124297 – Check WebCrypto parameter types when casting

Bug 124297 - Check WebCrypto parameter types when casting

Summary: Check WebCrypto parameter types when casting

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alexey Proskuryakov

URL:
Keywords:

Depends on:
Blocks:	122679
	Show dependency tree / graph

Reported:	2013-11-13 11:24 PST by Alexey Proskuryakov
Modified:	2013-11-13 11:31 PST (History)
CC List:	1 user (show)

See Also:

Attachments
proposed patch (24.02 KB, patch) 2013-11-13 11:27 PST, Alexey Proskuryakov	sam: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2013-11-13 11:24:28 PST

WebCrypto parameters are built in C++ code right before using them, so there is no opportunity for an attacker to pass a wrong one form JS. But there is so much code dealing with them that there is a lot of opportunities to make a typo.

Comment 1 Alexey Proskuryakov 2013-11-13 11:27:07 PST

Created attachment 216825 [details]
proposed patch

Comment 2 Alexey Proskuryakov 2013-11-13 11:31:14 PST

Committed <http://trac.webkit.org/r159213>.