Bug 196552

Summary: Make HSTS list handling more robust against unexpected content
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, cdumez, jiewen_tan, pvollan, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch cdumez: review+

Brent Fulgham
Reported 2019-04-03 12:27:36 PDT
Crash tracing data indicates that the network process is sometimes handed malformed HSTS data, leading to a nullptr dereference. This patch adds some assertions to catch the invalid state in debug builds, and allows the process to ignore the bad data and continue.
Attachments
Patch (1.81 KB, patch)
2019-04-03 12:30 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (2.89 KB, patch)
2019-04-08 11:21 PDT, Brent Fulgham 		cdumez: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2019-04-03 12:27:55 PDT
<rdar://problem/43403817>
Brent Fulgham
Comment 2 2019-04-03 12:30:54 PDT
Created attachment 366630 [details] Patch
Alex Christensen
Comment 3 2019-04-03 14:42:34 PDT
Comment on attachment 366630 [details] Patch If this is happening, doesn't this indicate the HSTS cache is corrupted and we should clear the HSTS cache completely?
Brent Fulgham
Comment 4 2019-04-08 11:21:21 PDT
Created attachment 366955 [details] Patch
Chris Dumez
Comment 5 2019-04-08 12:54:40 PDT
Comment on attachment 366955 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=366955&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm:163 > + auto hostnames = static_cast<HashSet<String>*>(context); We usually prefer auto* for raw pointers.
Brent Fulgham
Comment 6 2019-04-08 13:25:02 PDT
Committed r244035: <https://trac.webkit.org/changeset/244035>
Note You need to log in before you can comment on or make changes to this bug.