Skip to site navigation (Press enter)

[webkit-changes] [203165] trunk

bfulgham Wed, 13 Jul 2016 10:25:57 -0700

Title: [203165] trunk

Revision: 203165
Author: [email protected]
Date: 2016-07-13 10:25:28 -0700 (Wed, 13 Jul 2016)

Log Message

[WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
https://bugs.webkit.org/show_bug.cgi?id=159680
<rdar://problem/22102028>


Reviewed by Zalan Bujtas.

Source/WebCore:

WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
on the WebThread.

Test: http/tests/ssl/mixedContent/insecure-websocket.html

* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
the WebThread.

LayoutTests:

* http/tests/ssl/mixedContent: Added.
* http/tests/ssl/mixedContent/insecure-websocket-expected.txt: Added.
* http/tests/ssl/mixedContent/insecure-websocket.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/websockets/WebSocket.cpp

Added Paths

trunk/LayoutTests/http/tests/ssl/mixedContent/
trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt
trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket.html

Diff

Modified: trunk/LayoutTests/ChangeLog (203164 => 203165)


--- trunk/LayoutTests/ChangeLog	2016-07-13 16:30:38 UTC (rev 203164)
+++ trunk/LayoutTests/ChangeLog	2016-07-13 17:25:28 UTC (rev 203165)
@@ -1,3 +1,15 @@
+2016-07-13  Brent Fulgham  <[email protected]>
+
+        [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
+        https://bugs.webkit.org/show_bug.cgi?id=159680
+        <rdar://problem/22102028>
+
+        Reviewed by Zalan Bujtas.
+
+        * http/tests/ssl/mixedContent: Added.
+        * http/tests/ssl/mixedContent/insecure-websocket-expected.txt: Added.
+        * http/tests/ssl/mixedContent/insecure-websocket.html: Added.
+
 2016-07-13  Youenn Fablet  <[email protected]>
 
         Refresh WPT tests up to c875b42

Added: trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt (0 => 203165)


--- trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt	2016-07-13 17:25:28 UTC (rev 203165)
@@ -0,0 +1,16 @@
+CONSOLE MESSAGE: line 32: [blocked] The page at https://127.0.0.1:8443/ssl/mixedContent/insecure-websocket.html was not allowed to run insecure content from ws://127.0.0.1:8880/websocket/tests/hybi/echo.
+
+Test that we do not crash when handling mixed content events.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+Running Test
+PASSED. Socket was not created.
+This test connects to an insecure ws:// WebSocket. We should block the connection and trigger a mixed content callback because the main frame is HTTPS, but the data sent over the socket could be recorded or controlled by an attacker.
+
+

Added: trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket.html (0 => 203165)


--- trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/ssl/mixedContent/insecure-websocket.html	2016-07-13 17:25:28 UTC (rev 203165)
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src=""
+    <script>
+    if (window.testRunner) {
+        testRunner.waitUntilDone();
+        testRunner.dumpAsText();
+    }
+
+    function addConsoleMessage(message) {
+        var console = document.getElementById('console');
+        console.innerHTML += "<br/>" + message;        
+    }
+
+    function onSocketOpened() {
+        addConsoleMessage("FAILED: WebSocket connection opened.");
+        if (window.testRunner)
+            testRunner.notifyDone();
+    }
+
+    function onSocketError(event) {
+        addConsoleMessage("PASSED. Socket was not created.");
+        if (window.testRunner)
+            testRunner.notifyDone();
+    }
+
+    function runTest() {
+        addConsoleMessage("Running Test");
+        window._onerror_ = onSocketError;
+        try {
+            ws = new WebSocket("ws://127.0.0.1:8880/websocket/tests/hybi/echo");
+            ws._onopen_ = onSocketOpened;
+            ws._onerror_ = onSocketError;
+        } catch (e) {
+            if (window.testRunner)
+                testRunner.notifyDone();
+        }
+    }
+    </script>
+</head>
+<body _onload_="runTest()">
+    <script>
+    description('Test that we do not crash when handling mixed content events.');
+    </script>
+
+    <p>This test connects to an insecure ws:// WebSocket.  We should block the
+connection and trigger a mixed content callback because the main frame is
+HTTPS, but the data sent over the socket could be recorded or
+controlled by an attacker.</p>
+
+    <div id='console'></div>
+
+    <script src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (203164 => 203165)


--- trunk/Source/WebCore/ChangeLog	2016-07-13 16:30:38 UTC (rev 203164)
+++ trunk/Source/WebCore/ChangeLog	2016-07-13 17:25:28 UTC (rev 203165)
@@ -1,3 +1,20 @@
+2016-07-13  Brent Fulgham  <[email protected]>
+
+        [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
+        https://bugs.webkit.org/show_bug.cgi?id=159680
+        <rdar://problem/22102028>
+
+        Reviewed by Zalan Bujtas.
+
+        WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
+        on the WebThread.
+
+        Test: http/tests/ssl/mixedContent/insecure-websocket.html
+
+        * Modules/websockets/WebSocket.cpp:
+        (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
+        the WebThread.
+
 2016-07-13  Frederic Wang  <[email protected]>
 
         The display property of many MathML elements can not be overriden by page authors

Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (203164 => 203165)


--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp	2016-07-13 16:30:38 UTC (rev 203164)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp	2016-07-13 17:25:28 UTC (rev 203165)
@@ -63,6 +63,10 @@
 #include <wtf/text/StringBuilder.h>
 #include <wtf/text/WTFString.h>
 
+#if USE(WEB_THREAD)
+#include "WebCoreThreadRun.h"
+#endif
+
 namespace WebCore {
 
 const size_t maxReasonSizeInBytes = 123;
@@ -292,10 +296,21 @@
             // using the error event. But since this code executes as part of the WebSocket's
             // constructor, we have to wait until the constructor has completed before firing the
             // event; otherwise, users can't connect to the event.
+#if USE(WEB_THREAD)
+            ref();
+            dispatch_async(dispatch_get_main_queue(), ^{
+                WebThreadRun(^{
+                    dispatchOrQueueErrorEvent();
+                    stop();
+                    deref();
+                });
+            });
+#else
             RunLoop::main().dispatch([this, protectedThis = Ref<WebSocket>(*this)]() {
                 dispatchOrQueueErrorEvent();
                 stop();
             });
+#endif
             return;
         }
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes