API::Data::createWithoutCopying should do a null check before calling CFRelease
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Mar 2019 23:47:00 +0000 (23:47 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Mar 2019 23:47:00 +0000 (23:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196276
<rdar://problem/48059859>

Reviewed by Alex Christensen.

Source/WebKit:

* Shared/Cocoa/APIDataCocoa.mm:
(API::Data::createWithoutCopying):

Tools:

Add an API test that will pass a nil to API::Data::createWithoutCopying via NavigationState::NavigationClient::webCryptoMasterKey.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit/navigation-client-default-crypto.html:
* TestWebKitAPI/Tests/WebKitCocoa/WebCryptoMasterKey.mm: Added.
(-[WebCryptoMasterKeyNavigationDelegate _webCryptoMasterKeyForWebView:]):
(-[WebCryptoMasterKeyNavigationDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243631 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Shared/Cocoa/APIDataCocoa.mm
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKit/navigation-client-default-crypto.html
Tools/TestWebKitAPI/Tests/WebKitCocoa/WebCryptoMasterKey.mm [new file with mode: 0644]

index 63820da..7fcb89e 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-28  Jiewen Tan  <jiewen_tan@apple.com>
+
+        API::Data::createWithoutCopying should do a null check before calling CFRelease
+        https://bugs.webkit.org/show_bug.cgi?id=196276
+        <rdar://problem/48059859>
+
+        Reviewed by Alex Christensen.
+
+        * Shared/Cocoa/APIDataCocoa.mm:
+        (API::Data::createWithoutCopying):
+
 2019-03-28  Per Arne Vollan  <pvollan@apple.com>
 
         [iOS] Automatic focus of input field is flaky
index da9eb62..171f193 100644 (file)
@@ -34,6 +34,8 @@ Ref<Data> Data::createWithoutCopying(RetainPtr<NSData> data)
     size_t size = [data length];
 
     return createWithoutCopying(bytes, size, [](unsigned char*, const void* data) {
+        if (!data)
+            return;
         CFRelease(data);
     }, static_cast<void*>(data.leakRef()));
 }
index 0e69f28..4896118 100644 (file)
@@ -1,3 +1,20 @@
+2019-03-28  Jiewen Tan  <jiewen_tan@apple.com>
+
+        API::Data::createWithoutCopying should do a null check before calling CFRelease
+        https://bugs.webkit.org/show_bug.cgi?id=196276
+        <rdar://problem/48059859>
+
+        Reviewed by Alex Christensen.
+
+        Add an API test that will pass a nil to API::Data::createWithoutCopying via NavigationState::NavigationClient::webCryptoMasterKey.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKit/navigation-client-default-crypto.html:
+        * TestWebKitAPI/Tests/WebKitCocoa/WebCryptoMasterKey.mm: Added.
+        (-[WebCryptoMasterKeyNavigationDelegate _webCryptoMasterKeyForWebView:]):
+        (-[WebCryptoMasterKeyNavigationDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+        (TestWebKitAPI::TEST):
+
 2019-03-28  Michael Catanzaro  <mcatanzaro@igalia.com>
 
