Bug 124297

Summary: Check WebCrypto parameter types when casting
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: WebCore Misc.Assignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 122679    
Attachments:
Description Flags
proposed patch sam: review+

Description Alexey Proskuryakov 2013-11-13 11:24:28 PST
WebCrypto parameters are built in C++ code right before using them, so there is no opportunity for an attacker to pass a wrong one form JS. But there is so much code dealing with them that there is a lot of opportunities to make a typo.
Comment 1 Alexey Proskuryakov 2013-11-13 11:27:07 PST
Created attachment 216825 [details]
proposed patch
Comment 2 Alexey Proskuryakov 2013-11-13 11:31:14 PST
Committed <http://trac.webkit.org/r159213>.