Bug 185489

Summary:

Restrict unarchiving of bundle parameters to a set of known classes

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit2

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, ddkilzer, rniwa

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	rniwa: review+

Brent Fulgham

Reported 2018-05-09 14:01:19 PDT

To protect WebKit from malicious software, we should restrict the classes we will unarchive when passed a bundle parameter. Currently we allow anything descending from NSObject, which is far to large a set of objects. This is follow-up work to Bug 178484.

Attachments
Patch (1.99 KB, patch) 2018-05-09 14:10 PDT, Brent Fulgham	rniwa: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2018-05-09 14:07:13 PDT

<rdar://problem/21912401>

Brent Fulgham

Comment 2 2018-05-09 14:10:03 PDT

Created attachment 340021 [details] Patch

Brent Fulgham

Comment 3 2018-05-09 14:55:30 PDT

Committed r231598: <https://trac.webkit.org/changeset/231598>

Note You need to log in before you can comment on or make changes to this bug.