Attachment 350048 Details for Bug 189709 – Patch

[patch] Patch

bug-189709-20180918135808.patch (text/plain), 6.78 KB, created by Brent Fulgham on 2018-09-18 13:58:08 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Brent Fulgham

Created: 2018-09-18 13:58:08 PDT

Size: 6.78 KB

patch

obsolete

>Subversion Revision: 235810
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 77cce9454dfedeb8ffede17a17161e0f1934a6b9..8a82eccdfee9489efe64a47bc185846a4c6feae3 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,31 @@
>+2018-09-18  Brent Fulgham  <bfulgham@apple.com>
>+
>+        InjectedBundle parameters often need initialization function called before unarchiving
>+        https://bugs.webkit.org/show_bug.cgi?id=189709
>+        <rdar://problem/44573653>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Handle the case where the InjectedBundle parameters do not successfully decode because they contain
>+        an unexpected class from the embedding program. If this happens, try decoding the bundle parameters
>+        after the bundle initialiation function runs, which gives the embedding program the opportunity to
>+        register additional classes that are safe for serialization.
>+        
>+        Create a new 'decodeBundleParameters' method that contains the logic that used to live in 'initialize'.
>+        This new method returns 'true' if the serialization was successful, otherwise it returns false.
>+
>+        Revise 'initialize' to call this new method and check the return value. If it fails, try decoding the
>+        bundle parameters after the bundle's initialization function is called.
>+
>+        * WebProcess/InjectedBundle/InjectedBundle.h:
>+        * WebProcess/InjectedBundle/mac/InjectedBundleMac.mm:
>+        (WebKit::InjectedBundle::initialize): Use the new method.
>+        (WebKit::InjectedBundle::decodeBundleParameters): Added.
>+        (WebKit::InjectedBundle::setBundleParameters): Use 'decodeObjectOfClasses' with the more complete
>+        'classesForCoder' method to unarchive the passed bundle parameters, rather than the
>+        NSDictionary-specific method, since InjectedBundles often encode other types of objects, and the
>+        NSDictionary object may itself hold other kinds of objects.
>+
> 2018-09-07  Brent Fulgham  <bfulgham@apple.com>
> 
>         Allow WebContent access to AVCSupported IOKit property in sandbox
>diff --git a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h
>index 257ebb782b02240bba14225348d9d69eb44eab07..0d12d801d601076096a4db2acb2d51a24cbcf254 100644
>--- a/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h
>+++ b/Source/WebKit/WebProcess/InjectedBundle/InjectedBundle.h
>@@ -160,6 +160,7 @@ public:
> 
> #if PLATFORM(COCOA) && WK_API_ENABLED
>     WKWebProcessBundleParameters *bundleParameters();
>+    bool decodeBundleParameters(RefPtr<API::Data>);
> 
>     void extendClassesForParameterCoder(API::Array& classes);
>     NSSet* classesForCoder();
>diff --git a/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm b/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm
>index a0a3e839b7938d15613ad6a8e17d9a5480916e28..3590554e6fb39669ab1aa055d9608da0c3f2767e 100644
>--- a/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm
>+++ b/Source/WebKit/WebProcess/InjectedBundle/mac/InjectedBundleMac.mm
>@@ -99,22 +99,7 @@ bool InjectedBundle::initialize(const WebProcessCreationParameters& parameters,
>     }
> 
> #if WK_API_ENABLED
>-    if (parameters.bundleParameterData) {
>-        auto bundleParameterData = adoptNS([[NSData alloc] initWithBytesNoCopy:const_cast<void*>(static_cast<const void*>(parameters.bundleParameterData->bytes())) length:parameters.bundleParameterData->size() freeWhenDone:NO]);
