Bug 186789

Summary:

Make SecItemShim to not send return value for SecItemAdd

Product:

WebKit

Reporter:

Jiewen Tan <jiewen_tan>

Component:

WebKit Misc.

Assignee:

Jiewen Tan <jiewen_tan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, commit-queue, ews-watchlist, jiewen_tan, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	bfulgham: review+, ews-watchlist: commit-queue-
Archive of layout-test-results from ews107 for mac-sierra-wk2	none
Patch for landing	commit-queue: commit-queue-
Archive of layout-test-results from webkit-cq-02 for mac-sierra	none

Jiewen Tan

Reported 2018-06-18 14:42:53 PDT

Return value of SecItemAdd is often ignored. Even if it isn't, we don't have the ability to serialize SecKeychainItemRef.Otherwise, it would go through the weird route of serializing SecKeychainItemRef by asking Keychain for its persistent reference. This contradicts the purpose of SecItemShim, which is to proxy all Keychain operations to UIProcess.

Attachments
Patch (4.35 KB, patch) 2018-06-18 15:37 PDT, Jiewen Tan	bfulgham: review+ ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews107 for mac-sierra-wk2 (2.76 MB, application/zip) 2018-06-19 00:21 PDT, EWS Watchlist	no flags	Details
Patch for landing (4.68 KB, patch) 2018-06-19 11:07 PDT, Jiewen Tan	commit-queue: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from webkit-cq-02 for mac-sierra (1.28 MB, application/zip) 2018-06-19 14:09 PDT, WebKit Commit Bot	no flags	Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Jiewen Tan

Comment 1 2018-06-18 14:43:37 PDT

<rdar://problem/40892596>

Jiewen Tan

Comment 2 2018-06-18 15:37:37 PDT

Created attachment 342980 [details] Patch

Brent Fulgham

Comment 3 2018-06-18 16:09:35 PDT

Comment on attachment 342980 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342980&action=review r=me with these changes, and with clean EWS. > Source/WebKit/Shared/mac/SecItemShim.cpp:102 > static OSStatus webSecItemAdd(CFDictionaryRef query, CFTypeRef* result) Suggest renaming to "unusedResult" > Source/WebKit/Shared/mac/SecItemShim.cpp:104 > + // Return value of SecItemAdd is often ignored. Even if it isn't, we don't have the ability to // Return value of SecItemAdd should be ignored for WebKit use cases. WebKit can't serialize SecKeychainItemRef, so we do not use it. // If someone passes a result value to be populated, the API contract is being violated so we should assert. > Source/WebKit/Shared/mac/SecItemShim.cpp:106 > + if (result != nullptr) { if (unusedResult) { ... > Source/WebKit/Shared/mac/SecItemShim.cpp:113 > return errSecInteractionNotAllowed; I also suggest you remove lines 115 and 116, since we don't ever expect to have something here to fill in.

Jiewen Tan

Comment 4 2018-06-18 18:09:21 PDT

Comment on attachment 342980 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342980&action=review Thanks Brent for r+ this patch. >> Source/WebKit/Shared/mac/SecItemShim.cpp:102 >> static OSStatus webSecItemAdd(CFDictionaryRef query, CFTypeRef* result) > > Suggest renaming to "unusedResult" Fixed. >> Source/WebKit/Shared/mac/SecItemShim.cpp:104 >> + // Return value of SecItemAdd is often ignored. Even if it isn't, we don't have the ability to > > // Return value of SecItemAdd should be ignored for WebKit use cases. WebKit can't serialize SecKeychainItemRef, so we do not use it. > // If someone passes a result value to be populated, the API contract is being violated so we should assert. Fixed. >> Source/WebKit/Shared/mac/SecItemShim.cpp:106 >> + if (result != nullptr) { > > if (unusedResult) { ... Fixed. >> Source/WebKit/Shared/mac/SecItemShim.cpp:113 >> return errSecInteractionNotAllowed; > > I also suggest you remove lines 115 and 116, since we don't ever expect to have something here to fill in. Fixed.

EWS Watchlist

Comment 5 2018-06-19 00:21:19 PDT

Comment on attachment 342980 [details] Patch Attachment 342980 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/8244046 New failing tests: accessibility/mac/selection-notification-focus-change.html

EWS Watchlist

Comment 6 2018-06-19 00:21:20 PDT

Created attachment 343027 [details] Archive of layout-test-results from ews107 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6

Jiewen Tan

Comment 7 2018-06-19 11:06:27 PDT

The tree of mac-wk2-ews is red. Disregard that result, I am landing the patch.

Jiewen Tan

Comment 8 2018-06-19 11:07:41 PDT

Created attachment 343067 [details] Patch for landing

WebKit Commit Bot

Comment 9 2018-06-19 14:09:14 PDT

Comment on attachment 343067 [details] Patch for landing Rejecting attachment 343067 [details] from commit-queue. Number of test failures exceeded the failure limit. Full output: http://webkit-queues.webkit.org/results/8252701

WebKit Commit Bot

Comment 10 2018-06-19 14:09:16 PDT

Created attachment 343097 [details] Archive of layout-test-results from webkit-cq-02 for mac-sierra The attached test failures were seen while running run-webkit-tests on the commit-queue. Bot: webkit-cq-02 Port: mac-sierra Platform: Mac OS X 10.12.6

Jiewen Tan

Comment 11 2018-06-19 15:22:20 PDT

Committed r232990: <https://trac.webkit.org/changeset/232990>

Note You need to log in before you can comment on or make changes to this bug.