Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix a few more secure decoding issues #13886

Merged
merged 1 commit into from
May 15, 2023
Merged

Fix a few more secure decoding issues #13886

merged 1 commit into from
May 15, 2023

Conversation

achristensen07
Copy link
Contributor

@achristensen07 achristensen07 commented May 15, 2023
edited by webkit-early-warning-system

b17879d

Fix a few more secure decoding issues
https://bugs.webkit.org/show_bug.cgi?id=256790
rdar://109286881

Reviewed by Wenson Hsieh.

Reports indicate DDScannerResult can contain NSMutableStrings, which fail to decode
in strict mode when expecting an NSString.  Fix this by doing the same transformation
from mutable to not mutable on the encoding side that we do elsewhere.

Reports also indicate that NSURLRequest can contain mutable plist types like
NSMutableURLRequest can.  To be conservative, add the same allowed mutable plist types
when decoding the two classes.

The soft linking code for PAL::isDataDetectorsCoreFrameworkAvailable already effectively
caches the result of dlsym, so making our own cache is redundant.  Same with the other
similar caches.

Also, as a slight perf optimization, check the bools like rewriteMutableString first
before calling dynamic_objc_cast since the former is often false, the latter is more
expensive, and both need to be true to enter the condition.

* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(-[WKSecureCodingArchivingDelegate archiver:willEncodeObject:]):
(-[WKSecureCodingArchivingDelegate init]):
(IPC::encodeSecureCodingInternal):
(IPC::shouldEnableStrictMode):
(IPC::decodeSecureCodingInternal):

Canonical link: https://commits.webkit.org/264079@main

cbdf304

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  wincairo
βœ… πŸ›  ios-sim βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ§ͺ api-mac βœ… πŸ›  gtk
  πŸ§ͺ ios-wk2-wpt   πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ mac-wk2 βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  tv-sim
βœ… πŸ›  watch
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim

@achristensen07 achristensen07 self-assigned this May 15, 2023
@achristensen07 achristensen07 added the WebKit Misc. For miscellaneous bugs in the WebKit framework (and not JavaScriptCore or WebCore). label May 15, 2023
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash ed6ea78)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style ⏳ πŸ›  ios   πŸ›  mac   πŸ›  wpe ⏳ πŸ›  wincairo
⏳ πŸ›  ios-sim   πŸ›  mac-AS-debug   πŸ§ͺ wpe-wk2
  πŸ§ͺ webkitperl ⏳ πŸ§ͺ ios-wk2   πŸ§ͺ api-mac   πŸ›  gtk
⏳ πŸ§ͺ ios-wk2-wpt   πŸ§ͺ mac-wk1   πŸ§ͺ gtk-wk2
⏳ πŸ›  πŸ§ͺ jsc ⏳ πŸ§ͺ api-ios   πŸ§ͺ mac-wk2   πŸ§ͺ api-gtk
⏳ πŸ›  tv   πŸ§ͺ mac-AS-debug-wk2
⏳ πŸ›  tv-sim   πŸ§ͺ mac-wk2-stress
⏳ πŸ›  watch
⏳ πŸ›  watch-sim

@achristensen07 achristensen07 force-pushed the eng/Fix-a-few-more-secure-decoding-issues branch from ed6ea78 to 3c8b180 Compare May 15, 2023 16:40
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 3c8b180)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe ⏳ πŸ›  wincairo
⏳ πŸ›  ios-sim βœ… πŸ›  mac-AS-debug   πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl ⏳ πŸ§ͺ ios-wk2   πŸ§ͺ api-mac βœ… πŸ›  gtk
⏳ πŸ§ͺ ios-wk2-wpt ⏳ πŸ§ͺ gtk-wk2
⏳ πŸ›  πŸ§ͺ jsc ⏳ πŸ§ͺ api-ios   πŸ§ͺ mac-wk2   πŸ§ͺ api-gtk
⏳ πŸ›  tv   πŸ§ͺ mac-AS-debug-wk2
⏳ πŸ›  tv-sim
⏳ πŸ›  watch
⏳ πŸ›  watch-sim

@achristensen07 achristensen07 force-pushed the eng/Fix-a-few-more-secure-decoding-issues branch from 3c8b180 to abd428d Compare May 15, 2023 16:47
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash abd428d)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe ⏳ πŸ›  wincairo
⏳ πŸ›  ios-sim βœ… πŸ›  mac-AS-debug   πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl ⏳ πŸ§ͺ ios-wk2   πŸ§ͺ api-mac βœ… πŸ›  gtk
⏳ πŸ§ͺ ios-wk2-wpt ⏳ πŸ§ͺ gtk-wk2
⏳ πŸ›  πŸ§ͺ jsc ⏳ πŸ§ͺ api-ios   πŸ§ͺ mac-wk2   πŸ§ͺ api-gtk
⏳ πŸ›  tv   πŸ§ͺ mac-AS-debug-wk2
⏳ πŸ›  tv-sim
βœ… πŸ›  watch
⏳ πŸ›  watch-sim

whsieh
whsieh approved these changes May 15, 2023
View reviewed changes
Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm Outdated
if (auto mutableArray = dynamic_objc_cast<NSMutableArray>(object); mutableArray && rewriteMutableArray)
return adoptNS([mutableArray copy]).autorelease();
if (rewriteMutableArray) {
if (auto mutableArray = dynamic_objc_cast<NSMutableArray>(object); mutableArray)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (auto mutableArray = dynamic_objc_cast<NSMutableArray>(object); mutableArray)
if (auto mutableArray = dynamic_objc_cast<NSMutableArray>(object))

Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm Outdated
if (auto mutableData = dynamic_objc_cast<NSMutableData>(object); mutableData && rewriteMutableData)
return adoptNS([mutableData copy]).autorelease();
if (rewriteMutableData) {
if (auto mutableData = dynamic_objc_cast<NSMutableData>(object); mutableData)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (auto mutableData = dynamic_objc_cast<NSMutableData>(object); mutableData)
if (auto mutableData = dynamic_objc_cast<NSMutableData>(object))

Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm Outdated
if (auto mutableDict = dynamic_objc_cast<NSMutableDictionary>(object); mutableDict && rewriteMutableDictionary)
return adoptNS([mutableDict copy]).autorelease();
if (rewriteMutableDictionary) {
if (auto mutableDict = dynamic_objc_cast<NSMutableDictionary>(object); mutableDict)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (auto mutableDict = dynamic_objc_cast<NSMutableDictionary>(object); mutableDict)
if (auto mutableDict = dynamic_objc_cast<NSMutableDictionary>(object))

Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm Outdated
}

if (rewriteMutableString) {
if (auto mutableString = dynamic_objc_cast<NSMutableString>(object); mutableString)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (auto mutableString = dynamic_objc_cast<NSMutableString>(object); mutableString)
if (auto mutableString = dynamic_objc_cast<NSMutableString>(object))

@achristensen07 achristensen07 force-pushed the eng/Fix-a-few-more-secure-decoding-issues branch from abd428d to cbdf304 Compare May 15, 2023 16:53
@webkit-early-warning-system
Copy link
Collaborator

EWS run on current version of this PR (hash cbdf304)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  wincairo
βœ… πŸ›  ios-sim βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ wpe-wk2
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ§ͺ api-mac βœ… πŸ›  gtk
  πŸ§ͺ ios-wk2-wpt   πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ mac-wk2 βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  tv-sim
βœ… πŸ›  watch
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim

@achristensen07 achristensen07 added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 15, 2023
@achristensen07
Fix a few more secure decoding issues
b17879d 
https://bugs.webkit.org/show_bug.cgi?id=256790
rdar://109286881

Reviewed by Wenson Hsieh.

Reports indicate DDScannerResult can contain NSMutableStrings, which fail to decode
in strict mode when expecting an NSString.  Fix this by doing the same transformation
from mutable to not mutable on the encoding side that we do elsewhere.

Reports also indicate that NSURLRequest can contain mutable plist types like
NSMutableURLRequest can.  To be conservative, add the same allowed mutable plist types
when decoding the two classes.

The soft linking code for PAL::isDataDetectorsCoreFrameworkAvailable already effectively
caches the result of dlsym, so making our own cache is redundant.  Same with the other
similar caches.

Also, as a slight perf optimization, check the bools like rewriteMutableString first
before calling dynamic_objc_cast since the former is often false, the latter is more
expensive, and both need to be true to enter the condition.

* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(-[WKSecureCodingArchivingDelegate archiver:willEncodeObject:]):
(-[WKSecureCodingArchivingDelegate init]):
(IPC::encodeSecureCodingInternal):
(IPC::shouldEnableStrictMode):
(IPC::decodeSecureCodingInternal):

Canonical link: https://commits.webkit.org/264079@main
@webkit-commit-queue webkit-commit-queue force-pushed the eng/Fix-a-few-more-secure-decoding-issues branch from cbdf304 to b17879d Compare May 15, 2023 18:51
@webkit-commit-queue
Copy link
Collaborator

Committed 264079@main (b17879d): https://commits.webkit.org/264079@main

Reviewed commits have been landed. Closing PR #13886 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit b17879d into WebKit:main May 15, 2023
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whsieh whsieh whsieh approved these changes

Assignees

@achristensen07 achristensen07

Labels
WebKit Misc. For miscellaneous bugs in the WebKit framework (and not JavaScriptCore or WebCore).
Projects
None yet
Milestone
No milestone
4 participants
@achristensen07 @webkit-early-warning-system @webkit-commit-queue @whsieh