Title: [255922] releases/WebKitGTK/webkit-2.28/Source/WebKit
- Revision
- 255922
- Author
- [email protected]
- Date
- 2020-02-06 07:09:58 -0800 (Thu, 06 Feb 2020)
Log Message
Merge r255847 - [IPC Hardening] Protect against bad ClientOrigin under Engine::readCachesFromDisk()
https://bugs.webkit.org/show_bug.cgi?id=207280
<rdar://problem/59013832>
Reviewed by Geoffrey Garen.
Protect against bad ClientOrigin under Engine::readCachesFromDisk(), as it is coming from
IPC from the WebContent process.
* NetworkProcess/cache/CacheStorageEngine.cpp:
(WebKit::CacheStorage::Engine::readCachesFromDisk):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (255921 => 255922)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:09:54 UTC (rev 255921)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:09:58 UTC (rev 255922)
@@ -1,3 +1,17 @@
+2020-02-05 Chris Dumez <[email protected]>
+
+ [IPC Hardening] Protect against bad ClientOrigin under Engine::readCachesFromDisk()
+ https://bugs.webkit.org/show_bug.cgi?id=207280
+ <rdar://problem/59013832>
+
+ Reviewed by Geoffrey Garen.
+
+ Protect against bad ClientOrigin under Engine::readCachesFromDisk(), as it is coming from
+ IPC from the WebContent process.
+
+ * NetworkProcess/cache/CacheStorageEngine.cpp:
+ (WebKit::CacheStorage::Engine::readCachesFromDisk):
+
2020-02-05 Alex Christensen <[email protected]>
Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/NetworkProcess/cache/CacheStorageEngine.cpp (255921 => 255922)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/NetworkProcess/cache/CacheStorageEngine.cpp 2020-02-06 15:09:54 UTC (rev 255921)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/NetworkProcess/cache/CacheStorageEngine.cpp 2020-02-06 15:09:58 UTC (rev 255922)
@@ -394,6 +394,11 @@
return;
}
+ if (!m_caches.isValidKey(origin)) {
+ callback(makeUnexpected(Error::Internal));
+ return;
+ }
+
auto& caches = m_caches.ensure(origin, [&origin, this] {
auto path = cachesRootPath(origin);
return Caches::create(*this, WebCore::ClientOrigin { origin }, WTFMove(path));
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
