Bug 157206 - Add null checks when comparing SSL certificates
Summary: Add null checks when comparing SSL certificates
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-29 15:17 PDT by Alex Christensen
Modified: 2016-05-02 13:25 PDT (History)
2 users (show)

See Also:

Attachments
Patch (1.60 KB, patch)
2016-04-29 15:18 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Patch (1.64 KB, patch)
2016-05-02 12:42 PDT, Alex Christensen 		ap: review+
ap: commit-queue-
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2016-04-29 15:17:16 PDT 
Add null checks when comparing SSL certificates
Comment 1 Alex Christensen 2016-04-29 15:18:28 PDT 
Created attachment 277736 [details]
Patch
Comment 2 Alexey Proskuryakov 2016-04-29 15:37:39 PDT 
Is this rdar://problem/21723172?
Comment 3 Alex Christensen 2016-04-29 17:03:12 PDT 
(In reply to comment #2)
> Is this rdar://problem/21723172?
No.  This has never shipped.
Comment 4 Alexey Proskuryakov 2016-04-29 17:07:23 PDT 
Hmm. But it still seems like the same logic for why we shouldn't add a null check would apply. What's the difference here?
Comment 5 Alex Christensen 2016-05-02 12:42:19 PDT 
Created attachment 277923 [details]
Patch
Comment 6 Alexey Proskuryakov 2016-05-02 13:13:17 PDT 
Comment on attachment 277923 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=277923&action=review

I do not have a particularly strong opinion on whether we should paper over the problem, or crash.

This is clearly an improvement.

> Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:343
> +        RELEASE_ASSERT(cert1 && cert2)

Please add separate assertions for each, to make it easier to see what failed.
Comment 7 Alex Christensen 2016-05-02 13:25:47 PDT 
http://trac.webkit.org/changeset/200335