[webkit-reviews] review denied: [Bug 238966] [WebAuthn] Implement getTransports() and getAuthenticatorData() on AuthenticatorAttestationResponse : [Attachment 457282] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 12 14:57:39 PDT 2022
Brent Fulgham <bfulgham at webkit.org> has denied j_pascoe at apple.com
<j_pascoe at apple.com>'s request for review:
Bug 238966: [WebAuthn] Implement getTransports() and getAuthenticatorData() on
AuthenticatorAttestationResponse
https://bugs.webkit.org/show_bug.cgi?id=238966
Attachment 457282: Patch
https://bugs.webkit.org/attachment.cgi?id=457282&action=review
--- Comment #7 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 457282
--> https://bugs.webkit.org/attachment.cgi?id=457282
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=457282&action=review
I think this looks good, but please correct the ArrayBuffer handling. At
present, I think you will end up returning deallocated memory as the
ArrayBuffer will be +0 reference count as currently written.
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:63
> +ArrayBuffer* AuthenticatorAttestationResponse::getAuthenticatorData() const
This should be RefPtr<ArrayBuffer> ...
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:68
> + return nullptr;
You could do something fancy for JavaScript:
if (!decodedResponse || !decodedResponse->isMap())
return Exception { SyntaxError, "CBOR parsing failed"_s };
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:74
> + return nullptr;
Ditto:
if (it == attObjMap.end() || !it->second.isByteString())
return Exception { SyntaxError, "Attestation missing authData <<OR
SOMETHING>>"_s {;
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:75
> + }
Is there any benefit to caching the converted bytes so we don't have to do this
work repeatedly? Or does the m_attestationObject change too much for that to be
worth doing?
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp:77
> + return ArrayBuffer::create(authData.data(), authData.size()).ptr();
Why don't we return the Ref<> instead of this bare pointer? Seems likely to be
the source of memory issues.
Instead, I think you should do:
return ArrayBuffer::tryCreate(authData.data(), authData.size());
Better yet, change the signature to ExceptionOr<RefPtr<JSC::ArrayBuffer>>, too.
> Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.h:44
> + ArrayBuffer* getAuthenticatorData() const;
I think this should be something like:
ExceptionOr<RefPtr<JSC::ArrayBuffer>> getAuthenticatorData();
Or just:
RefPtr<JSC::ArrayBuffer> getAuthenticationData();
More information about the webkit-reviews
mailing list