Bug 219709

Summary: [WebAuthn] Adopt new UI for the Platform Authenticator makeCredential flow
Product: WebKit Reporter: Jiewen Tan <jiewen_tan>
Component: WebKit Misc.Assignee: Jiewen Tan <jiewen_tan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 181943    
Attachments:
Description Flags
Patch
ews-feeder: commit-queue-
Patch bfulgham: review+

Jiewen Tan
Reported 2020-12-09 14:57:13 PST
Adopt new UI for the Platform Authenticator makeCredential flow.
Attachments
Patch (28.25 KB, patch)
2020-12-10 21:49 PST, Jiewen Tan
ews-feeder: commit-queue-
Patch (28.79 KB, patch)
2020-12-10 22:26 PST, Jiewen Tan
bfulgham: review+
Radar WebKit Bug Importer
Comment 1 2020-12-09 14:57:49 PST
Jiewen Tan
Comment 2 2020-12-10 21:49:49 PST
Jiewen Tan
Comment 3 2020-12-10 22:26:33 PST
Brent Fulgham
Comment 4 2020-12-11 11:23:02 PST
Comment on attachment 415970 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415970&action=review > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:237 > + // This is for the new UI. I don't think you need this comment since the next line is conditional on the new UI. > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 > + SecAccessControlRef accessControlRef = accessControl.get(); Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe? > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 > + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()]; This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method.
Jiewen Tan
Comment 5 2020-12-11 11:29:45 PST
Comment on attachment 415970 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415970&action=review Thanks Brent for reviewing this patch. >> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:237 >> + // This is for the new UI. > > I don't think you need this comment since the next line is conditional on the new UI. Removed. >> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 >> + SecAccessControlRef accessControlRef = accessControl.get(); > > Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe? Yes, it is retained in the callback. >> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 >> + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()]; > > This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method. accessControl is held by the completionHandler, which is the held by reply. As long as the callee doesn't destruct the reply before verifying the accessControl, it should be safe.
Brent Fulgham
Comment 6 2020-12-11 11:41:25 PST
Comment on attachment 415970 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415970&action=review r=me >>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:315 >>> + SecAccessControlRef accessControlRef = accessControl.get(); >> >> Does accessControlRef need to be retained in some fashion? Will calling 'verifyUser' with this be safe? > > Yes, it is retained in the callback. Ah! Gotcha, My mistake! >>> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:119 >>> + [context evaluateAccessControl:accessControl operation:LAAccessControlOperationUseKeySign options:options.get() reply:reply.get()]; >> >> This method call seems to use 'accessControl', which is not guaranteed to still live since you moved the underlying object in the calling method. > > accessControl is held by the completionHandler, which is the held by reply. As long as the callee doesn't destruct the reply before verifying the accessControl, it should be safe. Got it.
Jiewen Tan
Comment 7 2020-12-11 11:43:42 PST
Comment on attachment 415970 [details] Patch Thanks Brent for r+ this patch.
Jiewen Tan
Comment 8 2020-12-11 11:47:14 PST
Jiewen Tan
Comment 9 2020-12-11 17:07:01 PST
Note You need to log in before you can comment on or make changes to this bug.