196213 – Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef

Bug 196213 - Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef

Summary: Do not terminate the NetworkProcess if a third party application sends a NSCr...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:	InRadar

Depends on:	196226
Blocks:
	Show dependency tree / graph

Reported:	2019-03-25 13:58 PDT by Alex Christensen
Modified:	2019-03-27 12:22 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (19.59 KB, patch) 2019-03-25 14:07 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (19.89 KB, patch) 2019-03-25 14:12 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (19.87 KB, patch) 2019-03-25 14:43 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (19.85 KB, patch) 2019-03-25 22:05 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Christensen 2019-03-25 13:58:19 PDT

Do not terminate the NetworkProcess if a third party application sends a NSCredential with a SecIdentityRef

Comment 1 Alex Christensen 2019-03-25 14:07:23 PDT

Created attachment 365896 [details]
Patch

Comment 2 Alex Christensen 2019-03-25 14:12:32 PDT

Created attachment 365898 [details]
Patch

Comment 3 Alex Christensen 2019-03-25 14:13:14 PDT

rdar://problem/49156511

Comment 4 Geoffrey Garen 2019-03-25 14:30:52 PDT

Comment on attachment 365898 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=365898&action=review

r=me

> Source/WebKit/Shared/cf/ArgumentCodersCF.cpp:719
> +    if (!hasProcessPrivilege(ProcessPrivilege::CanAccessCredentials)) {
> +        result = nullptr;
> +        return true;
> +    }

It seems a little sloppy that the !hasKey case above and the false if (key) case below return true without assigning nullptr to result, while here we do assign nullptr to result. I'd like us to be consistent.

Looking at our caller, nullptr is the default value. So, both choices can work. Can you pick one and apply it consistently in this function?

Comment 5 Alex Christensen 2019-03-25 14:38:31 PDT

(In reply to Geoffrey Garen from comment #4)
> Comment on attachment 365898 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=365898&action=review
> 
> r=me
> 
> > Source/WebKit/Shared/cf/ArgumentCodersCF.cpp:719
> > +    if (!hasProcessPrivilege(ProcessPrivilege::CanAccessCredentials)) {
> > +        result = nullptr;
> > +        return true;
> > +    }
> 
> It seems a little sloppy that the !hasKey case above and the false if (key)
> case below return true without assigning nullptr to result, while here we do
> assign nullptr to result. I'd like us to be consistent.
> 
> Looking at our caller, nullptr is the default value. So, both choices can
> work. Can you pick one and apply it consistently in this function?

The nullptr assignment is redundant since the default constructor of RetainPtr<SecIdentityRef> has already been called.  I'll remove it.

Comment 6 Alex Christensen 2019-03-25 14:43:13 PDT

Created attachment 365903 [details]
Patch

Comment 7 WebKit Commit Bot 2019-03-25 15:10:22 PDT

Comment on attachment 365903 [details]
Patch

Clearing flags on attachment: 365903

Committed r243465: <https://trac.webkit.org/changeset/243465>

Comment 8 WebKit Commit Bot 2019-03-25 15:10:24 PDT

All reviewed patches have been landed.  Closing bug.

Comment 9 Radar WebKit Bug Importer 2019-03-25 15:11:19 PDT

<rdar://problem/49231641>

Comment 10 WebKit Commit Bot 2019-03-25 16:15:51 PDT

Re-opened since this is blocked by bug 196226

Comment 11 Alex Christensen 2019-03-25 21:45:25 PDT

Maybe the commit bot shouldn't commit a patch that doesn't build on open source iOS bots...

Comment 12 Alex Christensen 2019-03-25 22:04:11 PDT

Hmmm.  SecKeychainRef is unavailable on open source iOS builds, and iOS doesn't really seem to have the ability to handle keychains like I do in this test (SecIdentityCreateWithCertificate, SecKeychainCreate unavailable).  I'll just make the test Mac only and figure out how to write client certificate tests for iOS once I start writing more in-depth tests.  This test as it is now already shows the assertion can be reached, so it would've prevented the original regression.

Comment 13 Alex Christensen 2019-03-25 22:05:29 PDT

Created attachment 365946 [details]
Patch

Comment 14 WebKit Commit Bot 2019-03-25 23:13:00 PDT

Comment on attachment 365946 [details]
Patch

Clearing flags on attachment: 365946

Committed r243487: <https://trac.webkit.org/changeset/243487>

Comment 15 WebKit Commit Bot 2019-03-25 23:13:02 PDT

All reviewed patches have been landed.  Closing bug.

Comment 16 Alex Christensen 2019-03-27 12:14:37 PDT

It would also be nice if the commit queue took less than 1.5 days to commit.

Comment 17 Alex Christensen 2019-03-27 12:22:59 PDT

Comment on attachment 365946 [details]
Patch

Oh, it landed, it just didn't remove the cq+