Changeset 171060 in webkit


Ignore:
Timestamp:
Jul 14, 2014 12:18:44 AM (10 years ago)
Author:
mitz@apple.com
Message:

NetworkProcess sometimes hangs under copyDefaultCredentialForProtectionSpace
https://bugs.webkit.org/show_bug.cgi?id=134666

Reviewed by Tim Horton.

A SecItem may have an attribute whose value is a SecAccessControlRef, which is not supported
by ArgumentCodersCF. In debug builds, trying to encode a CFDictionary containing a value of
unsupprted type causes an assertion to fail, but in release builds encoding succeeds, and
only decoding fails, in this case silently, simply not delivering the
SecItemShim::secItemResponse message.

The fix is to teach ArgumentCodersCF about SecAccessControlRef.

  • Shared/cf/ArgumentCodersCF.cpp:

(IPC::typeFromCFTypeRef): Check for the SecAccessControlRef type.
(IPC::encode): Encode the SecAccessControl serialized into CFData.
(IPC::decode): Deserialize a SecAccessControl from the decoded CFData.

  • Shared/cf/ArgumentCodersCF.h:
  • config.h: Defined HAVE_SEC_ACCESS_CONTROL.
Location:
trunk/Source/WebKit2
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r171057 r171060  
     12014-07-14  Dan Bernstein  <mitz@apple.com>
     2
     3        NetworkProcess sometimes hangs under copyDefaultCredentialForProtectionSpace
     4        https://bugs.webkit.org/show_bug.cgi?id=134666
     5
     6        Reviewed by Tim Horton.
     7
     8        A SecItem may have an attribute whose value is a SecAccessControlRef, which is not supported
     9        by ArgumentCodersCF. In debug builds, trying to encode a CFDictionary containing a value of
     10        unsupprted type causes an assertion to fail, but in release builds encoding succeeds, and
     11        only decoding fails, in this case silently, simply not delivering the
     12        SecItemShim::secItemResponse message.
     13
     14        The fix is to teach ArgumentCodersCF about SecAccessControlRef.
     15
     16        * Shared/cf/ArgumentCodersCF.cpp:
     17        (IPC::typeFromCFTypeRef): Check for the SecAccessControlRef type.
     18        (IPC::encode): Encode the SecAccessControl serialized into CFData.
     19        (IPC::decode): Deserialize a SecAccessControl from the decoded CFData.
     20        * Shared/cf/ArgumentCodersCF.h:
     21        * config.h: Defined HAVE_SEC_ACCESS_CONTROL.
     22
    1232014-07-13  Dan Bernstein  <mitz@apple.com>
    224
  • trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp

    r169938 r171060  
    5252#endif
    5353
     54#if HAVE(SEC_ACCESS_CONTROL)
     55#if defined(__has_include) && __has_include(<Security/SecAccessControlPriv.h>)
     56#include <Security/SecAccessControlPriv.h>
     57#endif
     58
     59extern "C" SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error);
     60extern "C" CFDataRef SecAccessControlCopyData(SecAccessControlRef access_control);
     61#endif
     62
    5463using namespace WebCore;
    5564
     
    7887#if HAVE(SEC_KEYCHAIN)
    7988    SecKeychainItem,
     89#endif
     90#if HAVE(SEC_ACCESS_CONTROL)
     91    SecAccessControl,
    8092#endif
    8193    Null,
     
    119131        return SecKeychainItem;
    120132#endif
     133#if HAVE(SEC_ACCESS_CONTROL)
     134    if (typeID == SecAccessControlGetTypeID())
     135        return SecAccessControl;
     136#endif
    121137
    122138    ASSERT_NOT_REACHED();
     
    167183    case SecKeychainItem:
    168184        encode(encoder, (SecKeychainItemRef)typeRef);
     185        return;
     186#endif
     187#if HAVE(SEC_ACCESS_CONTROL)
     188    case SecAccessControl:
     189        encode(encoder, (SecAccessControlRef)typeRef);
    169190        return;
    170191#endif
     
    266287            return false;
    267288        result = adoptCF(keychainItem.leakRef());
     289        return true;
     290    }
     291#endif
     292#if HAVE(SEC_ACCESS_CONTROL)
     293    case SecAccessControl: {
     294        RetainPtr<SecAccessControlRef> accessControl;
     295        if (!decode(decoder, accessControl))
     296            return false;
     297        result = adoptCF(accessControl.leakRef());
    268298        return true;
    269299    }
     
    685715#endif
    686716
     717#if HAVE(SEC_ACCESS_CONTROL)
     718void encode(ArgumentEncoder& encoder, SecAccessControlRef accessControl)
     719{
     720    RetainPtr<CFDataRef> data = adoptCF(SecAccessControlCopyData(accessControl));
     721    if (data)
     722        encode(encoder, data.get());
     723}
     724
     725bool decode(ArgumentDecoder& decoder, RetainPtr<SecAccessControlRef>& result)
     726{
     727    RetainPtr<CFDataRef> data;
     728    if (!decode(decoder, data))
     729        return false;
     730
     731    result = adoptCF(SecAccessControlCreateFromData(kCFAllocatorDefault, data.get(), nullptr));
     732    if (!result)
     733        return false;
     734
     735    return true;
     736}
     737
     738#endif
     739
    687740} // namespace IPC
  • trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.h

    r169938 r171060  
    8989#endif
    9090
     91#if HAVE(SEC_ACCESS_CONTROL)
     92// SecAccessControlRef
     93void encode(ArgumentEncoder&, SecAccessControlRef);
     94bool decode(ArgumentDecoder&, RetainPtr<SecAccessControlRef>& result);
     95#endif
     96
    9197#if PLATFORM(IOS)
    9298void setAllowsDecodingSecKeyRef(bool);
  • trunk/Source/WebKit2/config.h

    r169546 r171060  
    9292#endif
    9393#endif
     94
     95#ifndef HAVE_SEC_ACCESS_CONTROL
     96#if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000)
     97#define HAVE_SEC_ACCESS_CONTROL 1
     98#endif
     99#endif
Note: See TracChangeset for help on using the changeset viewer.