Diff
Modified: trunk/Source/WebCore/ChangeLog (210598 => 210599)
--- trunk/Source/WebCore/ChangeLog 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/ChangeLog 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,3 +1,39 @@
+2017-01-11 Brent Fulgham <[email protected]>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Alex Christensen.
+
+ Revise SecurityOrigin to prevent files from one storage device (volume) from accessing content
+ on a different storage device (volume) unless universal access is enabled.
+
+ Pass the current file device as part of the NSURLRequest so that CFNetwork can reject loads
+ where the device changes in the midst of a load.
+
+ Also properly reflect that SecurityOrigin is never null by passing as a reference,
+ rather than as a pointer.
+
+ Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canAccess): Pass argument as reference.
+ (WebCore::SecurityOrigin::canDisplay): Add check that files share the same volume.
+ (WebCore::SecurityOrigin::isSameSchemeHostPort): Pass argument as reference.
+ * page/SecurityOrigin.h:
+ * platform/FileSystem.cpp:
+ (WebCore::filesHaveSameVolume): Added.
+ * platform/FileSystem.h:
+ * platform/network/cocoa/ResourceRequestCocoa.mm:
+ (WebCore::ResourceRequest::doUpdatePlatformRequest): If loading a file URL, tell CFNetwork
+ the storage device at the time of the start of the load so we can trigger a failure if this
+ changes during the load operation.
+ * platform/posix/FileSystemPOSIX.cpp:
+ (WebCore::getFileDeviceId): Added.
+ * platform/win/FileSystemWin.cpp:
+ (WebCore::getFileDeviceId): Added.
+
2017-01-11 Myles C. Maxfield <[email protected]>
[Cocoa] Testing fix after r210597
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (210598 => 210599)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -229,19 +229,19 @@
}
if (canAccess && isLocal())
- canAccess = passesFileCheck(other);
+ canAccess = passesFileCheck(*other);
return canAccess;
}
-bool SecurityOrigin::passesFileCheck(const SecurityOrigin* other) const
+bool SecurityOrigin::passesFileCheck(const SecurityOrigin& other) const
{
- ASSERT(isLocal() && other->isLocal());
+ ASSERT(isLocal() && other.isLocal());
- if (!m_enforceFilePathSeparation && !other->m_enforceFilePathSeparation)
+ if (!m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation)
return true;
- return (m_filePath == other->m_filePath);
+ return (m_filePath == other.m_filePath);
}
bool SecurityOrigin::canRequest(const URL& url) const
@@ -304,6 +304,11 @@
if (m_universalAccess)
return true;
+ if (isLocal() && url.isLocalFile()) {
+ if (!filesHaveSameVolume(m_filePath, url.path()))
+ return false;
+ }
+
if (isFeedWithNestedProtocolInHTTPFamily(url))
return true;
@@ -523,7 +528,7 @@
if (m_port != other->m_port)
return false;
- if (isLocal() && !passesFileCheck(other))
+ if (isLocal() && !passesFileCheck(*other))
return false;
return true;
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (210598 => 210599)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -208,7 +208,7 @@
explicit SecurityOrigin(const SecurityOrigin*);
// FIXME: Rename this function to something more semantic.
- bool passesFileCheck(const SecurityOrigin*) const;
+ bool passesFileCheck(const SecurityOrigin&) const;
// This method checks that the scheme for this origin is an HTTP-family
// scheme, e.g. HTTP and HTTPS.
Modified: trunk/Source/WebCore/platform/FileSystem.cpp (210598 => 210599)
--- trunk/Source/WebCore/platform/FileSystem.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/FileSystem.cpp 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
* Copyright (C) 2015 Canon Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -233,6 +233,26 @@
ASSERT_NOT_REACHED();
}
+
+bool filesHaveSameVolume(const String& fileA, const String& fileB)
+{
+ auto fsRepFileA = fileSystemRepresentation(fileA);
+ auto fsRepFileB = fileSystemRepresentation(fileB);
+
+ if (fsRepFileA.isNull() || fsRepFileB.isNull())
+ return false;
+
+ bool result = false;
+
+ auto fileADev = getFileDeviceId(fsRepFileA);
+ auto fileBDev = getFileDeviceId(fsRepFileB);
+
+ if (fileADev && fileBDev)
+ result = (fileADev == fileBDev);
+
+ return result;
+}
+
#if !PLATFORM(MAC)
void setMetadataURL(String&, const String&, const String&)
Modified: trunk/Source/WebCore/platform/FileSystem.h (210598 => 210599)
--- trunk/Source/WebCore/platform/FileSystem.h 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/FileSystem.h 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008, 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
* Copyright (C) 2008 Collabora, Ltd. All rights reserved.
* Copyright (C) 2015 Canon Inc. All rights reserved.
*
@@ -146,6 +146,7 @@
WEBCORE_EXPORT String pathGetFileName(const String&);
WEBCORE_EXPORT String directoryName(const String&);
WEBCORE_EXPORT bool getVolumeFreeSpace(const String&, uint64_t&);
+WEBCORE_EXPORT std::optional<int32_t> getFileDeviceId(const CString&);
WEBCORE_EXPORT void setMetadataURL(String& URLString, const String& referrer, const String& path);
@@ -193,6 +194,8 @@
WEBCORE_EXPORT String encodeForFileName(const String&);
String decodeFromFilename(const String&);
+bool filesHaveSameVolume(const String&, const String&);
+
#if USE(CF)
RetainPtr<CFURLRef> pathAsURL(const String&);
#endif
Modified: trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm (210598 => 210599)
--- trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Apple, Inc. All rights reserved.
+ * Copyright (C) 2014-2017 Apple, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -28,6 +28,7 @@
#if PLATFORM(COCOA)
+#import "FileSystem.h"
#import "FormDataStreamMac.h"
#import "HTTPHeaderNames.h"
#import "ResourceRequestCFNet.h"
@@ -203,6 +204,17 @@
}
#endif
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)
+ if (m_url.isLocalFile()) {
+ auto fsRepFile = fileSystemRepresentation(m_url.fileSystemPath());
+ if (!fsRepFile.isNull()) {
+ auto fileDevice = getFileDeviceId(fsRepFile);
+ if (fileDevice && fileDevice.value())
+ [nsRequest _setProperty:[NSNumber numberWithInteger:fileDevice.value()] forKey:@"NSURLRequestFileProtocolExpectedDevice"];
+ }
+ }
+#endif
+
m_nsRequest = adoptNS(nsRequest);
}
Modified: trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp (210598 => 210599)
--- trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -383,4 +383,13 @@
return appendResult;
}
+std::optional<int32_t> getFileDeviceId(const CString& fsFile)
+{
+ struct stat fileStat;
+ if (stat(fsFile.data(), &fileStat) == -1)
+ return std::nullopt;
+
+ return fileStat.st_dev;
+}
+
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/win/FileSystemWin.cpp (210598 => 210599)
--- trunk/Source/WebCore/platform/win/FileSystemWin.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/win/FileSystemWin.cpp 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
* Copyright (C) 2008 Collabora, Ltd. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -33,13 +33,15 @@
#include "FileMetadata.h"
#include "NotImplemented.h"
#include "PathWalker.h"
+#include <io.h>
+#include <shlobj.h>
+#include <shlwapi.h>
+#include <sys/stat.h>
+#include <windows.h>
#include <wtf/CryptographicallyRandomNumber.h>
#include <wtf/HashMap.h>
#include <wtf/text/CString.h>
-#include <windows.h>
-#include <shlobj.h>
-#include <shlwapi.h>
namespace WebCore {
@@ -452,4 +454,21 @@
return false;
}
+std::optional<int32_t> getFileDeviceId(const CString& fsFile)
+{
+ auto handle = openFile(fsFile.data(), OpenForRead);
+ if (!isHandleValid(handle))
+ return std::nullopt;
+
+ BY_HANDLE_FILE_INFORMATION fileInformation = { };
+ if (!::GetFileInformationByHandle(handle, &fileInformation)) {
+ closeFile(handle);
+ return std::nullopt;
+ }
+
+ closeFile(handle);
+
+ return fileInformation.dwVolumeSerialNumber;
+}
+
} // namespace WebCore
Modified: trunk/Tools/ChangeLog (210598 => 210599)
--- trunk/Tools/ChangeLog 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/ChangeLog 2017-01-11 21:55:20 UTC (rev 210599)
@@ -1,3 +1,15 @@
+2017-01-11 Brent Fulgham <[email protected]>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Alex Christensen.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.
+
2017-01-11 Ryan Haddad <[email protected]>
Unreviewed, rolling out r210571.
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (210598 => 210599)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-01-11 21:55:20 UTC (rev 210599)
@@ -197,6 +197,8 @@
7A909A831D877480007E10F8 /* IntSize.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A751D877475007E10F8 /* IntSize.cpp */; };
7AD3FE8E1D76131200B169A4 /* TransformationMatrix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */; };
7AE9E5091AE5AE8B00CF874B /* test.pdf in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7AE9E5081AE5AE8B00CF874B /* test.pdf */; };
+ 7AEAD47F1E20116C00416EFE /* CrossPartitionFileSchemeAccess.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */; };
+ 7AEAD4811E20122700416EFE /* CrossPartitionFileSchemeAccess.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */; };
7C3965061CDD74F90094DBB8 /* Color.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7C3965051CDD74F90094DBB8 /* Color.cpp */; };
7C3DB8E41D12129B00AE8CC3 /* CommandBackForward.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */; };
7C417F331D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7C417F311D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm */; };
@@ -601,6 +603,7 @@
dstPath = TestWebKitAPI.resources;
dstSubfolderSpec = 7;
files = (
+ 7AEAD4811E20122700416EFE /* CrossPartitionFileSchemeAccess.html in Copy Resources */,
CDB4115A1E0B00DB00EAD352 /* video-with-muted-audio.html in Copy Resources */,
9BD4239C1E04C01C00200395 /* chinese-character-with-image.html in Copy Resources */,
A155022C1E050D0300A24C57 /* duplicate-completion-handler-calls.html in Copy Resources */,
@@ -1040,6 +1043,8 @@
7AA6A1511AAC0B31002B2ED3 /* WorkQueue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkQueue.cpp; sourceTree = "<group>"; };
7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformationMatrix.cpp; sourceTree = "<group>"; };
7AE9E5081AE5AE8B00CF874B /* test.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = test.pdf; sourceTree = "<group>"; };
+ 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CrossPartitionFileSchemeAccess.mm; sourceTree = "<group>"; };
+ 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; name = CrossPartitionFileSchemeAccess.html; path = Tests/mac/CrossPartitionFileSchemeAccess.html; sourceTree = SOURCE_ROOT; };
7C3965051CDD74F90094DBB8 /* Color.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Color.cpp; sourceTree = "<group>"; };
7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CommandBackForward.mm; sourceTree = "<group>"; };
7C417F311D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKWebViewDefaultNavigationDelegate.mm; sourceTree = "<group>"; };
@@ -2029,6 +2034,7 @@
C07E6CAD13FD67650038B22B /* mac */ = {
isa = PBXGroup;
children = (
+ 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */,
5C0BF88F1DD5999B00B00328 /* WebViewCanPasteZeroPng.mm */,
5C0BF88C1DD5957400B00328 /* MemoryPressureHandler.mm */,
C07E6CB013FD737C0038B22B /* Resources */,
@@ -2093,6 +2099,7 @@
C07E6CB013FD737C0038B22B /* Resources */ = {
isa = PBXGroup;
children = (
+ 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */,
F42DA5151D8CEFDB00336F40 /* large-input-field-focus-onload.html */,
379028B814FABE49007E6B43 /* acceptsFirstMouse.html */,
B55F11B9151916E600915916 /* Ahem.ttf */,
@@ -2497,6 +2504,7 @@
2DC4CF771D2D9DD800ECCC94 /* DataDetection.mm in Sources */,
2D1646E21D1862CD00015A1A /* DeferredViewInWindowStateChange.mm in Sources */,
7CCE7EB91A411A7E00447C4C /* DeviceScaleFactorInDashboardRegions.mm in Sources */,
+ 7AEAD47F1E20116C00416EFE /* CrossPartitionFileSchemeAccess.mm in Sources */,
7CCE7EBA1A411A7E00447C4C /* DeviceScaleFactorOnBack.mm in Sources */,
7C83E04D1D0A641800FEBCF3 /* DFACombiner.cpp in Sources */,
7C83E04E1D0A641800FEBCF3 /* DFAMinimizer.cpp in Sources */,
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp (210598 => 210599)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp 2017-01-11 21:55:20 UTC (rev 210599)
@@ -118,6 +118,13 @@
{
WKRetainPtr<WKContextRef> context = adoptWK(WKContextCreate());
+ bool keepOnKeepingOn = true;
+ size_t i = 0;
+ while (keepOnKeepingOn) {
+ ++i;
+ sleep(1);
+ }
+
WKRetainPtr<WKPageGroupRef> pageGroup(AdoptWK, WKPageGroupCreateWithIdentifier(Util::toWK("MSEIsPlayingAudioPageGroup").get()));
WKPreferencesRef preferences = WKPageGroupGetPreferences(pageGroup.get());
WKPreferencesSetMediaSourceEnabled(preferences, true);
