Title: [141336] trunk/Source/WebCore
- Revision
- 141336
- Author
- commit-qu...@webkit.org
- Date
- 2013-01-30 16:03:07 -0800 (Wed, 30 Jan 2013)
Log Message
[BlackBerry] Never store empty credentials in NetworkJob::storeCredentials
https://bugs.webkit.org/show_bug.cgi?id=108387
Patch by Joe Mason <jma...@rim.com> on 2013-01-30
Reviewed by Yong Li.
There is a code path that can cause NetworkJob::storeCredentials to be called with empty
credentials, causing the existing credentials to be overwritten even though authentication
succeeded. PR 287791 has been filed to investigate why this happens; in the meantime, ignore empty
credentials.
Internal PR: 281172
Internally Reviewed By: Leo Yang
* platform/network/blackberry/NetworkJob.cpp:
(WebCore::NetworkJob::storeCredentials):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (141335 => 141336)
--- trunk/Source/WebCore/ChangeLog 2013-01-30 23:52:53 UTC (rev 141335)
+++ trunk/Source/WebCore/ChangeLog 2013-01-31 00:03:07 UTC (rev 141336)
@@ -1,3 +1,21 @@
+2013-01-30 Joe Mason <jma...@rim.com>
+
+ [BlackBerry] Never store empty credentials in NetworkJob::storeCredentials
+ https://bugs.webkit.org/show_bug.cgi?id=108387
+
+ Reviewed by Yong Li.
+
+ There is a code path that can cause NetworkJob::storeCredentials to be called with empty
+ credentials, causing the existing credentials to be overwritten even though authentication
+ succeeded. PR 287791 has been filed to investigate why this happens; in the meantime, ignore empty
+ credentials.
+
+ Internal PR: 281172
+ Internally Reviewed By: Leo Yang
+
+ * platform/network/blackberry/NetworkJob.cpp:
+ (WebCore::NetworkJob::storeCredentials):
+
2013-01-30 Andy Estes <aes...@apple.com>
ContentFilter should be a ref-counted class
Modified: trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp (141335 => 141336)
--- trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp 2013-01-30 23:52:53 UTC (rev 141335)
+++ trunk/Source/WebCore/platform/network/blackberry/NetworkJob.cpp 2013-01-31 00:03:07 UTC (rev 141336)
@@ -887,6 +887,16 @@
if (challenge.isStored())
return;
+ // Obviously we can't have successfully authenticated with empty credentials. (To store empty
+ // credentials, use purgeCredentials.)
+
+ // FIXME: We should assert here, but there is one path (when the credentials are read from the
+ // proxy config entirely in the platform layer) where storeCredentials is called with an empty
+ // challenge. The credentials should be passed back from the platform layer for storage in this
+ // case - see PR 287791.
+ if (challenge.proposedCredential().user().isEmpty() || challenge.proposedCredential().password().isEmpty())
+ return;
+
CredentialStorage::set(challenge.proposedCredential(), challenge.protectionSpace(), m_response.url());
challenge.setStored(true);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes