Skip to site navigation (Press enter)

[webkit-changes] [256146] releases/WebKitGTK/webkit-2.28/Source/WebKit

carlosgc Mon, 10 Feb 2020 05:25:57 -0800

Title: [256146] releases/WebKitGTK/webkit-2.28/Source/WebKit

Revision: 256146
Author: carlo...@webkit.org
Date: 2020-02-10 05:25:20 -0800 (Mon, 10 Feb 2020)

Log Message

Merge r256084 - [IPC Hardening] Protect against bad parameters in WebProcessProxy::getPluginProcessConnection()
https://bugs.webkit.org/show_bug.cgi?id=207416
<rdar://problem/58617244>


Reviewed by David Kilzer.

* UIProcess/Plugins/PluginProcessManager.cpp:
(WebKit::PluginProcessManager::getPluginProcessConnection):
* UIProcess/Plugins/PluginProcessManager.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::getPluginProcessConnection):

Modified Paths

releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog
releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.cpp
releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.h
releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebProcessProxy.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (256145 => 256146)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-02-10 13:25:16 UTC (rev 256145)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-02-10 13:25:20 UTC (rev 256146)
@@ -1,3 +1,17 @@
+2020-02-07  Chris Dumez  <cdu...@apple.com>
+
+        [IPC Hardening] Protect against bad parameters in WebProcessProxy::getPluginProcessConnection()
+        https://bugs.webkit.org/show_bug.cgi?id=207416
+        <rdar://problem/58617244>
+
+        Reviewed by David Kilzer.
+
+        * UIProcess/Plugins/PluginProcessManager.cpp:
+        (WebKit::PluginProcessManager::getPluginProcessConnection):
+        * UIProcess/Plugins/PluginProcessManager.h:
+        * UIProcess/WebProcessProxy.cpp:
+        (WebKit::WebProcessProxy::getPluginProcessConnection):
+
 2020-02-07  Alex Christensen  <achristen...@webkit.org>
 
         Harden HashTable IPC decoders

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.cpp (256145 => 256146)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.cpp	2020-02-10 13:25:16 UTC (rev 256145)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.cpp	2020-02-10 13:25:20 UTC (rev 256146)
@@ -82,12 +82,17 @@
     return token;
 }
 
-void PluginProcessManager::getPluginProcessConnection(uint64_t pluginProcessToken, Messages::WebProcessProxy::GetPluginProcessConnection::DelayedReply&& reply)
+bool PluginProcessManager::getPluginProcessConnection(uint64_t pluginProcessToken, Messages::WebProcessProxy::GetPluginProcessConnection::DelayedReply&& reply)
 {
     ASSERT(pluginProcessToken);
 
-    PluginProcessProxy* pluginProcess = getOrCreatePluginProcess(pluginProcessToken);
+    auto* pluginProcess = getOrCreatePluginProcess(pluginProcessToken);
+    ASSERT(pluginProcess);
+    if (!pluginProcess)
+        return false;
+
     pluginProcess->getPluginProcessConnection(WTFMove(reply));
+    return true;
 }
 
 void PluginProcessManager::removePluginProcessProxy(PluginProcessProxy* pluginProcessProxy)

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.h (256145 => 256146)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.h	2020-02-10 13:25:16 UTC (rev 256145)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Plugins/PluginProcessManager.h	2020-02-10 13:25:20 UTC (rev 256146)
@@ -57,7 +57,7 @@
 
     uint64_t pluginProcessToken(const PluginModuleInfo&, PluginProcessType, PluginProcessSandboxPolicy);
 
-    void getPluginProcessConnection(uint64_t pluginProcessToken, Messages::WebProcessProxy::GetPluginProcessConnectionDelayedReply&&);
+    bool getPluginProcessConnection(uint64_t pluginProcessToken, Messages::WebProcessProxy::GetPluginProcessConnectionDelayedReply&&);
     void removePluginProcessProxy(PluginProcessProxy*);
 
     void fetchWebsiteData(const PluginModuleInfo&, OptionSet<WebsiteDataFetchOption>, WTF::Function<void (Vector<String>)>&& completionHandler);

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebProcessProxy.cpp (256145 => 256146)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebProcessProxy.cpp	2020-02-10 13:25:16 UTC (rev 256145)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/WebProcessProxy.cpp	2020-02-10 13:25:20 UTC (rev 256146)
@@ -688,7 +688,9 @@
 #if ENABLE(NETSCAPE_PLUGIN_API)
 void WebProcessProxy::getPluginProcessConnection(uint64_t pluginProcessToken, Messages::WebProcessProxy::GetPluginProcessConnection::DelayedReply&& reply)
 {
-    PluginProcessManager::singleton().getPluginProcessConnection(pluginProcessToken, WTFMove(reply));
+    MESSAGE_CHECK(HashSet<uint64_t>::isValidValue(pluginProcessToken));
+    bool success = PluginProcessManager::singleton().getPluginProcessConnection(pluginProcessToken, WTFMove(reply));
+    MESSAGE_CHECK(success);
 }
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes