[webkit-changes] [256595] releases/WebKitGTK/webkit-2.26/Source/WebCore

[carlosgc]

Title: [256595] releases/WebKitGTK/webkit-2.26/Source/WebCore

Revision

256595

Author

carlo...@webkit.org

Date

2020-02-14 01:40:25 -0800 (Fri, 14 Feb 2020)

Log Message

Merge r253662 - Limit URL to reasonable size
https://bugs.webkit.org/show_bug.cgi?id=203825
<rdar://problem/56878680>

Reviewed by Ryosuke Niwa.

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canDisplay const): Place an upper bound on the amount of
memory a URL may consume.

Modified Paths

• releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.26/Source/WebCore/page/SecurityOrigin.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (256594 => 256595)

--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2020-02-14 09:40:21 UTC (rev 256594)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2020-02-14 09:40:25 UTC (rev 256595)
@@ -1,3 +1,15 @@
+2019-12-17  Brent Fulgham  <bfulg...@apple.com>
+
+        Limit URL to reasonable size
+        https://bugs.webkit.org/show_bug.cgi?id=203825
+        <rdar://problem/56878680>
+
+        Reviewed by Ryosuke Niwa.
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canDisplay const): Place an upper bound on the amount of
+        memory a URL may consume.
+
 2020-01-08  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         Fix specification violation in Font Loading API

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/page/SecurityOrigin.cpp (256594 => 256595)

--- releases/WebKitGTK/webkit-2.26/Source/WebCore/page/SecurityOrigin.cpp	2020-02-14 09:40:21 UTC (rev 256594)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/page/SecurityOrigin.cpp	2020-02-14 09:40:25 UTC (rev 256595)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -45,6 +45,8 @@
 
 namespace WebCore {
 
+constexpr unsigned maximumURLSize = 0x8000;
+
 static bool schemeRequiresHost(const URL& url)
 {
     // We expect URLs with these schemes to have authority components. If the
@@ -356,6 +358,9 @@
     if (m_universalAccess)
         return true;
 
+    if (url.pathEnd() > maximumURLSize)
+        return false;
+
 #if !PLATFORM(IOS_FAMILY) && !ENABLE(BUBBLEWRAP_SANDBOX)
     if (m_data.protocol == "file" && url.isLocalFile() && !FileSystem::filesHaveSameVolume(m_filePath, url.fileSystemPath()))
         return false;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes