199584 2019-07-08 12:15:12 -0700 Validate reply block signature in [WKRemoteObjectRegistry _invokeMethod] 2019-07-09 12:11:23 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=199629 InRadar P2 Normal --- 1 cdumez cdumez achristensen andersca beidson commit-queue ggaren mitz mjs sam thorton webkit-bug-importer oldest_to_newest 1550926 0 cdumez 2019-07-08 12:15:12 -0700 Validate reply block signature in [WKRemoteObjectRegistry _invokeMethod] for robustness. 1550927 1 cdumez 2019-07-08 12:15:26 -0700 <rdar://problem/46268249> 1550928 2 373655 cdumez 2019-07-08 12:18:24 -0700 Created attachment 373655 Patch 1551132 3 373655 mjs 2019-07-08 20:13:22 -0700 Comment on attachment 373655 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373655&action=review > Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:195 > + // The block should return a void. > + if (strcmp(wireBlockSignature.methodReturnType, "v")) > + return false; > + > + // First implicit argument of a block is always the block itself. > + if (wireBlockSignature.numberOfArguments < 1 || strcmp([wireBlockSignature getArgumentTypeAtIndex:0], "@?")) > + return false; Can anything else be wrong? Is there a need to compare the remote signature to the local one for instance? > Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:238 > + if (!validateReplyBlockSignature(wireBlockSignature)) { > + NSLog(@"_invokeMethod: Failed to validate reply block signature: %@", wireBlockSignature._typeString); Perhaps we should kill the WebContent process when this happens instead of just logging? Seems equivalent to an ill-formed CoreIPC message. 1551236 4 373655 cdumez 2019-07-09 08:35:59 -0700 Comment on attachment 373655 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373655&action=review >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:195 >> + return false; > > Can anything else be wrong? Is there a need to compare the remote signature to the local one for instance? Ideally, we would want to do more validation but I have not found a suitable way to do it yet. As far as I can tell, the process is as follows: 1. Process A calls method M on Object O that takes a completionHandler 2. We send an IPC from Process A to Process B asking to invoke method M and we pass with this IPC the signature of the completion handler (serialized as a String). 3. Process B receives the IPC, decodes the completion handler's signature and create a reply block for it, and passes with when calling the local method M. What this block does is send an IPC back to process A with the reply. There must be a way to validate that the block we create at step 3 has the same signature as the one expected by local method M. I will look more into it. >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:238 >> + NSLog(@"_invokeMethod: Failed to validate reply block signature: %@", wireBlockSignature._typeString); > > Perhaps we should kill the WebContent process when this happens instead of just logging? Seems equivalent to an ill-formed CoreIPC message. Like for IPC::Connection, it appears _WKRemoteObjectRegistry can be used for communication from the WebProcess to the UIProcess AND from the UIProcess to the WebContent process. The IPC::Connection code normally does not terminate the process, it merely marks messages as invalid and lets the client decide what to do about it. The reason is that the policy is different depending on who the sender is (because we trust the UIProcess but not the WebProcess). We always want to kill the WebContent process, never the UIProcess. Anyway, calling CRASH() here would likely not be the right thing to do as we may end up crashing the UIProcess for a bad message from a compromised WebProcess. I followed the pattern in the rest of _WKRemoteObjectRegistry.mm, the pattern is always to NSLog and return (ignore the message in case of an error), e.g.: @try { replyInvocation = [decoder decodeObjectOfClass:[NSInvocation class] forKey:invocationKey]; } @catch (NSException *exception) { NSLog(@"Exception caught during decoding of reply: %@", exception); return; } or @try { [invocation invoke]; } @catch (NSException *exception) { NSLog(@"%@: Warning: Exception caught during invocation of received message, dropping incoming message .\nException: %@", self, exception); } 1551243 5 373655 cdumez 2019-07-09 08:51:49 -0700 Comment on attachment 373655 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373655&action=review > Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:234 > NSMethodSignature *wireBlockSignature = [NSMethodSignature signatureWithObjCTypes:replyInfo->blockSignature.utf8().data()]; Since it seems that methodSignature is the signature of the local method, I assumed I could compare wireBlockSignature to [methodSignature _signatureForBlockAtArgumentIndex:i] and make sure they are equal. However, for some reason, [methodSignature _signatureForBlockAtArgumentIndex:i] returns nil. 1551263 6 373655 cdumez 2019-07-09 09:46:20 -0700 Comment on attachment 373655 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373655&action=review >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:234 >> NSMethodSignature *wireBlockSignature = [NSMethodSignature signatureWithObjCTypes:replyInfo->blockSignature.utf8().data()]; > > Since it seems that methodSignature is the signature of the local method, I assumed I could compare wireBlockSignature to [methodSignature _signatureForBlockAtArgumentIndex:i] and make sure they are equal. > However, for some reason, [methodSignature _signatureForBlockAtArgumentIndex:i] returns nil. I also tried to get the target's method signature like so: NSMethodSignature *targetMethodSignature = [interfaceAndObject.first methodSignatureForSelector:invocation.selector]; I get a valid looking method signature. However, I still cannot get the type of the block parameter because the following returns null: [targetMethodSignature _signatureForBlockAtArgumentIndex:i]; All I can tell is that the type of parameter at index i is @?, so a block. However, I can unable to introspect the parameters of said block for some reason. 1551271 7 cdumez 2019-07-09 09:58:11 -0700 (In reply to Chris Dumez from comment #6) > Comment on attachment 373655 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=373655&action=review > > >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:234 > >> NSMethodSignature *wireBlockSignature = [NSMethodSignature signatureWithObjCTypes:replyInfo->blockSignature.utf8().data()]; > > > > Since it seems that methodSignature is the signature of the local method, I assumed I could compare wireBlockSignature to [methodSignature _signatureForBlockAtArgumentIndex:i] and make sure they are equal. > > However, for some reason, [methodSignature _signatureForBlockAtArgumentIndex:i] returns nil. > > I also tried to get the target's method signature like so: > NSMethodSignature *targetMethodSignature = [interfaceAndObject.first > methodSignatureForSelector:invocation.selector]; > I get a valid looking method signature. However, I still cannot get the type > of the block parameter because the following returns null: > [targetMethodSignature _signatureForBlockAtArgumentIndex:i]; > > All I can tell is that the type of parameter at index i is @?, so a block. > However, I can unable to introspect the parameters of said block for some > reason. Ok, it looks like I found a way to get the block's signature finally. Working on a patch. 1551281 8 373728 cdumez 2019-07-09 10:15:14 -0700 Created attachment 373728 Patch 1551290 9 373728 ggaren 2019-07-09 10:49:28 -0700 Comment on attachment 373728 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373728&action=review r=me > Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:205 > + ASSERT(expectedBlockSignature); Should we null check and return false here too (as above)? > Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:246 > + // Validate the signature. Not sure this comment adds anything. The function name is very clear. 1551294 10 373728 cdumez 2019-07-09 10:54:39 -0700 Comment on attachment 373728 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373728&action=review >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:205 >> + ASSERT(expectedBlockSignature); > > Should we null check and return false here too (as above)? I would think the the [wireBlockSignature isEqual:expectedBlockSignature] call below would already return false if expectedBlockSignature were nil. 1551295 11 373732 cdumez 2019-07-09 10:55:06 -0700 Created attachment 373732 Patch 1551298 12 ggaren 2019-07-09 11:00:00 -0700 > >> Source/WebKit/Shared/API/Cocoa/_WKRemoteObjectRegistry.mm:205 > >> + ASSERT(expectedBlockSignature); > > > > Should we null check and return false here too (as above)? > > I would think the the [wireBlockSignature isEqual:expectedBlockSignature] > call below would already return false if expectedBlockSignature were nil. Good point! 1551313 13 373732 commit-queue 2019-07-09 11:41:52 -0700 Comment on attachment 373732 Patch Clearing flags on attachment: 373732 Committed r247264: <https://trac.webkit.org/changeset/247264> 1551314 14 commit-queue 2019-07-09 11:41:54 -0700 All reviewed patches have been landed. Closing bug. 373655 2019-07-08 12:18:24 -0700 2019-07-09 10:15:13 -0700 Patch bug-199584-20190708121823.patch text/plain 2768 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ3MjA4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDAzZWY2OGQxYzE3ZWRhMzZi MGQyODE2ODUzNzdlNDFlZjQwNzlmMDMuLjUwMjJlZGE4Yzg4ODAwYjAwNzcwNzJjZjEwMGNiMTMw ZjEwN2RkMmQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTktMDctMDggIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBWYWxpZGF0ZSByZXBseSBibG9jayBz aWduYXR1cmUgaW4gW1dLUmVtb3RlT2JqZWN0UmVnaXN0cnkgX2ludm9rZU1ldGhvZF0KKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5OTU4NAorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vNDYyNjgyNDk+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgVmFsaWRhdGUgcmVwbHkgYmxvY2sgc2lnbmF0dXJlIGluIFtX S1JlbW90ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2RdIGZvciByb2J1c3RuZXNzLgorCisg ICAgICAgICogU2hhcmVkL0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3RyeS5tbToKKyAg ICAgICAgKHZhbGlkYXRlUmVwbHlCbG9ja1NpZ25hdHVyZSk6CisgICAgICAgICgtW19XS1JlbW90 ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2Q6XSk6CisKIDIwMTktMDctMDcgIEFudG9pbmUg UXVpbnQgIDxncmFvdXRzQGFwcGxlLmNvbT4KIAogICAgICAgICBbUG9pbnRlciBFdmVudHNdIHRv dWNoLWFjdGlvbiBzaG91bGQgYWZmZWN0IHRoZSBiZWhhdmlvciBvZiBwaW5jaC10by16b29tIHRv IHNob3cgdGFicyBpbiBTYWZhcmkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvU2hhcmVkL0FQ SS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3RyeS5tbSBiL1NvdXJjZS9XZWJLaXQvU2hhcmVk L0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3RyeS5tbQppbmRleCBmMzVkOTMwOGIzNmE3 MDhmZWY3YWI3ZTk5YjE3OTEyMzM5NTBiZGFhLi43YTUyM2NhM2U2NzJiOWJiYjg1MDhlZmY2YTc4 ODViYjBiZjE3NGVlIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1NoYXJlZC9BUEkvQ29jb2Ev X1dLUmVtb3RlT2JqZWN0UmVnaXN0cnkubW0KKysrIGIvU291cmNlL1dlYktpdC9TaGFyZWQvQVBJ L0NvY29hL19XS1JlbW90ZU9iamVjdFJlZ2lzdHJ5Lm1tCkBAIC0xODQsNiArMTg0LDE5IEBAIC0g KFdlYktpdDo6UmVtb3RlT2JqZWN0UmVnaXN0cnkmKXJlbW90ZU9iamVjdFJlZ2lzdHJ5CiAgICAg cmV0dXJuICpfcmVtb3RlT2JqZWN0UmVnaXN0cnk7CiB9CiAKK3N0YXRpYyBib29sIHZhbGlkYXRl UmVwbHlCbG9ja1NpZ25hdHVyZShOU01ldGhvZFNpZ25hdHVyZSAqd2lyZUJsb2NrU2lnbmF0dXJl KQoreworICAgIC8vIFRoZSBibG9jayBzaG91bGQgcmV0dXJuIGEgdm9pZC4KKyAgICBpZiAoc3Ry Y21wKHdpcmVCbG9ja1NpZ25hdHVyZS5tZXRob2RSZXR1cm5UeXBlLCAidiIpKQorICAgICAgICBy ZXR1cm4gZmFsc2U7CisKKyAgICAvLyBGaXJzdCBpbXBsaWNpdCBhcmd1bWVudCBvZiBhIGJsb2Nr IGlzIGFsd2F5cyB0aGUgYmxvY2sgaXRzZWxmLgorICAgIGlmICh3aXJlQmxvY2tTaWduYXR1cmUu bnVtYmVyT2ZBcmd1bWVudHMgPCAxIHx8IHN0cmNtcChbd2lyZUJsb2NrU2lnbmF0dXJlIGdldEFy Z3VtZW50VHlwZUF0SW5kZXg6MF0sICJAPyIpKQorICAgICAgICByZXR1cm4gZmFsc2U7CisKKyAg ICByZXR1cm4gdHJ1ZTsKK30KKwogLSAodm9pZClfaW52b2tlTWV0aG9kOihjb25zdCBXZWJLaXQ6 OlJlbW90ZU9iamVjdEludm9jYXRpb24mKXJlbW90ZU9iamVjdEludm9jYXRpb24KIHsKICAgICBh dXRvJiBpbnRlcmZhY2VJZGVudGlmaWVyID0gcmVtb3RlT2JqZWN0SW52b2NhdGlvbi5pbnRlcmZh Y2VJZGVudGlmaWVyKCk7CkBAIC0yMTgsOSArMjMxLDE0IEBAIC0gKHZvaWQpX2ludm9rZU1ldGhv ZDooY29uc3QgV2ViS2l0OjpSZW1vdGVPYmplY3RJbnZvY2F0aW9uJilyZW1vdGVPYmplY3RJbnZv Y2F0CiAgICAgICAgICAgICAgICAgY29udGludWU7CiAKICAgICAgICAgICAgIC8vIFdlIGZvdW5k IHRoZSBibG9jay4KLSAgICAgICAgICAgIC8vIEZJWE1FOiBWYWxpZGF0ZSB0aGUgc2lnbmF0dXJl LgogICAgICAgICAgICAgTlNNZXRob2RTaWduYXR1cmUgKndpcmVCbG9ja1NpZ25hdHVyZSA9IFtO U01ldGhvZFNpZ25hdHVyZSBzaWduYXR1cmVXaXRoT2JqQ1R5cGVzOnJlcGx5SW5mby0+YmxvY2tT aWduYXR1cmUudXRmOCgpLmRhdGEoKV07CiAKKyAgICAgICAgICAgIC8vIFZhbGlkYXRlIHRoZSBz aWduYXR1cmUuCisgICAgICAgICAgICBpZiAoIXZhbGlkYXRlUmVwbHlCbG9ja1NpZ25hdHVyZSh3 aXJlQmxvY2tTaWduYXR1cmUpKSB7CisgICAgICAgICAgICAgICAgTlNMb2coQCJfaW52b2tlTWV0 aG9kOiBGYWlsZWQgdG8gdmFsaWRhdGUgcmVwbHkgYmxvY2sgc2lnbmF0dXJlOiAlQCIsIHdpcmVC bG9ja1NpZ25hdHVyZS5fdHlwZVN0cmluZyk7CisgICAgICAgICAgICAgICAgY29udGludWU7Cisg ICAgICAgICAgICB9CisKICAgICAgICAgICAgIFJldGFpblB0cjxfV0tSZW1vdGVPYmplY3RSZWdp c3RyeT4gcmVtb3RlT2JqZWN0UmVnaXN0cnkgPSBzZWxmOwogICAgICAgICAgICAgdWludDY0X3Qg cmVwbHlJRCA9IHJlcGx5SW5mby0+cmVwbHlJRDsKIAo= 373728 2019-07-09 10:15:14 -0700 2019-07-09 10:55:05 -0700 Patch bug-199584-20190709101514.patch text/plain 3625 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ3MjU3CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDFiYTcwZmVhNWQwM2YwZDg3 MWIyN2RiMTgyMjhhNmU1ZDU0YzVkMTUuLmEzM2NlNTA4MjI5MzVlYzFjY2NhZjIxYTA1OTA0OWE5 NTBmODgxMTEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTktMDctMDkgIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBWYWxpZGF0ZSByZXBseSBibG9jayBz aWduYXR1cmUgaW4gW1dLUmVtb3RlT2JqZWN0UmVnaXN0cnkgX2ludm9rZU1ldGhvZF0KKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5OTU4NAorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vNDYyNjgyNDk+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCisKKyAgICAgICAgVmFsaWRhdGUgcmVwbHkgYmxvY2sgc2lnbmF0dXJlIGluIFtX S1JlbW90ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2RdIGZvciByb2J1c3RuZXNzLgorCisg ICAgICAgICogU2hhcmVkL0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3RyeS5tbToKKyAg ICAgICAgKHZhbGlkYXRlUmVwbHlCbG9ja1NpZ25hdHVyZSk6CisgICAgICAgICgtW19XS1JlbW90 ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2Q6XSk6CisKIDIwMTktMDctMDggIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAogICAgICAgICBTcGVjdWxhdGl2ZSBmaXggZm9yIGNy YXNoZXMgdW5kZXIgTG9jYWxTdG9yYWdlRGF0YWJhc2VUcmFja2VyOjpkYXRhYmFzZVBhdGgoKQpk aWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9TaGFyZWQvQVBJL0NvY29hL19XS1JlbW90ZU9iamVj dFJlZ2lzdHJ5Lm1tIGIvU291cmNlL1dlYktpdC9TaGFyZWQvQVBJL0NvY29hL19XS1JlbW90ZU9i amVjdFJlZ2lzdHJ5Lm1tCmluZGV4IGYzNWQ5MzA4YjM2YTcwOGZlZjdhYjdlOTliMTc5MTIzMzk1 MGJkYWEuLjRlNDA1NDQzZTMyMWI1NWVlOTliZGRjOWRkNTAwZDFhMjZhNjFjMWEgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJLaXQvU2hhcmVkL0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3Ry eS5tbQorKysgYi9Tb3VyY2UvV2ViS2l0L1NoYXJlZC9BUEkvQ29jb2EvX1dLUmVtb3RlT2JqZWN0 UmVnaXN0cnkubW0KQEAgLTQ2LDYgKzQ2LDcgQEAgc3RhdGljIGNvbnN0IHZvaWQqIHJlcGx5Qmxv Y2tLZXkgPSAmcmVwbHlCbG9ja0tleTsKIAogQGludGVyZmFjZSBOU01ldGhvZFNpZ25hdHVyZSAo KQogLSAoTlNTdHJpbmcgKilfdHlwZVN0cmluZzsKKy0gKE5TTWV0aG9kU2lnbmF0dXJlICopX3Np Z25hdHVyZUZvckJsb2NrQXRBcmd1bWVudEluZGV4OihOU0ludGVnZXIpaWR4OwogQGVuZAogCiBO U1N0cmluZyAqIGNvbnN0IGludm9jYXRpb25LZXkgPSBAImludm9jYXRpb24iOwpAQCAtMTg0LDYg KzE4NSwyOCBAQCAtIChXZWJLaXQ6OlJlbW90ZU9iamVjdFJlZ2lzdHJ5JilyZW1vdGVPYmplY3RS ZWdpc3RyeQogICAgIHJldHVybiAqX3JlbW90ZU9iamVjdFJlZ2lzdHJ5OwogfQogCitzdGF0aWMg Ym9vbCB2YWxpZGF0ZVJlcGx5QmxvY2tTaWduYXR1cmUoTlNNZXRob2RTaWduYXR1cmUgKndpcmVC bG9ja1NpZ25hdHVyZSwgUHJvdG9jb2wgKnByb3RvY29sLCBTRUwgc2VsZWN0b3IsIE5TVUludGVn ZXIgYmxvY2tJbmRleCkKK3sKKyAgICAvLyBSZXF1aXJlZCwgbm9uLWluaGVyaXRlZCBtZXRob2Q6 CisgICAgY29uc3QgY2hhciogbWV0aG9kVHlwZUVuY29kaW5nID0gX3Byb3RvY29sX2dldE1ldGhv ZFR5cGVFbmNvZGluZyhwcm90b2NvbCwgc2VsZWN0b3IsIHRydWUsIHRydWUpOworICAgIC8vIEBv cHRpb25hbCwgbm9uLWluaGVyaXRlZCBtZXRob2Q6CisgICAgaWYgKCFtZXRob2RUeXBlRW5jb2Rp bmcpCisgICAgICAgIG1ldGhvZFR5cGVFbmNvZGluZyA9IF9wcm90b2NvbF9nZXRNZXRob2RUeXBl RW5jb2RpbmcocHJvdG9jb2wsIHNlbGVjdG9yLCBmYWxzZSwgdHJ1ZSk7CisKKyAgICBBU1NFUlQo bWV0aG9kVHlwZUVuY29kaW5nKTsKKyAgICBpZiAoIW1ldGhvZFR5cGVFbmNvZGluZykKKyAgICAg ICAgcmV0dXJuIGZhbHNlOworCisgICAgTlNNZXRob2RTaWduYXR1cmUgKnRhcmdldE1ldGhvZFNp Z25hdHVyZSA9IFtOU01ldGhvZFNpZ25hdHVyZSBzaWduYXR1cmVXaXRoT2JqQ1R5cGVzOm1ldGhv ZFR5cGVFbmNvZGluZ107CisgICAgQVNTRVJUKHRhcmdldE1ldGhvZFNpZ25hdHVyZSk7CisgICAg aWYgKCF0YXJnZXRNZXRob2RTaWduYXR1cmUpCisgICAgICAgIHJldHVybiBmYWxzZTsKKyAgICBO U01ldGhvZFNpZ25hdHVyZSAqZXhwZWN0ZWRCbG9ja1NpZ25hdHVyZSA9IFt0YXJnZXRNZXRob2RT aWduYXR1cmUgX3NpZ25hdHVyZUZvckJsb2NrQXRBcmd1bWVudEluZGV4OmJsb2NrSW5kZXhdOwor ICAgIEFTU0VSVChleHBlY3RlZEJsb2NrU2lnbmF0dXJlKTsKKworICAgIHJldHVybiBbd2lyZUJs b2NrU2lnbmF0dXJlIGlzRXF1YWw6ZXhwZWN0ZWRCbG9ja1NpZ25hdHVyZV07Cit9CisKIC0gKHZv aWQpX2ludm9rZU1ldGhvZDooY29uc3QgV2ViS2l0OjpSZW1vdGVPYmplY3RJbnZvY2F0aW9uJily ZW1vdGVPYmplY3RJbnZvY2F0aW9uCiB7CiAgICAgYXV0byYgaW50ZXJmYWNlSWRlbnRpZmllciA9 IHJlbW90ZU9iamVjdEludm9jYXRpb24uaW50ZXJmYWNlSWRlbnRpZmllcigpOwpAQCAtMjE4LDkg KzI0MSwxNSBAQCAtICh2b2lkKV9pbnZva2VNZXRob2Q6KGNvbnN0IFdlYktpdDo6UmVtb3RlT2Jq ZWN0SW52b2NhdGlvbiYpcmVtb3RlT2JqZWN0SW52b2NhdAogICAgICAgICAgICAgICAgIGNvbnRp bnVlOwogCiAgICAgICAgICAgICAvLyBXZSBmb3VuZCB0aGUgYmxvY2suCi0gICAgICAgICAgICAv LyBGSVhNRTogVmFsaWRhdGUgdGhlIHNpZ25hdHVyZS4KICAgICAgICAgICAgIE5TTWV0aG9kU2ln bmF0dXJlICp3aXJlQmxvY2tTaWduYXR1cmUgPSBbTlNNZXRob2RTaWduYXR1cmUgc2lnbmF0dXJl V2l0aE9iakNUeXBlczpyZXBseUluZm8tPmJsb2NrU2lnbmF0dXJlLnV0ZjgoKS5kYXRhKCldOwog CisgICAgICAgICAgICAvLyBWYWxpZGF0ZSB0aGUgc2lnbmF0dXJlLgorICAgICAgICAgICAgaWYg KCF2YWxpZGF0ZVJlcGx5QmxvY2tTaWduYXR1cmUod2lyZUJsb2NrU2lnbmF0dXJlLCBbaW50ZXJm YWNlIHByb3RvY29sXSwgaW52b2NhdGlvbi5zZWxlY3RvciwgaSkpIHsKKyAgICAgICAgICAgICAg ICBOU0xvZyhAIl9pbnZva2VNZXRob2Q6IEZhaWxlZCB0byB2YWxpZGF0ZSByZXBseSBibG9jayBz aWduYXR1cmU6ICVAIiwgd2lyZUJsb2NrU2lnbmF0dXJlLl90eXBlU3RyaW5nKTsKKyAgICAgICAg ICAgICAgICBBU1NFUlRfTk9UX1JFQUNIRUQoKTsKKyAgICAgICAgICAgICAgICBjb250aW51ZTsK KyAgICAgICAgICAgIH0KKwogICAgICAgICAgICAgUmV0YWluUHRyPF9XS1JlbW90ZU9iamVjdFJl Z2lzdHJ5PiByZW1vdGVPYmplY3RSZWdpc3RyeSA9IHNlbGY7CiAgICAgICAgICAgICB1aW50NjRf dCByZXBseUlEID0gcmVwbHlJbmZvLT5yZXBseUlEOwogCg== 373732 2019-07-09 10:55:06 -0700 2019-07-09 11:41:52 -0700 Patch bug-199584-20190709105506.patch text/plain 3585 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ3MjU5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDFiYTcwZmVhNWQwM2YwZDg3 MWIyN2RiMTgyMjhhNmU1ZDU0YzVkMTUuLmEwYTM2MzU0ZDg4NjVmZGQ1NmU0MmU4YzM1N2IwYzky ZmU1N2U5NzEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTktMDctMDkgIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBWYWxpZGF0ZSByZXBseSBibG9jayBz aWduYXR1cmUgaW4gW1dLUmVtb3RlT2JqZWN0UmVnaXN0cnkgX2ludm9rZU1ldGhvZF0KKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5OTU4NAorICAgICAg ICA8cmRhcjovL3Byb2JsZW0vNDYyNjgyNDk+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgR2VvZmZy ZXkgR2FyZW4uCisKKyAgICAgICAgVmFsaWRhdGUgcmVwbHkgYmxvY2sgc2lnbmF0dXJlIGluIFtX S1JlbW90ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2RdIGZvciByb2J1c3RuZXNzLgorCisg ICAgICAgICogU2hhcmVkL0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3RyeS5tbToKKyAg ICAgICAgKHZhbGlkYXRlUmVwbHlCbG9ja1NpZ25hdHVyZSk6CisgICAgICAgICgtW19XS1JlbW90 ZU9iamVjdFJlZ2lzdHJ5IF9pbnZva2VNZXRob2Q6XSk6CisKIDIwMTktMDctMDggIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAogICAgICAgICBTcGVjdWxhdGl2ZSBmaXggZm9yIGNy YXNoZXMgdW5kZXIgTG9jYWxTdG9yYWdlRGF0YWJhc2VUcmFja2VyOjpkYXRhYmFzZVBhdGgoKQpk aWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9TaGFyZWQvQVBJL0NvY29hL19XS1JlbW90ZU9iamVj dFJlZ2lzdHJ5Lm1tIGIvU291cmNlL1dlYktpdC9TaGFyZWQvQVBJL0NvY29hL19XS1JlbW90ZU9i amVjdFJlZ2lzdHJ5Lm1tCmluZGV4IGYzNWQ5MzA4YjM2YTcwOGZlZjdhYjdlOTliMTc5MTIzMzk1 MGJkYWEuLjY1ZGE5ZWZmMDFiNDNlYTU3MTA4MDJmNmM0NmE2ZDAyMDI2NTY5M2UgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJLaXQvU2hhcmVkL0FQSS9Db2NvYS9fV0tSZW1vdGVPYmplY3RSZWdpc3Ry eS5tbQorKysgYi9Tb3VyY2UvV2ViS2l0L1NoYXJlZC9BUEkvQ29jb2EvX1dLUmVtb3RlT2JqZWN0 UmVnaXN0cnkubW0KQEAgLTQ2LDYgKzQ2LDcgQEAgc3RhdGljIGNvbnN0IHZvaWQqIHJlcGx5Qmxv Y2tLZXkgPSAmcmVwbHlCbG9ja0tleTsKIAogQGludGVyZmFjZSBOU01ldGhvZFNpZ25hdHVyZSAo KQogLSAoTlNTdHJpbmcgKilfdHlwZVN0cmluZzsKKy0gKE5TTWV0aG9kU2lnbmF0dXJlICopX3Np Z25hdHVyZUZvckJsb2NrQXRBcmd1bWVudEluZGV4OihOU0ludGVnZXIpaWR4OwogQGVuZAogCiBO U1N0cmluZyAqIGNvbnN0IGludm9jYXRpb25LZXkgPSBAImludm9jYXRpb24iOwpAQCAtMTg0LDYg KzE4NSwyOCBAQCAtIChXZWJLaXQ6OlJlbW90ZU9iamVjdFJlZ2lzdHJ5JilyZW1vdGVPYmplY3RS ZWdpc3RyeQogICAgIHJldHVybiAqX3JlbW90ZU9iamVjdFJlZ2lzdHJ5OwogfQogCitzdGF0aWMg Ym9vbCB2YWxpZGF0ZVJlcGx5QmxvY2tTaWduYXR1cmUoTlNNZXRob2RTaWduYXR1cmUgKndpcmVC bG9ja1NpZ25hdHVyZSwgUHJvdG9jb2wgKnByb3RvY29sLCBTRUwgc2VsZWN0b3IsIE5TVUludGVn ZXIgYmxvY2tJbmRleCkKK3sKKyAgICAvLyBSZXF1aXJlZCwgbm9uLWluaGVyaXRlZCBtZXRob2Q6 CisgICAgY29uc3QgY2hhciogbWV0aG9kVHlwZUVuY29kaW5nID0gX3Byb3RvY29sX2dldE1ldGhv ZFR5cGVFbmNvZGluZyhwcm90b2NvbCwgc2VsZWN0b3IsIHRydWUsIHRydWUpOworICAgIC8vIEBv cHRpb25hbCwgbm9uLWluaGVyaXRlZCBtZXRob2Q6CisgICAgaWYgKCFtZXRob2RUeXBlRW5jb2Rp bmcpCisgICAgICAgIG1ldGhvZFR5cGVFbmNvZGluZyA9IF9wcm90b2NvbF9nZXRNZXRob2RUeXBl RW5jb2RpbmcocHJvdG9jb2wsIHNlbGVjdG9yLCBmYWxzZSwgdHJ1ZSk7CisKKyAgICBBU1NFUlQo bWV0aG9kVHlwZUVuY29kaW5nKTsKKyAgICBpZiAoIW1ldGhvZFR5cGVFbmNvZGluZykKKyAgICAg ICAgcmV0dXJuIGZhbHNlOworCisgICAgTlNNZXRob2RTaWduYXR1cmUgKnRhcmdldE1ldGhvZFNp Z25hdHVyZSA9IFtOU01ldGhvZFNpZ25hdHVyZSBzaWduYXR1cmVXaXRoT2JqQ1R5cGVzOm1ldGhv ZFR5cGVFbmNvZGluZ107CisgICAgQVNTRVJUKHRhcmdldE1ldGhvZFNpZ25hdHVyZSk7CisgICAg aWYgKCF0YXJnZXRNZXRob2RTaWduYXR1cmUpCisgICAgICAgIHJldHVybiBmYWxzZTsKKyAgICBO U01ldGhvZFNpZ25hdHVyZSAqZXhwZWN0ZWRCbG9ja1NpZ25hdHVyZSA9IFt0YXJnZXRNZXRob2RT aWduYXR1cmUgX3NpZ25hdHVyZUZvckJsb2NrQXRBcmd1bWVudEluZGV4OmJsb2NrSW5kZXhdOwor ICAgIEFTU0VSVChleHBlY3RlZEJsb2NrU2lnbmF0dXJlKTsKKworICAgIHJldHVybiBbd2lyZUJs b2NrU2lnbmF0dXJlIGlzRXF1YWw6ZXhwZWN0ZWRCbG9ja1NpZ25hdHVyZV07Cit9CisKIC0gKHZv aWQpX2ludm9rZU1ldGhvZDooY29uc3QgV2ViS2l0OjpSZW1vdGVPYmplY3RJbnZvY2F0aW9uJily ZW1vdGVPYmplY3RJbnZvY2F0aW9uCiB7CiAgICAgYXV0byYgaW50ZXJmYWNlSWRlbnRpZmllciA9 IHJlbW90ZU9iamVjdEludm9jYXRpb24uaW50ZXJmYWNlSWRlbnRpZmllcigpOwpAQCAtMjE4LDkg KzI0MSwxNCBAQCAtICh2b2lkKV9pbnZva2VNZXRob2Q6KGNvbnN0IFdlYktpdDo6UmVtb3RlT2Jq ZWN0SW52b2NhdGlvbiYpcmVtb3RlT2JqZWN0SW52b2NhdAogICAgICAgICAgICAgICAgIGNvbnRp bnVlOwogCiAgICAgICAgICAgICAvLyBXZSBmb3VuZCB0aGUgYmxvY2suCi0gICAgICAgICAgICAv LyBGSVhNRTogVmFsaWRhdGUgdGhlIHNpZ25hdHVyZS4KICAgICAgICAgICAgIE5TTWV0aG9kU2ln bmF0dXJlICp3aXJlQmxvY2tTaWduYXR1cmUgPSBbTlNNZXRob2RTaWduYXR1cmUgc2lnbmF0dXJl V2l0aE9iakNUeXBlczpyZXBseUluZm8tPmJsb2NrU2lnbmF0dXJlLnV0ZjgoKS5kYXRhKCldOwog CisgICAgICAgICAgICBpZiAoIXZhbGlkYXRlUmVwbHlCbG9ja1NpZ25hdHVyZSh3aXJlQmxvY2tT aWduYXR1cmUsIFtpbnRlcmZhY2UgcHJvdG9jb2xdLCBpbnZvY2F0aW9uLnNlbGVjdG9yLCBpKSkg eworICAgICAgICAgICAgICAgIE5TTG9nKEAiX2ludm9rZU1ldGhvZDogRmFpbGVkIHRvIHZhbGlk YXRlIHJlcGx5IGJsb2NrIHNpZ25hdHVyZTogJUAiLCB3aXJlQmxvY2tTaWduYXR1cmUuX3R5cGVT dHJpbmcpOworICAgICAgICAgICAgICAgIEFTU0VSVF9OT1RfUkVBQ0hFRCgpOworICAgICAgICAg ICAgICAgIGNvbnRpbnVlOworICAgICAgICAgICAgfQorCiAgICAgICAgICAgICBSZXRhaW5QdHI8 X1dLUmVtb3RlT2JqZWN0UmVnaXN0cnk+IHJlbW90ZU9iamVjdFJlZ2lzdHJ5ID0gc2VsZjsKICAg ICAgICAgICAgIHVpbnQ2NF90IHJlcGx5SUQgPSByZXBseUluZm8tPnJlcGx5SUQ7CiAK