Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 67117c4975bb291a8775a61ee3c19dfe13e50690
https://github.com/WebKit/WebKit/commit/67117c4975bb291a8775a61ee3c19dfe13e50690
Author: Brady Eidson <[email protected]>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M Source/WebCore/dom/MessagePort.cpp
M Source/WebCore/dom/MessagePort.h
M Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h
M Source/WebKit/WebProcess/WebProcess.cpp
M Tools/TestWebKitAPI/Resources/cocoa/MessagePortSecurity.mm
Log Message:
-----------
MessagePorts a WebContent process already has should be invalidated if the
Networking process disconnects
rdar://177440317
https://bugs.webkit.org/show_bug.cgi?id=315221
Reviewed by Basuke Suzuki.
The scenario is:
1 - A MessageChannel is created, and therefore registered with the networking
process.
2 - The Networking process disconnects (crash, jetsam, suspend, etc)
3 - A new Networking process is fired up and connects to the old WebContent
process
4 - The WebContent process tries a message channel operation in the new
Networking process on a port
the new Networking process doesn't know about.
https://commits.webkit.org/305413.547@safari-7624-branch added more aggressive
MESSAGE_CHECKs to the
networking process to protect against message port spoofs from compromised web
content processes.
The above scenario is WebKit in normal operation and unfortunately triggering
those MESSAGE_CHECKs
So this PR teaches web content processes to invalidate current message ports if
the Networking process
goes away. It handles normal message port operation, worker use, and works with
site isolation.
Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/MessagePortSecurity.mm
* Source/WebCore/dom/MessagePort.cpp:
(WebCore::MessagePort::notifyAllConnectionsClosed):
* Source/WebCore/dom/MessagePort.h:
* Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp:
(WebKit::WebMessagePortChannelProvider::createNewMessagePortChannel):
(WebKit::WebMessagePortChannelProvider::entangleLocalPortInThisProcessToRemote):
(WebKit::WebMessagePortChannelProvider::messagePortDisentangled):
(WebKit::WebMessagePortChannelProvider::networkProcessConnectionClosed):
(WebKit::WebMessagePortChannelProvider::messagePortClosed):
(WebKit::WebMessagePortChannelProvider::takeAllMessagesForPort):
* Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::networkProcessConnectionClosed):
* Tools/TestWebKitAPI/Resources/cocoa/MessagePortSecurity.mm:
((MessagePortSecurity, CrossProcessMessageTheftViaTakeAllMessagesForPort)):
((MessagePortSecurity, MessagePortsSurviveNetworkProcessRestart)):
((MessagePortSecurity,
MessagePortsSurviveNetworkProcessRestartWithSiteIsolation)):
((MessagePortSecurity, WorkerMessagePortsSurviveNetworkProcessRestart)):
Originally-landed-as: 305413.972@safari-7624-branch (b90cdae5a91d).
rdar://178741244
Canonical link: https://commits.webkit.org/314573@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
