2xvc2luZ0hhbmRzaGFrZShpbnQgY29kZSwgY29uc3Qg U3RyaW5nJiByZWFzb24pCiB7CiAgICAgTE9HKE5ldHdvcmssICJXZWJTb2NrZXRDaGFubmVsICVw IHN0YXJ0Q2xvc2luZ0hhbmRzaGFrZSgpIGNvZGU9JWQgbV9yZWNlaXZlZENsb3NpbmdIYW5kc2hh a2U9JWQiLCB0aGlzLCBtX2Nsb3NpbmcsIG1fcmVjZWl2ZWRDbG9zaW5nSGFuZHNoYWtlKTsKKyAg ICBBU1NFUlQoIW1fY2xvc2VkKTsKICAgICBpZiAobV9jbG9zaW5nKQogICAgICAgICByZXR1cm47 CiAgICAgQVNTRVJUKG1faGFuZGxlKTsKQEAgLTQ3MSw4ICs0NzgsMTQgQEAgdm9pZCBXZWJTb2Nr ZXRDaGFubmVsOjpzdGFydENsb3NpbmdIYW5kcwogICAgICAgICBidWYuYXBwZW5kKHJlYXNvbi51 dGY4KCkuZGF0YSgpLCByZWFzb24udXRmOCgpLmxlbmd0aCgpKTsKICAgICB9CiAgICAgZW5xdWV1 ZVJhd0ZyYW1lKFdlYlNvY2tldEZyYW1lOjpPcENvZGVDbG9zZSwgYnVmLmRhdGEoKSwgYnVmLnNp emUoKSk7CisgICAgUmVmPFdlYlNvY2tldENoYW5uZWw+IHByb3RlY3QoKnRoaXMpOyAvLyBBbiBh dHRlbXB0IHRvIHNlbmQgY2xvc2luZyBoYW5kc2hha2UgbWF5IGZhaWwsIHdoaWNoIHdpbGwgZ2V0 IHRoZSBjaGFubmVsIGNsb3NlZCBhbmQgZGVyZWZlcmVuY2VkLgogICAgIHByb2Nlc3NPdXRnb2lu Z0ZyYW1lUXVldWUoKTsKIAorICAgIGlmIChtX2Nsb3NlZCkgeworICAgICAgICAvLyBUaGUgY2hh bm5lbCBnb3QgY2xvc2VkIGJlY2F1c2UgcHJvY2Vzc091dGdvaW5nRnJhbWVRdWV1ZSgpIGZhaWxl ZC4KKyAgICAgICAgcmV0dXJuOworICAgIH0KKwogICAgIG1fY2xvc2luZyA9IHRydWU7CiAgICAg aWYgKG1fY2xpZW50KQogICAgICAgICBtX2NsaWVudC0+ZGlkU3RhcnRDbG9zaW5nSGFuZHNoYWtl KCk7CkBAIC03MDYsNiArNzE5LDggQEAgdm9pZCBXZWJTb2NrZXRDaGFubmVsOjpwcm9jZXNzT3V0 Z29pbmdGcgogICAgIGlmIChtX291dGdvaW5nRnJhbWVRdWV1ZVN0YXR1cyA9PSBPdXRnb2luZ0Zy YW1lUXVldWVDbG9zZWQpCiAgICAgICAgIHJldHVybjsKIAorICAgIFJlZjxXZWJTb2NrZXRDaGFu bmVsPiBwcm90ZWN0KCp0aGlzKTsgLy8gQW55IGNhbGwgdG8gZmFpbCgpIHdpbGwgZ2V0IHRoZSBj aGFubmVsIGNsb3NlZCBhbmQgZGVyZWZlcmVuY2VkLgorCiAgICAgd2hpbGUgKCFtX291dGdvaW5n RnJhbWVRdWV1ZS5pc0VtcHR5KCkpIHsKICAgICAgICAgT3duUHRyPFF1ZXVlZEZyYW1lPiBmcmFt ZSA9IG1fb3V0Z29pbmdGcmFtZVF1ZXVlLnRha2VGaXJzdCgpOwogICAgICAgICBzd2l0Y2ggKGZy YW1lLT5mcmFtZVR5cGUpIHsK