Title: [259105] trunk/Source/WebKit
- Revision
- 259105
- Author
- ddkil...@apple.com
- Date
- 2020-03-26 22:13:27 -0700 (Thu, 26 Mar 2020)
Log Message
NetworkConnectionToWebProcess::domCookiesForHost should validate its `host` parameter
<https://webkit.org/b/209612>
<rdar://problem/60097830>
Reviewed by Alex Christensen.
* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION):
- Define/undef macro for killing WebContent process when an
invalid IPC message is received.
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
- Use NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION) to validate
`host` parameter.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (259104 => 259105)
--- trunk/Source/WebKit/ChangeLog 2020-03-27 04:31:02 UTC (rev 259104)
+++ trunk/Source/WebKit/ChangeLog 2020-03-27 05:13:27 UTC (rev 259105)
@@ -1,3 +1,19 @@
+2020-03-26 David Kilzer <ddkil...@apple.com>
+
+ NetworkConnectionToWebProcess::domCookiesForHost should validate its `host` parameter
+ <https://webkit.org/b/209612>
+ <rdar://problem/60097830>
+
+ Reviewed by Alex Christensen.
+
+ * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+ (NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION):
+ - Define/undef macro for killing WebContent process when an
+ invalid IPC message is received.
+ (WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
+ - Use NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION) to validate
+ `host` parameter.
+
2020-03-26 Chris Dumez <cdu...@apple.com>
REGRESSION: Unable to show Web Inspector on empty tabs in Safari
Modified: trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp (259104 => 259105)
--- trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp 2020-03-27 04:31:02 UTC (rev 259104)
+++ trunk/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp 2020-03-27 05:13:27 UTC (rev 259105)
@@ -83,6 +83,15 @@
#undef RELEASE_LOG_IF_ALLOWED
#define RELEASE_LOG_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_IF(m_sessionID.isAlwaysOnLoggingAllowed(), channel, "%p - NetworkConnectionToWebProcess::" fmt, this, ##__VA_ARGS__)
+#define NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(assertion, completion) do { \
+ ASSERT(assertion); \
+ if (UNLIKELY(!(assertion))) { \
+ m_networkProcess->parentProcessConnection()->send(Messages::NetworkProcessProxy::TerminateWebProcess(m_webProcessIdentifier), 0); \
+ { completion; } \
+ return; \
+ } \
+} while (0)
+
namespace WebKit {
using namespace WebCore;
@@ -664,6 +673,8 @@
void NetworkConnectionToWebProcess::domCookiesForHost(const String& host, bool subscribeToCookieChangeNotifications, CompletionHandler<void(const Vector<WebCore::Cookie>&)>&& completionHandler)
{
+ NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ }));
+
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
return completionHandler({ });
@@ -1104,3 +1115,5 @@
}
} // namespace WebKit
+
+#undef NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
