[webkit-changes] [219754] trunk/Source/WebKit

[beidson]

Title: [219754] trunk/Source/WebKit

Revision

219754

Author

beid...@apple.com

Date

2017-07-21 17:15:00 -0700 (Fri, 21 Jul 2017)

Log Message

Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace.
<rdar://problem/28822272> and https://bugs.webkit.org/show_bug.cgi?id=174729

Reviewed by Tim Horton.

Previously, when a NetworkLoad generated a "CanAuthenticateAgainstProtectionSpace" event, the message went from
Network process -> Web process -> UI process.

In that case, MESSAGE_CHECKing the validity of the frame in WebPageProxy made sense.

In r202511 we cut the WebProcess out of this and had Networking go straight to UI process.

As a result, the message check became invalid. The Networking process cannot possible know the validity of
particular WebPage or WebFrame identifiers.

We simply need to validate the input in NetworkProcessProxy.

* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace): Validate both the page and frame ids before
  passing the call along to the WebPageProxy. Also, if either of those validations fail, respond to the network process.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (219753 => 219754)

--- trunk/Source/WebKit/ChangeLog	2017-07-22 00:13:11 UTC (rev 219753)
+++ trunk/Source/WebKit/ChangeLog	2017-07-22 00:15:00 UTC (rev 219754)
@@ -1,3 +1,26 @@
+2017-07-21  Brady Eidson  <beid...@apple.com>
+
+        Crash in many WebKit apps marking a connection invalid under Messages::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace.
+        <rdar://problem/28822272> and https://bugs.webkit.org/show_bug.cgi?id=174729
+
+        Reviewed by Tim Horton.
+
+        Previously, when a NetworkLoad generated a "CanAuthenticateAgainstProtectionSpace" event, the message went from
+        Network process -> Web process -> UI process.
+
+        In that case, MESSAGE_CHECKing the validity of the frame in WebPageProxy made sense.
+
+        In r202511 we cut the WebProcess out of this and had Networking go straight to UI process.
+
+        As a result, the message check became invalid. The Networking process cannot possible know the validity of 
+        particular WebPage or WebFrame identifiers.
+
+        We simply need to validate the input in NetworkProcessProxy.
+
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::canAuthenticateAgainstProtectionSpace): Validate both the page and frame ids before
+          passing the call along to the WebPageProxy. Also, if either of those validations fail, respond to the network process.
+
 2017-07-21  Andy Estes  <aes...@apple.com>
 
         [iOS] Adopt UIImagePickerControllerImageURL for photo uploads

Modified: trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (219753 => 219754)

--- trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp	2017-07-22 00:13:11 UTC (rev 219753)
+++ trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp	2017-07-22 00:15:00 UTC (rev 219754)
@@ -367,11 +367,20 @@
 #if USE(PROTECTION_SPACE_AUTH_CALLBACK)
 void NetworkProcessProxy::canAuthenticateAgainstProtectionSpace(uint64_t loaderID, uint64_t pageID, uint64_t frameID, const WebCore::ProtectionSpace& protectionSpace)
 {
-    WebPageProxy* page = WebProcessProxy::webPage(pageID);
-    if (!page)
-        return;
+    // NetworkProcess state cannot asynchronously be kept in sync with these objects
+    // like we expect WebProcess <-> UIProcess state to be kept in sync.
+    // So there's no guarantee the messaged WebPageProxy or WebFrameProxy exist here in the UIProcess.
+    // We need to validate both the page and the frame up front.
+    if (auto* page = WebProcessProxy::webPage(pageID)) {
+        if (page->process().webFrame(frameID)) {
+            page->canAuthenticateAgainstProtectionSpace(loaderID, frameID, protectionSpace);
+            return;
+        }
+    }
     
-    page->canAuthenticateAgainstProtectionSpace(loaderID, frameID, protectionSpace);
+    // In the case where we will not be able to reply to this message with a client reply,
+    // we should message back a default to the Networking process.
+    send(Messages::NetworkProcess::ContinueCanAuthenticateAgainstProtectionSpace(loaderID, false), 0);
 }
 #endif
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes