[webkit-changes] [194910] branches/safari-601.1.46-branch

Tue, 12 Jan 2016 11:31:55 -0800

Title: [194910] branches/safari-601.1.46-branch

Diff

Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (194909 => 194910)


--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-01-12 19:31:26 UTC (rev 194909)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog	2016-01-12 19:31:29 UTC (rev 194910)
@@ -1,5 +1,20 @@
 2016-01-11  Matthew Hanson  <[email protected]>
 
+        Merge r194666. rdar://problem/24101185
+
+    2016-01-06  Brent Fulgham  <[email protected]>
+
+            Port blocking bypass issue using 307 redirect
+            https://bugs.webkit.org/show_bug.cgi?id=152801
+            <rdar://problem/24048554>
+
+            Reviewed by Anders Carlsson.
+
+            * http/tests/security/blocked-on-redirect-expected.txt: Added.
+            * http/tests/security/blocked-on-redirect.html: Added.
+
+2016-01-11  Matthew Hanson  <[email protected]>
+
         Merge r194038. rdar://problem/24101170
 
     2015-12-14  Daniel Bates  <[email protected]>

Added: branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect-expected.txt (0 => 194910)


--- branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect-expected.txt	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect-expected.txt	2016-01-12 19:31:29 UTC (rev 194910)
@@ -0,0 +1,5 @@
+http://127.0.0.1:8000/resources/redirect.php?code=307&url="" - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/resources/redirect.php?code=307&url="" main document URL http://127.0.0.1:8000/security/blocked-on-redirect.html, http method GET> redirectResponse (null)
+http://127.0.0.1:8000/security/blocked-on-redirect.html - didFinishLoading
+CONSOLE MESSAGE: Not allowed to use restricted network port: http://localhost:25/security/resources/post-done.html
+http://127.0.0.1:8000/resources/redirect.php?code=307&url="" - didFailLoadingWithError: <NSError domain WebKitErrorDomain, code 103, failing URL "http://localhost:25/security/resources/post-done.html">
+This test produces output in the console. Only the initial URL should be logged.

Added: branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect.html (0 => 194910)


--- branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect.html	                        (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/http/tests/security/blocked-on-redirect.html	2016-01-12 19:31:29 UTC (rev 194910)
@@ -0,0 +1,10 @@
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpResourceLoadCallbacks();
+}
+</script>
+
+This test produces output in the console.  Only the initial URL should be logged.
+
+<iframe src = ""

Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (194909 => 194910)


--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-01-12 19:31:26 UTC (rev 194909)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog	2016-01-12 19:31:29 UTC (rev 194910)
@@ -1,5 +1,29 @@
 2016-01-11  Matthew Hanson  <[email protected]>
 
+        Merge r194666. rdar://problem/24101185
+
+    2016-01-06  Brent Fulgham  <[email protected]>
+
+            Port blocking bypass issue using 307 redirect
+            https://bugs.webkit.org/show_bug.cgi?id=152801
+            <rdar://problem/24048554>
+
+            Reviewed by Anders Carlsson.
+
+            Tested by http/tests/security/blocked-on-redirect.html.
+
+            Make sure that 307 redirects check the requested URL via 'portAllowed'.
+
+            * loader/DocumentLoader.cpp:
+            (WebCore::DocumentLoader::willSendRequest): Confirm that the requested port
+            is valid, and block load if it is not.
+            * loader/FrameLoader.cpp:
+            (WebCore::FrameLoader::reportBlockedPortFailed): Added.
+            (WebCore::FrameLoader::blockedError): Added.
+            * loader/FrameLoader.h:
+
+2016-01-11  Matthew Hanson  <[email protected]>
+
         Merge r194038. rdar://problem/24101170
 
     2015-12-14  Daniel Bates  <[email protected]>

Modified: branches/safari-601.1.46-branch/Source/WebCore/loader/DocumentLoader.cpp (194909 => 194910)


--- branches/safari-601.1.46-branch/Source/WebCore/loader/DocumentLoader.cpp	2016-01-12 19:31:26 UTC (rev 194909)
+++ branches/safari-601.1.46-branch/Source/WebCore/loader/DocumentLoader.cpp	2016-01-12 19:31:29 UTC (rev 194910)
@@ -512,6 +512,11 @@
             cancelMainResourceLoad(frameLoader()->cancelledError(newRequest));
             return;
         }
+        if (!portAllowed(newRequest.url())) {
+            FrameLoader::reportBlockedPortFailed(m_frame, newRequest.url().string());
+            cancelMainResourceLoad(frameLoader()->blockedError(newRequest));
+            return;
+        }
         timing().addRedirect(redirectResponse.url(), newRequest.url());
     }

Modified: branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp (194909 => 194910)


--- branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp	2016-01-12 19:31:26 UTC (rev 194909)
+++ branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp	2016-01-12 19:31:29 UTC (rev 194910)
@@ -1493,6 +1493,15 @@
     frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to load local resource: " + url);
 }
 
+void FrameLoader::reportBlockedPortFailed(Frame* frame, const String& url)
+{
+    ASSERT(!url.isEmpty());
+    if (!frame)
+        return;
+    
+    frame->document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to use restricted network port: " + url);
+}
+
 const ResourceRequest& FrameLoader::initialRequest() const
 {
     return activeDocumentLoader()->originalRequest();
@@ -3324,6 +3333,13 @@
     return error;
 }
 
+ResourceError FrameLoader::blockedError(const ResourceRequest& request) const
+{
+    ResourceError error = m_client.blockedError(request);
+    error.setIsCancellation(true);
+    return error;
+}
+
 #if PLATFORM(IOS)
 RetainPtr<CFDictionaryRef> FrameLoader::connectionProperties(ResourceLoader* loader)
 {

Modified: branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.h (194909 => 194910)


--- branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.h	2016-01-12 19:31:26 UTC (rev 194909)
+++ branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.h	2016-01-12 19:31:29 UTC (rev 194910)
@@ -133,6 +133,7 @@
     void retryAfterFailedCacheOnlyMainResourceLoad();
 
     static void reportLocalLoadFailed(Frame*, const String& url);
+    static void reportBlockedPortFailed(Frame*, const String& url);
 
     // FIXME: These are all functions which stop loads. We have too many.
     WEBCORE_EXPORT void stopAllLoaders(ClearProvisionalItemPolicy = ShouldClearProvisionalItem);
@@ -170,6 +171,7 @@
     void handleFallbackContent();
 
     WEBCORE_EXPORT ResourceError cancelledError(const ResourceRequest&) const;
+    ResourceError blockedError(const ResourceRequest&) const;
 
     bool isHostedByObjectElement() const;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to