         [WPE][GTK] webkit_web_resource_get_data_finish can return NULL without setting error
index 3818593..4716af2 100644 (file)
                579651E7216BFDED006EBFE5 /* FidoHidMessageTest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 579651E6216BFD53006EBFE5 /* FidoHidMessageTest.cpp */; };
                5797FE311EB15A6800B2F4A0 /* NavigationClientDefaultCrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5797FE2F1EB15A5F00B2F4A0 /* NavigationClientDefaultCrypto.cpp */; };
                5797FE331EB15AB100B2F4A0 /* navigation-client-default-crypto.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5797FE321EB15A8900B2F4A0 /* navigation-client-default-crypto.html */; };
+               57A79857224AB34E00A7F6F1 /* WebCryptoMasterKey.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57A79856224AB34E00A7F6F1 /* WebCryptoMasterKey.mm */; };
                57C3FA661F7C248F009D4B80 /* WeakPtr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1CB9BC371A67482300FE5678 /* WeakPtr.cpp */; };
                57F4AAA0208FAEF000A68E9E /* SSLKeyGenerator.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57F4AA9F208FA83D00A68E9E /* SSLKeyGenerator.mm */; };
                57F56A5C1C7F8CC100F31D7E /* IsNavigationActionTrusted.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 57F56A5B1C7F8A4000F31D7E /* IsNavigationActionTrusted.html */; };
                5797FE2F1EB15A5F00B2F4A0 /* NavigationClientDefaultCrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NavigationClientDefaultCrypto.cpp; sourceTree = "<group>"; };
                5797FE321EB15A8900B2F4A0 /* navigation-client-default-crypto.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "navigation-client-default-crypto.html"; sourceTree = "<group>"; };
                5798E2AF1CAF5C2800C5CBA0 /* ProvisionalURLNotChange.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ProvisionalURLNotChange.mm; sourceTree = "<group>"; };
+               57A79856224AB34E00A7F6F1 /* WebCryptoMasterKey.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = WebCryptoMasterKey.mm; sourceTree = "<group>"; };
                57D1D75E21DCB7A80093E86A /* U2fCommandConstructorTest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = U2fCommandConstructorTest.cpp; sourceTree = "<group>"; };
                57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = IsNavigationActionTrusted.mm; sourceTree = "<group>"; };
                57F4AA9F208FA83D00A68E9E /* SSLKeyGenerator.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = SSLKeyGenerator.mm; sourceTree = "<group>"; };
                                6356FB211EC4E0BA0044BF18 /* VisibleContentRect.mm */,
                                83779C371F82FEB0007CDA8A /* VisitedLinkStore.mm */,
                                830F2E0B209A6A7400D36FF1 /* WebContentProcessDidTerminate.mm */,
+                               57A79856224AB34E00A7F6F1 /* WebCryptoMasterKey.mm */,
                                5C973F5B1F58EF0A00359C27 /* WebGLPolicy.mm */,
                                51714EB61CF8C7A4004723C4 /* WebProcessKillIDBCleanup.mm */,
                                C1D8EE212028E8E3008EB141 /* WebProcessTerminate.mm */,
                                830F2E0C209A6A8E00D36FF1 /* WebContentProcessDidTerminate.mm in Sources */,
                                7C83E04C1D0A641800FEBCF3 /* WebCoreNSURLSession.mm in Sources */,
                                7CCE7F1A1A411AE600447C4C /* WebCoreStatisticsWithNoWebProcess.cpp in Sources */,
+                               57A79857224AB34E00A7F6F1 /* WebCryptoMasterKey.mm in Sources */,
                                5C973F5C1F58EF8B00359C27 /* WebGLPolicy.mm in Sources */,
                                7CCE7EAB1A411A2400447C4C /* WebKitAgnosticTest.mm in Sources */,
                                51714EB81CF8CA17004723C4 /* WebProcessKillIDBCleanup.mm in Sources */,
index 13abdb5..fb77702 100644 (file)
@@ -54,13 +54,17 @@ crypto.subtle.importKey("jwk", privateKeyJSON, { name: 'RSASSA-PKCS1-v1_5', hash
 
     function storeKey() {
         var objectStore = db.transaction("rsa-indexeddb", "readwrite").objectStore("rsa-indexeddb");
-        var req = objectStore.put(key, "mykey");
-        req.onerror = function(event) {
-            alert('failed to store key');
-        }
-        req.onsuccess = function(event) {
-            alert('successfully stored key');
-            readKey();
+        try {
+            var req = objectStore.put(key, "mykey");
+            req.onerror = function(event) {
+                alert('failed to store key');
+            }
+            req.onsuccess = function(event) {
+                alert('successfully stored key');
+                readKey();
+            }
+        } catch (e) {
+            alert(e.name);
         }
     }
 
diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebCryptoMasterKey.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebCryptoMasterKey.mm
new file mode 100644 (file)
index 0000000..a55114b
--- /dev/null
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "Test.h"
+#import <WebKit/WKNavigationDelegatePrivate.h>
+#import <wtf/text/WTFString.h>
+
+static bool receivedMessage = false;
+static String gMessage;
+
+@interface WebCryptoMasterKeyNavigationDelegate : NSObject <WKNavigationDelegate, WKUIDelegate>
+@end
+
+@implementation WebCryptoMasterKeyNavigationDelegate
+
+- (NSData *)_webCryptoMasterKeyForWebView:(WKWebView *)webView
+{
+    return nil;
+}
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+    gMessage = message;
+    receivedMessage = true;
+    completionHandler();
+}
+
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit, WebCryptoNilMasterKey)
+{
+    RetainPtr<NSURL> testURL = [[NSBundle mainBundle] URLForResource:@"navigation-client-default-crypto" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"];
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectMake(0, 0, 320, 500)]);
+    auto delegate = adoptNS([[WebCryptoMasterKeyNavigationDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
+    [webView setUIDelegate:delegate.get()];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:testURL.get()]];
+    Util::run(&receivedMessage);
+    EXPECT_WK_STREQ("DataCloneError", gMessage);
+}
+
+} // namespace TestWebKitAPI