[webkit-changes] [WebKit/WebKit] 038bfc: Perform additional validation when deserializing a...

Alex Christensen Fri, 04 Apr 2025 07:41:10 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 038bfc734181f60daa34e6dbb29b671b46b3d149
      
https://github.com/WebKit/WebKit/commit/038bfc734181f60daa34e6dbb29b671b46b3d149
  Author: Alex Christensen <achristen...@apple.com>
  Date:   2025-04-04 (Fri, 04 Apr 2025)


  Changed paths:
    M Source/WTF/wtf/win/Win32Handle.cpp

  Log Message:
  -----------
  Perform additional validation when deserializing a HANDLE from IPC on Windows
https://bugs.webkit.org/show_bug.cgi?id=291054
rdar://148248137

Reviewed by Fujii Hironori.

When deserializing values from IPC from an untrusted process, we need to make 
sure that the values
can be safely used.  This change has already been done in Chromium:
https://github.com/chromium/chromium/commit/36dbbf38697dd1e23ef8944bb9e57f6e0b3d41ec
And this change has already been done in Firefox:
https://github.com/mozilla/gecko-dev/commit/ac605820636c3b964542a2c0589af04a02235d00
Many thanks to those who pointed this out in 
https://bugs.webkit.org/show_bug.cgi?id=290759

* Source/WTF/wtf/win/Win32Handle.cpp:
(WTF::isInvalidHandle):
(WTF::Win32Handle::createFromIPCData):

Canonical link: https://commits.webkit.org/293240@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] 038bfc: Perform additional validation when deserializing a...

Reply via email to