Title: [255930] releases/WebKitGTK/webkit-2.28/Source/WebKit
- Revision
- 255930
- Author
- [email protected]
- Date
- 2020-02-06 07:10:25 -0800 (Thu, 06 Feb 2020)
Log Message
Merge r255864 - [IPC hardening] Protect against bad originIdentifier String in WebPageProxy::reachedApplicationCacheOriginQuota() / requestGeolocationPermissionForFrame()
https://bugs.webkit.org/show_bug.cgi?id=207292
<rdar://problem/58345601>
Reviewed by David Kilzer.
* UIProcess/WebPageProxy.cpp:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (255929 => 255930)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:10:22 UTC (rev 255929)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:10:25 UTC (rev 255930)
@@ -1,5 +1,15 @@
2020-02-05 Chris Dumez <[email protected]>
+ [IPC hardening] Protect against bad originIdentifier String in WebPageProxy::reachedApplicationCacheOriginQuota() / requestGeolocationPermissionForFrame()
+ https://bugs.webkit.org/show_bug.cgi?id=207292
+ <rdar://problem/58345601>
+
+ Reviewed by David Kilzer.
+
+ * UIProcess/WebPageProxy.cpp:
+
+2020-02-05 Chris Dumez <[email protected]>
+
[IPC Hardening] Protect against targetId String being invalid in WebPageProxy::createInspectorTarget() / destroyInspectorTarget()
https://bugs.webkit.org/show_bug.cgi?id=207288
<rdar://problem/57645953>
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp (255929 => 255930)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-06 15:10:22 UTC (rev 255929)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-02-06 15:10:25 UTC (rev 255930)
@@ -7779,17 +7779,23 @@
void WebPageProxy::reachedApplicationCacheOriginQuota(const String& originIdentifier, uint64_t currentQuota, uint64_t totalBytesNeeded, Messages::WebPageProxy::ReachedApplicationCacheOriginQuota::DelayedReply&& reply)
{
- Ref<SecurityOrigin> securityOrigin = SecurityOriginData::fromDatabaseIdentifier(originIdentifier)->securityOrigin();
+ auto securityOriginData = SecurityOriginData::fromDatabaseIdentifier(originIdentifier);
+ MESSAGE_CHECK(m_process, securityOriginData);
+
+ Ref<SecurityOrigin> securityOrigin = securityOriginData->securityOrigin();
m_uiClient->reachedApplicationCacheOriginQuota(this, securityOrigin.get(), currentQuota, totalBytesNeeded, WTFMove(reply));
}
void WebPageProxy::requestGeolocationPermissionForFrame(uint64_t geolocationID, FrameIdentifier frameID, String originIdentifier)
{
- WebFrameProxy* frame = m_process->webFrame(frameID);
+ auto* frame = m_process->webFrame(frameID);
MESSAGE_CHECK(m_process, frame);
+ auto securityOriginData = SecurityOriginData::fromDatabaseIdentifier(originIdentifier);
+ MESSAGE_CHECK(m_process, securityOriginData);
+
// FIXME: Geolocation should probably be using toString() as its string representation instead of databaseIdentifier().
- auto origin = API::SecurityOrigin::create(SecurityOriginData::fromDatabaseIdentifier(originIdentifier)->securityOrigin());
+ auto origin = API::SecurityOrigin::create(securityOriginData->securityOrigin());
auto request = m_geolocationPermissionRequestManager.createRequest(geolocationID);
Function<void(bool)> completionHandler = [request = WTFMove(request)](bool allowed) {
if (allowed)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
