Summary: | Handle key generation with empty challenge string | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | John Wilander <wilander> | ||||||||
Component: | WebCore Misc. | Assignee: | John Wilander <wilander> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | andersca, conrad_shultz, webkit-bug-importer, wilander | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Description
John Wilander
2016-12-13 18:48:24 PST
Created attachment 297057 [details]
Patch
Comment on attachment 297057 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297057&action=review > Source/WebCore/platform/mac/SSLKeyGeneratorMac.mm:180 > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Data = (uint8 *)strdup("\0"); Does this need to be freed at some point? Created attachment 297104 [details]
Patch
(In reply to comment #3) > Comment on attachment 297057 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=297057&action=review > > > Source/WebCore/platform/mac/SSLKeyGeneratorMac.mm:180 > > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Data = (uint8 *)strdup("\0"); > > Does this need to be freed at some point? Thanks! You're right. The old deallocation strategy was very different and covered this part too. But after a conversation with Anders Carlsson I found a simpler fix that doesn't require string duplication. See new patch. Comment on attachment 297104 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297104&action=review > Source/WebCore/platform/mac/SSLKeyGeneratorMac.mm:184 > + if (!challenge.length()) { > + // Needed to account for the null terminator > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = 1; > + } else > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = challenge.length(); I'm wondering whether this can just be signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = challenge.length() + 1; always? Created attachment 297109 [details]
Patch
(In reply to comment #6) > Comment on attachment 297104 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=297104&action=review > > > Source/WebCore/platform/mac/SSLKeyGeneratorMac.mm:184 > > + if (!challenge.length()) { > > + // Needed to account for the null terminator > > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = 1; > > + } else > > + signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = challenge.length(); > > I'm wondering whether this can just be > > signedPublicKeyAndChallenge.publicKeyAndChallenge.challenge.Length = > challenge.length() + 1; > > always? Seems to work. And it is aligned with the other place where we set the Length in a CSSM_DATA struct: uint8 encodeNull[2] { SEC_ASN1_NULL, 0 }; ... signedPublicKeyAndChallenge.algorithmIdentifier.parameters.Data = (uint8 *)encodeNull; signedPublicKeyAndChallenge.algorithmIdentifier.parameters.Length = 2; See new patch. Comment on attachment 297109 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=297109&action=review > Source/WebCore/platform/mac/SSLKeyGeneratorMac.mm:180 > + // Length needs to account for the null terminator Add a period to make this a proper sentence. Committed r209822: <http://trac.webkit.org/changeset/209822> |