[webkit-changes] [228963] branches/safari-605-branch/Source

[jmarcell]

Title: [228963] branches/safari-605-branch/Source

Revision

228963

Author

jmarc...@apple.com

Date

2018-02-23 13:40:30 -0800 (Fri, 23 Feb 2018)

Log Message

Apply patch. rdar://problem/37836719

Modified Paths

• branches/safari-605-branch/Source/WebCore/ChangeLog
• branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp
• branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h
• branches/safari-605-branch/Source/WebKit/ChangeLog
• branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp

Diff

Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (228962 => 228963)

--- branches/safari-605-branch/Source/WebCore/ChangeLog	2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog	2018-02-23 21:40:30 UTC (rev 228963)
@@ -1,5 +1,23 @@
 2018-02-23  Jason Marcell  <jmarc...@apple.com>
 
+        Apply patch. rdar://problem/37836719
+
+    2018-02-23  Chris Dumez  <cdu...@apple.com>
+
+            Add release asserts for service worker fetch and postMessage events
+            https://bugs.webkit.org/show_bug.cgi?id=183025
+            <rdar://problem/37765052>
+
+            Reviewed by Chris Dumez.
+
+            Moving from release assert to early exit with release logging.
+
+            * workers/service/context/ServiceWorkerThread.cpp:
+            (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
+            * workers/service/context/ServiceWorkerThreadProxy.h:
+
+2018-02-23  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r228919. rdar://problem/37836719
 
     2018-02-22  Youenn Fablet  <you...@apple.com>

Modified: branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp (228962 => 228963)

--- branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp	2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp	2018-02-23 21:40:30 UTC (rev 228963)
@@ -33,6 +33,7 @@
 #include "EventNames.h"
 #include "ExtendableMessageEvent.h"
 #include "JSDOMPromise.h"
+#include "Logging.h"
 #include "NetworkStateNotifier.h"
 #include "SecurityOrigin.h"
 #include "ServiceWorkerFetch.h"
@@ -120,7 +121,11 @@
         if (WTF::holds_alternative<ServiceWorkerClientData>(sourceData)) {
             RefPtr<ServiceWorkerClient> sourceClient = ServiceWorkerClient::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerClientData>(sourceData)));
 
-            RELEASE_ASSERT(!sourceClient->url().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url()));
+            if (sourceClient->url().protocolIsInHTTPFamily() && serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url())) {
+                RELEASE_LOG_ERROR_IF(!context.sessionID().isEphemeral(), ServiceWorker, "ServiceWorkerThread::postMessageToServiceWorker - Received message from invalid service worker client due to origin - context is %p\n", &context);
+                ASSERT_NOT_REACHED();
+                return;
+            }
 
             sourceOrigin = SecurityOrigin::create(sourceClient->url());
             source = WTFMove(sourceClient);
@@ -127,7 +132,11 @@
         } else {
             RefPtr<ServiceWorker> sourceWorker = ServiceWorker::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerData>(sourceData)));
 
-            RELEASE_ASSERT(!sourceWorker->scriptURL().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL()));
+            if (sourceWorker->scriptURL().protocolIsInHTTPFamily() && serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL())) {
+                RELEASE_LOG_ERROR_IF(!context.sessionID().isEphemeral(), ServiceWorker, "ServiceWorkerThread::postMessageToServiceWorker - Received message from invalid service worker due to origin - context is %p\n", &context);
+                ASSERT_NOT_REACHED();
+                return;
+            }
 
             sourceOrigin = SecurityOrigin::create(sourceWorker->scriptURL());
             source = WTFMove(sourceWorker);

Modified: branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h (228962 => 228963)

--- branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h	2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h	2018-02-23 21:40:30 UTC (rev 228963)
@@ -66,6 +66,7 @@
     WEBCORE_EXPORT std::unique_ptr<FetchLoader> createBlobLoader(FetchLoaderClient&, const URL&);
 
     const URL& scriptURL() const { return m_document->url(); }
+    PAL::SessionID sessionID() const { return m_sessionID; }
 
     // Public only for testing purposes.
     WEBCORE_TESTSUPPORT_EXPORT void notifyNetworkStateChange(bool isOnline);

Modified: branches/safari-605-branch/Source/WebKit/ChangeLog (228962 => 228963)

--- branches/safari-605-branch/Source/WebKit/ChangeLog	2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebKit/ChangeLog	2018-02-23 21:40:30 UTC (rev 228963)
@@ -1,5 +1,22 @@
 2018-02-23  Jason Marcell  <jmarc...@apple.com>
 
+        Apply patch. rdar://problem/37836719
+
+    2018-02-23  Chris Dumez  <cdu...@apple.com>
+
+            Add release asserts for service worker fetch and postMessage events
+            https://bugs.webkit.org/show_bug.cgi?id=183025
+            <rdar://problem/37765052>
+
+            Reviewed by Chris Dumez.
+
+            Moving from release assert to early exit with release logging.
+
+            * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+            (WebKit::WebSWContextManagerConnection::startFetch):
+
+2018-02-23  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r228930. rdar://problem/37836719
 
     2018-02-22  Youenn Fablet  <you...@apple.com>

Modified: branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (228962 => 228963)

--- branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp	2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp	2018-02-23 21:40:30 UTC (rev 228963)
@@ -199,7 +199,12 @@
         return;
     }
 
-    RELEASE_ASSERT(isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer));
+    if (!isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)) {
+        RELEASE_LOG_ERROR_IF(!serviceWorkerThreadProxy->sessionID().isEphemeral(), ServiceWorker, "%p - WebSWContextManagerConnection::startFetch - Service Worker received an invalid fetch due to origin", this);
+        m_connectionToStorageProcess->send(Messages::StorageProcess::DidNotHandleFetch(serverConnectionIdentifier, fetchIdentifier), 0);
+        ASSERT_NOT_REACHED();
+        return;
+    }
 
     auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier);
     std::optional<ServiceWorkerClientIdentifier> clientId;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes