Changeset 277658 in webkit


Ignore:
Timestamp:
May 18, 2021 10:04:34 AM (3 years ago)
Author:
commit-queue@webkit.org
Message:

Add nil checks for LAContexts before inserting them in the dictionaries.
https://bugs.webkit.org/show_bug.cgi?id=225897

Patch by Garrett Davidson <garrett_davidson@apple.com> on 2021-05-18
Reviewed by Tim Horton.

In 225218 we stopped dropping requests that didn't have LAContexts. However, that let us
proceed only until we tried to put the (nil) LAContext in an NSDictionary to make a Sec*
call, which throws an exception. This patch adds proper nil checking before inserting the
contexts into the dictionaries.

Manually tested registration and assertion on macOS with and without LAContexts.

  • UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:

(WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):

  • UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::createCredentialPrivateKey const):

Location:
trunk/Source/WebKit
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r277655 r277658  
     12021-05-18  Garrett Davidson  <garrett_davidson@apple.com>
     2
     3        Add nil checks for LAContexts before inserting them in the dictionaries.
     4        https://bugs.webkit.org/show_bug.cgi?id=225897
     5
     6        Reviewed by Tim Horton.
     7
     8        In 225218 we stopped dropping requests that didn't have LAContexts. However, that let us
     9        proceed only until we tried to put the (nil) LAContext in an NSDictionary to make a Sec*
     10        call, which throws an exception. This patch adds proper nil checking before inserting the
     11        contexts into the dictionaries.
     12
     13        Manually tested registration and assertion on macOS with and without LAContexts.
     14
     15        * UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:
     16        (WebKit::LocalAuthenticator::continueGetAssertionAfterUserVerification):
     17        * UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:
     18        (WebKit::LocalConnection::createCredentialPrivateKey const):
     19
    1202021-05-18  Chris Dumez  <cdumez@apple.com>
    221

  • trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm

    r276180 r277658  
    603603    auto nsCredentialId = toNSData(response->rawId());
    604604    {
    605         auto query = adoptNS([[NSMutableDictionary alloc] init]);
    606         [query setDictionary:@{
     605        NSMutableDictionary *queryDictionary = [@{
    607606            (id)kSecClass: (id)kSecClassKey,
    608607            (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPrivate,
    609608            (id)kSecAttrApplicationLabel: nsCredentialId.get(),
    610             (id)kSecUseAuthenticationContext: context,
    611609            (id)kSecReturnRef: @YES,
    612610#if HAVE(DATA_PROTECTION_KEYCHAIN)
     
    615613            (id)kSecAttrNoLegacy: @YES
    616614#endif
    617         }];
     615        } mutableCopy];
     616
     617        if (context)
     618            queryDictionary[(id)kSecUseAuthenticationContext] = context;
     619
     620        auto query = adoptNS(queryDictionary);
    618621        updateQueryIfNecessary(query.get());
    619622

  • trunk/Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm

    r276851 r277658  
    160160RetainPtr<SecKeyRef> LocalConnection::createCredentialPrivateKey(LAContext *context, SecAccessControlRef accessControlRef, const String& secAttrLabel, NSData *secAttrApplicationTag) const
    161161{
     162    NSDictionary *privateKeyAttributes = @{
     163        (id)kSecAttrAccessControl: (id)accessControlRef,
     164        (id)kSecAttrIsPermanent: @YES,
     165        (id)kSecAttrAccessGroup: (id)String(LocalAuthenticatiorAccessGroup),
     166        (id)kSecAttrLabel: secAttrLabel,
     167        (id)kSecAttrApplicationTag: secAttrApplicationTag,
     168    };
     169
     170    if (context) {
     171        privateKeyAttributes = [privateKeyAttributes mutableCopy];
     172        ((NSMutableDictionary *)privateKeyAttributes)[(id)kSecUseAuthenticationContext] = context;
     173    }
     174
    162175    NSDictionary *attributes = @{
    163176        (id)kSecAttrTokenID: (id)kSecAttrTokenIDSecureEnclave,
    164177        (id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom,
    165178        (id)kSecAttrKeySizeInBits: @256,
    166         (id)kSecPrivateKeyAttrs: @{
    167             (id)kSecUseAuthenticationContext: context,
    168             (id)kSecAttrAccessControl: (id)accessControlRef,
    169             (id)kSecAttrIsPermanent: @YES,
    170             (id)kSecAttrAccessGroup: (id)String(LocalAuthenticatiorAccessGroup),
    171             (id)kSecAttrLabel: secAttrLabel,
    172             (id)kSecAttrApplicationTag: secAttrApplicationTag,
    173         }};
     179        (id)kSecPrivateKeyAttrs: privateKeyAttributes,
     180    };
     181
    174182    LOCAL_CONNECTION_ADDITIONS
    175183    CFErrorRef errorRef = nullptr;
Note: See TracChangeset for help on using the changeset viewer.