[webkit-changes] [295454] trunk/Source

Fri, 10 Jun 2022 09:14:13 -0700

Title: [295454] trunk/Source
Revision
295454
Author
[email protected]
Date
2022-06-10 09:13:17 -0700 (Fri, 10 Jun 2022)

Log Message

[GLib] Validate proxy URLs passed to WebKitNetworkProxySettings
https://bugs.webkit.org/show_bug.cgi?id=241485

Patch by Michael Catanzaro <[email protected]> on 2022-06-10
Reviewed by Philippe Normand.

Validate that users pass only valid URLs to these APIs.

* Source/WTF/wtf/URL.h: Opportunistic typo fix.
* Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp:
(webkit_network_proxy_settings_new):
(webkit_network_proxy_settings_add_proxy_for_scheme):

Canonical link: https://commits.webkit.org/251460@main

Modified Paths

Diff

Modified: trunk/Source/WTF/wtf/URL.h (295453 => 295454)


--- trunk/Source/WTF/wtf/URL.h	2022-06-10 15:19:42 UTC (rev 295453)
+++ trunk/Source/WTF/wtf/URL.h	2022-06-10 16:13:17 UTC (rev 295454)
@@ -61,7 +61,7 @@
     bool isHashTableDeletedValue() const { return m_string.isHashTableDeletedValue(); }
 
     // Resolves the relative URL with the given base URL. If provided, the
-    // URLTextEncoding is used to encode non-ASCII characers. The base URL can be
+    // URLTextEncoding is used to encode non-ASCII characters. The base URL can be
     // null or empty, in which case the relative URL will be interpreted as absolute.
     WTF_EXPORT_PRIVATE URL(const URL& base, const String& relative, const URLTextEncoding* = nullptr);

Modified: trunk/Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp (295453 => 295454)


--- trunk/Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp	2022-06-10 15:19:42 UTC (rev 295453)
+++ trunk/Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp	2022-06-10 16:13:17 UTC (rev 295454)
@@ -22,7 +22,9 @@
 
 #include "WebKitNetworkProxySettingsPrivate.h"
 #include <WebCore/SoupNetworkProxySettings.h>
+#include <wtf/URL.h>
 #include <wtf/glib/WTFGType.h>
+#include <wtf/text/WTFString.h>
 
 using namespace WebCore;
 
@@ -105,8 +107,10 @@
 {
     WebKitNetworkProxySettings* proxySettings = static_cast<WebKitNetworkProxySettings*>(fastMalloc(sizeof(WebKitNetworkProxySettings)));
     new (proxySettings) WebKitNetworkProxySettings;
-    if (defaultProxyURI)
+    if (defaultProxyURI) {
+        g_return_val_if_fail(URL(String::fromUTF8(defaultProxyURI)).isValid(), nullptr);
         proxySettings->settings.defaultProxyURL = defaultProxyURI;
+    }
     if (ignoreHosts)
         proxySettings->settings.ignoreHosts.reset(g_strdupv(const_cast<char**>(ignoreHosts)));
     return proxySettings;
@@ -164,6 +168,7 @@
     g_return_if_fail(proxySettings);
     g_return_if_fail(scheme);
     g_return_if_fail(proxyURI);
+    g_return_if_fail(URL(String::fromUTF8(proxyURI)).isValid());
 
     proxySettings->settings.proxyMap.add(scheme, proxyURI);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to