Diff
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (228962 => 228963)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-02-23 21:40:30 UTC (rev 228963)
@@ -1,5 +1,23 @@
2018-02-23 Jason Marcell <jmarc...@apple.com>
+ Apply patch. rdar://problem/37836719
+
+ 2018-02-23 Chris Dumez <cdu...@apple.com>
+
+ Add release asserts for service worker fetch and postMessage events
+ https://bugs.webkit.org/show_bug.cgi?id=183025
+ <rdar://problem/37765052>
+
+ Reviewed by Chris Dumez.
+
+ Moving from release assert to early exit with release logging.
+
+ * workers/service/context/ServiceWorkerThread.cpp:
+ (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
+ * workers/service/context/ServiceWorkerThreadProxy.h:
+
+2018-02-23 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r228919. rdar://problem/37836719
2018-02-22 Youenn Fablet <you...@apple.com>
Modified: branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp (228962 => 228963)
--- branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp 2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThread.cpp 2018-02-23 21:40:30 UTC (rev 228963)
@@ -33,6 +33,7 @@
#include "EventNames.h"
#include "ExtendableMessageEvent.h"
#include "JSDOMPromise.h"
+#include "Logging.h"
#include "NetworkStateNotifier.h"
#include "SecurityOrigin.h"
#include "ServiceWorkerFetch.h"
@@ -120,7 +121,11 @@
if (WTF::holds_alternative<ServiceWorkerClientData>(sourceData)) {
RefPtr<ServiceWorkerClient> sourceClient = ServiceWorkerClient::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerClientData>(sourceData)));
- RELEASE_ASSERT(!sourceClient->url().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url()));
+ if (sourceClient->url().protocolIsInHTTPFamily() && serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceClient->url())) {
+ RELEASE_LOG_ERROR_IF(!context.sessionID().isEphemeral(), ServiceWorker, "ServiceWorkerThread::postMessageToServiceWorker - Received message from invalid service worker client due to origin - context is %p\n", &context);
+ ASSERT_NOT_REACHED();
+ return;
+ }
sourceOrigin = SecurityOrigin::create(sourceClient->url());
source = WTFMove(sourceClient);
@@ -127,7 +132,11 @@
} else {
RefPtr<ServiceWorker> sourceWorker = ServiceWorker::getOrCreate(serviceWorkerGlobalScope, WTFMove(WTF::get<ServiceWorkerData>(sourceData)));
- RELEASE_ASSERT(!sourceWorker->scriptURL().protocolIsInHTTPFamily() || !serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() || protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL()));
+ if (sourceWorker->scriptURL().protocolIsInHTTPFamily() && serviceWorkerGlobalScope.url().protocolIsInHTTPFamily() && !protocolHostAndPortAreEqual(serviceWorkerGlobalScope.url(), sourceWorker->scriptURL())) {
+ RELEASE_LOG_ERROR_IF(!context.sessionID().isEphemeral(), ServiceWorker, "ServiceWorkerThread::postMessageToServiceWorker - Received message from invalid service worker due to origin - context is %p\n", &context);
+ ASSERT_NOT_REACHED();
+ return;
+ }
sourceOrigin = SecurityOrigin::create(sourceWorker->scriptURL());
source = WTFMove(sourceWorker);
Modified: branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h (228962 => 228963)
--- branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h 2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h 2018-02-23 21:40:30 UTC (rev 228963)
@@ -66,6 +66,7 @@
WEBCORE_EXPORT std::unique_ptr<FetchLoader> createBlobLoader(FetchLoaderClient&, const URL&);
const URL& scriptURL() const { return m_document->url(); }
+ PAL::SessionID sessionID() const { return m_sessionID; }
// Public only for testing purposes.
WEBCORE_TESTSUPPORT_EXPORT void notifyNetworkStateChange(bool isOnline);
Modified: branches/safari-605-branch/Source/WebKit/ChangeLog (228962 => 228963)
--- branches/safari-605-branch/Source/WebKit/ChangeLog 2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebKit/ChangeLog 2018-02-23 21:40:30 UTC (rev 228963)
@@ -1,5 +1,22 @@
2018-02-23 Jason Marcell <jmarc...@apple.com>
+ Apply patch. rdar://problem/37836719
+
+ 2018-02-23 Chris Dumez <cdu...@apple.com>
+
+ Add release asserts for service worker fetch and postMessage events
+ https://bugs.webkit.org/show_bug.cgi?id=183025
+ <rdar://problem/37765052>
+
+ Reviewed by Chris Dumez.
+
+ Moving from release assert to early exit with release logging.
+
+ * WebProcess/Storage/WebSWContextManagerConnection.cpp:
+ (WebKit::WebSWContextManagerConnection::startFetch):
+
+2018-02-23 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r228930. rdar://problem/37836719
2018-02-22 Youenn Fablet <you...@apple.com>
Modified: branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp (228962 => 228963)
--- branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-02-23 21:39:04 UTC (rev 228962)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp 2018-02-23 21:40:30 UTC (rev 228963)
@@ -199,7 +199,12 @@
return;
}
- RELEASE_ASSERT(isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer));
+ if (!isValidFetch(request, options, serviceWorkerThreadProxy->scriptURL(), referrer)) {
+ RELEASE_LOG_ERROR_IF(!serviceWorkerThreadProxy->sessionID().isEphemeral(), ServiceWorker, "%p - WebSWContextManagerConnection::startFetch - Service Worker received an invalid fetch due to origin", this);
+ m_connectionToStorageProcess->send(Messages::StorageProcess::DidNotHandleFetch(serverConnectionIdentifier, fetchIdentifier), 0);
+ ASSERT_NOT_REACHED();
+ return;
+ }
auto client = WebServiceWorkerFetchTaskClient::create(m_connectionToStorageProcess.copyRef(), serviceWorkerIdentifier, serverConnectionIdentifier, fetchIdentifier);
std::optional<ServiceWorkerClientIdentifier> clientId;