Diff
Modified: trunk/Source/WebCore/ChangeLog (232419 => 232420)
--- trunk/Source/WebCore/ChangeLog 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebCore/ChangeLog 2018-06-01 22:34:31 UTC (rev 232420)
@@ -1,3 +1,18 @@
+2018-06-01 Youenn Fablet <[email protected]>
+
+ Add an option to restrict communication to localhost sockets
+ https://bugs.webkit.org/show_bug.cgi?id=186208
+
+ Reviewed by Eric Carlson.
+
+ Covered by existing tests.
+ Add an option in LibWebRTCProvider to restrict to localhost sockets.
+ Use that option when Internals is used.
+
+ * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
+ * testing/Internals.cpp:
+ (WebCore::Internals::resetToConsistentState):
+
2018-06-01 Ryosuke Niwa <[email protected]>
ResourceLoader::cancel() shouldn't synchronously fire load event on document
Modified: trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h (232419 => 232420)
--- trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h 2018-06-01 22:34:31 UTC (rev 232420)
@@ -107,6 +107,8 @@
void disableEnumeratingAllNetworkInterfaces() { m_enableEnumeratingAllNetworkInterfaces = false; }
void enableEnumeratingAllNetworkInterfaces() { m_enableEnumeratingAllNetworkInterfaces = true; }
+ virtual void disableNonLocalhostConnections() { };
+
protected:
LibWebRTCProvider() = default;
Modified: trunk/Source/WebCore/testing/Internals.cpp (232419 => 232420)
--- trunk/Source/WebCore/testing/Internals.cpp 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebCore/testing/Internals.cpp 2018-06-01 22:34:31 UTC (rev 232420)
@@ -493,7 +493,9 @@
printContextForTesting() = nullptr;
#if USE(LIBWEBRTC)
- WebCore::useRealRTCPeerConnectionFactory(page.libWebRTCProvider());
+ auto& rtcProvider = page.libWebRTCProvider();
+ WebCore::useRealRTCPeerConnectionFactory(rtcProvider);
+ rtcProvider.disableNonLocalhostConnections();
#endif
page.settings().setStorageAccessAPIEnabled(false);
Modified: trunk/Source/WebKit/ChangeLog (232419 => 232420)
--- trunk/Source/WebKit/ChangeLog 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/ChangeLog 2018-06-01 22:34:31 UTC (rev 232420)
@@ -1,3 +1,26 @@
+2018-06-01 Youenn Fablet <[email protected]>
+
+ Add an option to restrict communication to localhost sockets
+ https://bugs.webkit.org/show_bug.cgi?id=186208
+
+ Reviewed by Eric Carlson.
+
+ Implement restriction to localhost sockets by setting any IP address to 127.0.0.1.
+ This is done on WebProcess side just before requesting to open the socket by NetworkProcess.
+
+ * WebProcess/Network/webrtc/LibWebRTCNetwork.h:
+ (WebKit::LibWebRTCNetwork::disableNonLocalhostConnections):
+ * WebProcess/Network/webrtc/LibWebRTCProvider.cpp:
+ (WebKit::LibWebRTCProvider::disableNonLocalhostConnections):
+ (WebKit::LibWebRTCProvider::registerMDNSName):
+ * WebProcess/Network/webrtc/LibWebRTCProvider.h:
+ * WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp:
+ (WebKit::prepareSocketAddress):
+ (WebKit::LibWebRTCSocketFactory::CreateServerTcpSocket):
+ (WebKit::LibWebRTCSocketFactory::CreateUdpSocket):
+ (WebKit::LibWebRTCSocketFactory::CreateClientTcpSocket):
+ * WebProcess/Network/webrtc/LibWebRTCSocketFactory.h:
+
2018-06-01 Chris Dumez <[email protected]>
Regression(r230876): Swipe navigation snapshot may get removed too early
Modified: trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCNetwork.h (232419 => 232420)
--- trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCNetwork.h 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCNetwork.h 2018-06-01 22:34:31 UTC (rev 232420)
@@ -44,6 +44,8 @@
WebRTCMonitor& monitor() { return m_webNetworkMonitor; }
LibWebRTCSocketFactory& socketFactory() { return m_socketFactory; }
+ void disableNonLocalhostConnections() { socketFactory().disableNonLocalhostConnections(); }
+
WebRTCSocket socket(uint64_t identifier) { return WebRTCSocket(socketFactory(), identifier); }
WebRTCResolver resolver(uint64_t identifier) { return WebRTCResolver(socketFactory(), identifier); }
#endif
Modified: trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.cpp (232419 => 232420)
--- trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.cpp 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.cpp 2018-06-01 22:34:31 UTC (rev 232420)
@@ -41,12 +41,17 @@
return WebCore::LibWebRTCProvider::createPeerConnection(observer, WebProcess::singleton().libWebRTCNetwork().monitor(), WebProcess::singleton().libWebRTCNetwork().socketFactory(), WTFMove(configuration));
}
+void LibWebRTCProvider::disableNonLocalhostConnections()
+{
+ WebProcess::singleton().libWebRTCNetwork().disableNonLocalhostConnections();
+}
+
void LibWebRTCProvider::unregisterMDNSNames(uint64_t documentIdentifier)
{
WebProcess::singleton().libWebRTCNetwork().mdnsRegister().unregisterMDNSNames(documentIdentifier);
}
- void LibWebRTCProvider::registerMDNSName(PAL::SessionID sessionID, uint64_t documentIdentifier, const String& ipAddress, CompletionHandler<void(MDNSNameOrError&&)>&& callback)
+void LibWebRTCProvider::registerMDNSName(PAL::SessionID sessionID, uint64_t documentIdentifier, const String& ipAddress, CompletionHandler<void(MDNSNameOrError&&)>&& callback)
{
WebProcess::singleton().libWebRTCNetwork().mdnsRegister().registerMDNSName(sessionID, documentIdentifier, ipAddress, WTFMove(callback));
}
Modified: trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.h (232419 => 232420)
--- trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.h 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCProvider.h 2018-06-01 22:34:31 UTC (rev 232420)
@@ -51,6 +51,7 @@
void unregisterMDNSNames(uint64_t documentIdentifier) final;
void registerMDNSName(PAL::SessionID, uint64_t documentIdentifier, const String& ipAddress, CompletionHandler<void(MDNSNameOrError&&)>&&) final;
void resolveMDNSName(PAL::SessionID, const String& name, CompletionHandler<void(IPAddressOrError&&)>&&) final;
+ void disableNonLocalhostConnections() final;
};
#else
using LibWebRTCProvider = WebCore::LibWebRTCProvider;
Modified: trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp (232419 => 232420)
--- trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.cpp 2018-06-01 22:34:31 UTC (rev 232420)
@@ -40,12 +40,20 @@
uint64_t LibWebRTCSocketFactory::s_uniqueSocketIdentifier = 0;
uint64_t LibWebRTCSocketFactory::s_uniqueResolverIdentifier = 0;
+static inline rtc::SocketAddress prepareSocketAddress(const rtc::SocketAddress& address, bool disableNonLocalhostConnections)
+{
+ auto result = RTCNetwork::isolatedCopy(address);
+ if (disableNonLocalhostConnections)
+ result.SetIP("127.0.0.1");
+ return result;
+}
+
rtc::AsyncPacketSocket* LibWebRTCSocketFactory::CreateServerTcpSocket(const rtc::SocketAddress& address, uint16_t minPort, uint16_t maxPort, int options)
{
auto socket = std::make_unique<LibWebRTCSocket>(*this, ++s_uniqueSocketIdentifier, LibWebRTCSocket::Type::ServerTCP, address, rtc::SocketAddress());
m_sockets.set(socket->identifier(), socket.get());
- callOnMainThread([identifier = socket->identifier(), address = RTCNetwork::isolatedCopy(address), minPort, maxPort, options]() {
+ callOnMainThread([identifier = socket->identifier(), address = prepareSocketAddress(address, m_disableNonLocalhostConnections), minPort, maxPort, options]() {
if (!WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkRTCProvider::CreateServerTCPSocket(identifier, RTCNetwork::SocketAddress(address), minPort, maxPort, options), 0)) {
// FIXME: Set error back to socket
return;
@@ -61,7 +69,7 @@
auto socket = std::make_unique<LibWebRTCSocket>(*this, ++s_uniqueSocketIdentifier, LibWebRTCSocket::Type::UDP, address, rtc::SocketAddress());
m_sockets.set(socket->identifier(), socket.get());
- callOnMainThread([identifier = socket->identifier(), address = RTCNetwork::isolatedCopy(address), minPort, maxPort]() {
+ callOnMainThread([identifier = socket->identifier(), address = prepareSocketAddress(address, m_disableNonLocalhostConnections), minPort, maxPort]() {
if (!WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkRTCProvider::CreateUDPSocket(identifier, RTCNetwork::SocketAddress(address), minPort, maxPort), 0)) {
// FIXME: Set error back to socket
return;
@@ -76,7 +84,7 @@
socket->setState(LibWebRTCSocket::STATE_CONNECTING);
m_sockets.set(socket->identifier(), socket.get());
- callOnMainThread([identifier = socket->identifier(), localAddress = RTCNetwork::isolatedCopy(localAddress), remoteAddress = RTCNetwork::isolatedCopy(remoteAddress), options]() {
+ callOnMainThread([identifier = socket->identifier(), localAddress = prepareSocketAddress(localAddress, m_disableNonLocalhostConnections), remoteAddress = prepareSocketAddress(remoteAddress, m_disableNonLocalhostConnections), options]() {
if (!WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkRTCProvider::CreateClientTCPSocket(identifier, RTCNetwork::SocketAddress(localAddress), RTCNetwork::SocketAddress(remoteAddress), options), 0)) {
// FIXME: Set error back to socket
return;
Modified: trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.h (232419 => 232420)
--- trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.h 2018-06-01 22:30:02 UTC (rev 232419)
+++ trunk/Source/WebKit/WebProcess/Network/webrtc/LibWebRTCSocketFactory.h 2018-06-01 22:34:31 UTC (rev 232420)
@@ -49,6 +49,8 @@
rtc::AsyncPacketSocket* createNewConnectionSocket(LibWebRTCSocket&, uint64_t newConnectionSocketIdentifier, const rtc::SocketAddress&);
+ void disableNonLocalhostConnections() { m_disableNonLocalhostConnections = true; }
+
private:
rtc::AsyncPacketSocket* CreateUdpSocket(const rtc::SocketAddress&, uint16_t minPort, uint16_t maxPort) final;
rtc::AsyncPacketSocket* CreateServerTcpSocket(const rtc::SocketAddress&, uint16_t min_port, uint16_t max_port, int options) final;
@@ -62,6 +64,7 @@
// We can own resolvers as we control their Destroy method.
HashMap<uint64_t, std::unique_ptr<LibWebRTCResolver>> m_resolvers;
static uint64_t s_uniqueResolverIdentifier;
+ bool m_disableNonLocalhostConnections { false };
};
} // namespace WebKit
