Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cf35c41d585e1d65b51404b0cbb247cc91017a15
https://github.com/WebKit/WebKit/commit/cf35c41d585e1d65b51404b0cbb247cc91017a15
Author: Chris Dumez <[email protected]>
Date: 2026-06-11 (Thu, 11 Jun 2026)
Changed paths:
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
Log Message:
-----------
Remove dead key-store-full detection in CtapAuthenticator
https://bugs.webkit.org/show_bug.cgi?id=316753
rdar://problem/316753
Reviewed by Pascoe.
continueMakeCredentialAfterCheckExcludedCredentials() guarded a key-store-full
branch with:
m_info.remainingDiscoverableCredentials() &&
!m_info.remainingDiscoverableCredentials()
remainingDiscoverableCredentials() returns a std::optional<uint32_t>, so this is
`opt.has_value() && !opt.has_value()`, which is always false. The clause was
dead
and only m_isKeyStoreFull ever took the branch.
Detecting a full discoverable credential store from the getInfo response is not
the right behavior: getInfo is known before the user selects an authenticator
(selection happens when the user taps a key during makeCredential), so reacting
to
a full store here would error out the ceremony whenever a full key is plugged
in,
even when the user intends to use a different key. A full store is correctly
handled
once the selected key responds with CTAP2_ERR_KEY_STORE_FULL, which sets
m_isKeyStoreFull. Remove the always-false clause rather than make it live.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
Canonical link: https://commits.webkit.org/315062@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