>-
>-        auto unarchiver = secureUnarchiverFromData(bundleParameterData.get());
>-
>-        NSDictionary *dictionary = nil;
>-        @try {
>-            dictionary = [unarchiver.get() decodeObjectOfClass:[NSObject class] forKey:@"parameters"];
>-            ASSERT([dictionary isKindOfClass:[NSDictionary class]]);
>-        } @catch (NSException *exception) {
>-            LOG_ERROR("Failed to decode bundle parameters: %@", exception);
>-        }
>-
>-        ASSERT(!m_bundleParameters);
>-        m_bundleParameters = adoptNS([[WKWebProcessBundleParameters alloc] initWithDictionary:dictionary]);
>-    }
>+    bool didSuccessfullyDecodeParameters = decodeBundleParameters(parameters.bundleParameterData);
> #endif
>     
>     if (!initializeFunction)
>@@ -123,6 +108,13 @@ bool InjectedBundle::initialize(const WebProcessCreationParameters& parameters,
>     // First check to see if the bundle has a WKBundleInitialize function.
>     if (initializeFunction) {
>         initializeFunction(toAPI(this), toAPI(initializationUserData));
>+#if WK_API_ENABLED
>+        if (!didSuccessfullyDecodeParameters) {
>+            // Try to decode bundle parameters after calling the initialization function.
>+            m_bundleParameters = nullptr;
>+            decodeBundleParameters(parameters.bundleParameterData);
>+        }
>+#endif
>         return true;
>     }
> 
>@@ -205,6 +197,30 @@ NSSet* InjectedBundle::classesForCoder()
> 
>     return m_classesForCoder.get();
> }
>+
>+bool InjectedBundle::decodeBundleParameters(RefPtr<API::Data> bundleParameterDataPtr)
>+{
>+    if (!bundleParameterDataPtr)
>+        return true;
>+
>+    auto bundleParameterData = adoptNS([[NSData alloc] initWithBytesNoCopy:const_cast<void*>(static_cast<const void*>(bundleParameterDataPtr->bytes())) length:bundleParameterDataPtr->size() freeWhenDone:NO]);
>+    
>+    auto unarchiver = secureUnarchiverFromData(bundleParameterData.get());
>+    
>+    NSDictionary *dictionary = nil;
>+    @try {
>+        dictionary = [unarchiver.get() decodeObjectOfClasses:classesForCoder() forKey:@"parameters"];
>+        ASSERT([dictionary isKindOfClass:[NSDictionary class]]);
>+    } @catch (NSException *exception) {
>+        LOG_ERROR("Failed to decode bundle parameters: %@", exception);
>+        return false;
>+    }
>+    
>+    ASSERT(!m_bundleParameters || m_bundleParameters.get());
>+    m_bundleParameters = adoptNS([[WKWebProcessBundleParameters alloc] initWithDictionary:dictionary]);
>+    return true;
>+}
>+
> #endif
> 
> void InjectedBundle::setBundleParameter(const String& key, const IPC::DataReference& value)
>@@ -238,7 +254,7 @@ void InjectedBundle::setBundleParameters(const IPC::DataReference& value)
> 
>     NSDictionary *parameters = nil;
>     @try {
>-        parameters = [unarchiver decodeObjectOfClass:[NSDictionary class] forKey:@"parameters"];
>+        parameters = [unarchiver decodeObjectOfClasses:classesForCoder() forKey:@"parameters"];
>     } @catch (NSException *exception) {
>         LOG_ERROR("Failed to decode bundle parameter: %@", exception);
>     }
>@@ -246,6 +262,8 @@ void InjectedBundle::setBundleParameters(const IPC::DataReference& value)
>     if (!parameters)
>         return;
> 
>+    RELEASE_ASSERT_WITH_SECURITY_IMPLICATIO([parameters isKindOfClass:[NSDictionary class]]);
>+
>     if (!m_bundleParameters) {
>         m_bundleParameters = adoptNS([[WKWebProcessBundleParameters alloc] initWithDictionary:parameters]);
>         return;

Actions: View | Formatted Diff | Diff

Attachments on bug 189709: 350048 | 350119 | 350242 | 350248 | 367406 | 367422 | 367752 | 367753 | 367754 | 396437