Re: NSSecureCoding & NSAttributedString
Re: NSSecureCoding & NSAttributedString
- Subject: Re: NSSecureCoding & NSAttributedString
- From: Quincey Morris <email@hidden>
- Date: Sun, 18 Feb 2018 13:02:40 -0800
On Feb 18, 2018, at 10:30 , Markus Spoettl <email@hidden> wrote:
>
> The decoder isn't terribly concerned with where the individual classes will
> occur, just that they might.
I was going to reply that it’s stupid that it behaves like this, but I guess it
makes some sense after all. The secure coding protection against class
substitutions can be global like this, since class identities are global in the
archive.
Still, you should probably assert “[notes isKindOf: [NSAttributedString
class]]” immediately after that decode. Maybe I’m overthinking it, but I’d
worry that your workaround enables some other kind of attack. For example,
without the check, a maliciously-crafted archive that cause “notes” to be a
NSTextTab could potentially crash your app, and that in turn might open up a
vulnerability.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden