Title: [151238] trunk/Source/WebCore
- Revision
- 151238
- Author
- [email protected]
- Date
- 2013-06-05 14:30:37 -0700 (Wed, 05 Jun 2013)
Log Message
[curl] Restrict allowed protocols
https://bugs.webkit.org/show_bug.cgi?id=117257
Patch by Peter Gal <[email protected]> on 2013-06-05
Reviewed by Brent Fulgham.
curl supports various protocols (like: HTTP,...,POP3,IMAP...) and by
default all of the are enabled for a single curl handle. Furthermore
all of the protocols are allowed during Location header follow.
This could pose a security risk for example: a malicious server responds
with a crafted Location header pointing to an imap/../(etc) url and the
curl backend will follow it and will give the result for the WebCore.
This patch will restrict the allowed protocols to: HTTP(S), FTP(S), FILE
* platform/network/curl/ResourceHandleManager.cpp:
(WebCore::ResourceHandleManager::initializeHandle):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (151237 => 151238)
--- trunk/Source/WebCore/ChangeLog 2013-06-05 21:25:27 UTC (rev 151237)
+++ trunk/Source/WebCore/ChangeLog 2013-06-05 21:30:37 UTC (rev 151238)
@@ -1,3 +1,22 @@
+2013-06-05 Peter Gal <[email protected]>
+
+ [curl] Restrict allowed protocols
+ https://bugs.webkit.org/show_bug.cgi?id=117257
+
+ Reviewed by Brent Fulgham.
+
+ curl supports various protocols (like: HTTP,...,POP3,IMAP...) and by
+ default all of the are enabled for a single curl handle. Furthermore
+ all of the protocols are allowed during Location header follow.
+ This could pose a security risk for example: a malicious server responds
+ with a crafted Location header pointing to an imap/../(etc) url and the
+ curl backend will follow it and will give the result for the WebCore.
+
+ This patch will restrict the allowed protocols to: HTTP(S), FTP(S), FILE
+
+ * platform/network/curl/ResourceHandleManager.cpp:
+ (WebCore::ResourceHandleManager::initializeHandle):
+
2013-06-05 Bear Travis <[email protected]>
[css exclusions] Clean up ExclusionShapeInsideInfo dynamic removal code
Modified: trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp (151237 => 151238)
--- trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2013-06-05 21:25:27 UTC (rev 151237)
+++ trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp 2013-06-05 21:30:37 UTC (rev 151238)
@@ -657,6 +657,7 @@
void ResourceHandleManager::initializeHandle(ResourceHandle* job)
{
+ static const int allowedProtocols = CURLPROTO_FILE | CURLPROTO_FTP | CURLPROTO_FTPS | CURLPROTO_HTTP | CURLPROTO_HTTPS;
KURL kurl = job->firstRequest().url();
// Remove any fragment part, otherwise curl will send it as part of the request.
@@ -700,6 +701,8 @@
curl_easy_setopt(d->m_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_easy_setopt(d->m_handle, CURLOPT_SHARE, m_curlShareHandle);
curl_easy_setopt(d->m_handle, CURLOPT_DNS_CACHE_TIMEOUT, 60 * 5); // 5 minutes
+ curl_easy_setopt(d->m_handle, CURLOPT_PROTOCOLS, allowedProtocols);
+ curl_easy_setopt(d->m_handle, CURLOPT_REDIR_PROTOCOLS, allowedProtocols);
// FIXME: Enable SSL verification when we have a way of shipping certs
// and/or reporting SSL errors to the user.
if (ignoreSSLErrors)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
