Bug 196552

Summary:

Make HSTS list handling more robust against unexpected content

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

WebKit Misc.

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, cdumez, jiewen_tan, pvollan, webkit-bug-importer, wilander

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	cdumez: review+

Description Brent Fulgham 2019-04-03 12:27:36 PDT

Crash tracing data indicates that the network process is sometimes handed malformed HSTS data, leading to a nullptr dereference. This patch adds some assertions to catch the invalid state in debug builds, and allows the process to ignore the bad data and continue.

Comment 1 Brent Fulgham 2019-04-03 12:27:55 PDT

<rdar://problem/43403817>

Comment 2 Brent Fulgham 2019-04-03 12:30:54 PDT

Created attachment 366630 [details]
Patch

Comment 3 Alex Christensen 2019-04-03 14:42:34 PDT

Comment on attachment 366630 [details]
Patch

If this is happening, doesn't this indicate the HSTS cache is corrupted and we should clear the HSTS cache completely?

Comment 4 Brent Fulgham 2019-04-08 11:21:21 PDT

Created attachment 366955 [details]
Patch

Comment 5 Chris Dumez 2019-04-08 12:54:40 PDT

Comment on attachment 366955 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=366955&action=review

> Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm:163
> +    auto hostnames = static_cast<HashSet<String>*>(context);

We usually prefer auto* for raw pointers.

Comment 6 Brent Fulgham 2019-04-08 13:25:02 PDT

Committed r244035: <https://trac.webkit.org/changeset/244035>