WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
219709
[WebAuthn] Adopt new UI for the Platform Authenticator makeCredential flow
https://bugs.webkit.org/show_bug.cgi?id=219709
Summary
[WebAuthn] Adopt new UI for the Platform Authenticator makeCredential flow
Jiewen Tan
Reported
2020-12-09 14:57:13 PST
Adopt new UI for the Platform Authenticator makeCredential flow.
Attachments
Patch
(28.25 KB, patch)
2020-12-10 21:49 PST
,
Jiewen Tan
ews-feeder
: commit-queue-
Details
Formatted Diff
Diff
Patch
(28.79 KB, patch)
2020-12-10 22:26 PST
,
Jiewen Tan
bfulgham
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-12-09 14:57:49 PST
<
rdar://problem/72154774
>
Jiewen Tan
Comment 2
2020-12-10 21:49:49 PST
Created
attachment 415966
[details]
Patch
Jiewen Tan
Comment 3
2020-12-10 22:26:33 PST
Created
attachment 415970
[details]
Patch
Brent Fulgham
Comment 4
2020-12-11 11:23:02 PST
Comment on
attachment 415970
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=415970&action=review
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:237 > + // This is for the new UI.
I don't think you need this comment since the next line is conditional on the new UI.
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 > + SecAccessControlRef accessControlRef = accessControl.get();
Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe?
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 > + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()];
This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method.
Jiewen Tan
Comment 5
2020-12-11 11:29:45 PST
Comment on
attachment 415970
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=415970&action=review
Thanks Brent for reviewing this patch.
>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:237 >> + // This is for the new UI. > > I don't think you need this comment since the next line is conditional on the new UI.
Removed.
>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 >> + SecAccessControlRef accessControlRef = accessControl.get(); > > Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe?
Yes, it is retained in the callback.
>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 >> + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()]; > > This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method.
accessControl is held by the completionHandler, which is the held by reply. As long as the callee doesn't destruct the reply before verifying the accessControl, it should be safe.
Brent Fulgham
Comment 6
2020-12-11 11:41:25 PST
Comment on
attachment 415970
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=415970&action=review
r=me
>>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 >>> + SecAccessControlRef accessControlRef = accessControl.get(); >> >> Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe? > > Yes, it is retained in the callback.
Ah! Gotcha, My mistake!
>>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 >>> + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()]; >> >> This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method. > > accessControl is held by the completionHandler, which is the held by reply. As long as the callee doesn't destruct the reply before verifying the accessControl, it should be safe.
Got it.
Jiewen Tan
Comment 7
2020-12-11 11:43:42 PST
Comment on
attachment 415970
[details]
Patch Thanks Brent for r+ this patch.
Jiewen Tan
Comment 8
2020-12-11 11:47:14 PST
Committed
r270694
: <
https://trac.webkit.org/changeset/270694
>
Jiewen Tan
Comment 9
2020-12-11 17:07:01 PST
A build fix: Committed
r270721
: <
https://trac.webkit.org/changeset/270721
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug