[Webkit-unassigned] [Bug 219434] New: [WebAuthn] Crash of the browser when rp.icon is too long and device is Yubikey (overflow?)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 2 09:28:53 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=219434
Bug ID: 219434
Summary: [WebAuthn] Crash of the browser when rp.icon is too
long and device is Yubikey (overflow?)
Product: WebKit
Version: Safari 14
Hardware: Macintosh
OS: macOS 10.15
Status: NEW
Severity: Major
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: fortin81 at gmail.com
Created attachment 415228
--> https://bugs.webkit.org/attachment.cgi?id=415228&action=review
Data to pass to navigator.credentials.create to reproduce
Hi,
I'm not sure of the implications of this issue, but I believe someone might be interested to have a look as this js webauthn call generates a crash on most current browsers.
The problem seems to happen with navigator.credentials.create(data) when providing the data with an rp.icon containing more than 8kb of base64 encoded png and using a Yubikey USB device (model "5 NFC" here), the browsers just crash.
An example data to reproduce, with rp.icon being of 9kb, is attached to this bug, I encoded it with JSON.stringify to save it.
It happens on Safari 14.0 (15610.1.28.1.9, 15610), Safari Technology Preview 116 (and also Chrome 87.0.4280.67, but not Firefox 83.0) on macOS Catalina 10.15.7.
If the USB device is not connected, the browsers don't crash.
I don't have any other USB webauthn device to check if this is specific to Yubikeys, but when using SoftU2F the call doesn't make the browsers crash.
I also don't have a windows or linux to check if this is specific to macOS.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201202/a6460e41/attachment-0001.htm>
More information about the webkit-unassigned
mailing list