Protect WebSWServerConnection::scheduleJobInServer from bad scopeURL
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Feb 2020 01:54:59 +0000 (01:54 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Feb 2020 01:54:59 +0000 (01:54 +0000)
https://bugs.webkit.org/show_bug.cgi?id=207722

Reviewed by Chris Dumez.

* NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::scheduleJobInServer):
In case of bad scope, fail the job early on.
* WebProcess/Storage/WebSWClientConnection.cpp:
(WebKit::WebSWClientConnection::scheduleJobInServer):
Remove the RELEASE_ASSERT from now since we defend in Network process.
We will add it back in ServiceWorkerRegistration::getOrCreate as a follow-up.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256578 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp

index 40bd9a5..3d0aa94 100644 (file)
@@ -1,3 +1,18 @@
+2020-02-13  Youenn Fablet  <youenn@apple.com>
+
+        Protect WebSWServerConnection::scheduleJobInServer from bad scopeURL
+        https://bugs.webkit.org/show_bug.cgi?id=207722
+
+        Reviewed by Chris Dumez.
+
+        * NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
+        (WebKit::WebSWServerConnection::scheduleJobInServer):
+        In case of bad scope, fail the job early on.
+        * WebProcess/Storage/WebSWClientConnection.cpp:
+        (WebKit::WebSWClientConnection::scheduleJobInServer):
+        Remove the RELEASE_ASSERT from now since we defend in Network process.
+        We will add it back in ServiceWorkerRegistration::getOrCreate as a follow-up.
+
 2020-02-13  Ben Nham  <nham@apple.com>
 
         Flash of white can occur if JS forces an early layout
index ab6fe29..c491c00 100644 (file)
@@ -272,6 +272,12 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
 
 void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData)
 {
+    ASSERT(!jobData.scopeURL.isNull());
+    if (jobData.scopeURL.isNull()) {
+        rejectJobInClient(jobData.identifier().jobIdentifier, ExceptionData { InvalidStateError, "Scope URL is empty"_s });
+        return;
+    }
+
     SWSERVERCONNECTION_RELEASE_LOG_IF_ALLOWED("Scheduling ServiceWorker job %s in server", jobData.identifier().loggingString().utf8().data());
     ASSERT(identifier() == jobData.connectionIdentifier());
 
index 6af6ffb..50a2e1d 100644 (file)
@@ -73,7 +73,6 @@ IPC::Connection* WebSWClientConnection::messageSenderConnection() const
 
 void WebSWClientConnection::scheduleJobInServer(const ServiceWorkerJobData& jobData)
 {
-    RELEASE_ASSERT(!jobData.scopeURL.isNull());
     runOrDelayTaskForImport([this, jobData] {
         send(Messages::WebSWServerConnection::ScheduleJobInServer { jobData });
     });