Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: da44cdb89cd768f800e38ca1f675b723b70bb575
https://github.com/WebKit/WebKit/commit/da44cdb89cd768f800e38ca1f675b723b70bb575
Author: Brady Eidson <[email protected]>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
A Tools/TestWebKitAPI/Resources/cocoa/MessagePortSecurity.mm
M Tools/TestWebKitAPI/Scripts/generate-unified-sources.sh
M Tools/TestWebKitAPI/SourcesCocoa.txt
M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
M Tools/TestWebKitAPI/UnifiedSources-output.xcfilelist
Log Message:
-----------
Compromised web content process unauthorized access to pending MessagePort
messages
rdar://172706670
Reviewed by Chris Dumez.
Specially crafted IPC from a web content process can ask for pending
MessagePort messages
that don't belong to it by either guessing or otherwise establishing the
internal
identifier for the given MessagePort.
This patch adds a MESSAGE_CHECK that always returns empty results on such an
attempt.
Tests: Tools/TestWebKitAPI/Tests/WebKitCocoa/MessagePortSecurity.mm
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::takeAllMessagesForPort):
* Tools/TestWebKitAPI/SourcesCocoa.txt:
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/MessagePortSecurity.mm: Added.
(enableIPCTestingAPI):
(addEventListener):
(function):
((MessagePortSecurity, CrossProcessMessageTheftViaTakeAllMessagesForPort)):
Originally-landed-as: 305413.547@rapid/safari-7624.2.5.110-branch
(a9b7107ffbd9). rdar://176062008
Canonical link: https://commits.webkit.org/314495@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
