NetworkConnectionToWebProcess::domCookiesForHost should validate its `host` parameter
authorddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Mar 2020 05:13:27 +0000 (05:13 +0000)
committerddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Mar 2020 05:13:27 +0000 (05:13 +0000)
<https://webkit.org/b/209612>
<rdar://problem/60097830>

Reviewed by Alex Christensen.

* NetworkProcess/NetworkConnectionToWebProcess.cpp:
(NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION):
- Define/undef macro for killing WebContent process when an
  invalid IPC message is received.
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
- Use NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION) to validate
  `host` parameter.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259105 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

index aa3bd40..49b657d 100644 (file)
@@ -1,3 +1,19 @@
+2020-03-26  David Kilzer  <ddkilzer@apple.com>
+
+        NetworkConnectionToWebProcess::domCookiesForHost should validate its `host` parameter
+        <https://webkit.org/b/209612>
+        <rdar://problem/60097830>
+
+        Reviewed by Alex Christensen.
+
+        * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+        (NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION):
+        - Define/undef macro for killing WebContent process when an
+          invalid IPC message is received.
+        (WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
+        - Use NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION) to validate
+          `host` parameter.
+
 2020-03-26  Chris Dumez  <cdumez@apple.com>
 
         REGRESSION: Unable to show Web Inspector on empty tabs in Safari
 2020-03-26  Chris Dumez  <cdumez@apple.com>
 
         REGRESSION: Unable to show Web Inspector on empty tabs in Safari
index d48d910..d2e037f 100644 (file)
 #undef RELEASE_LOG_IF_ALLOWED
 #define RELEASE_LOG_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_IF(m_sessionID.isAlwaysOnLoggingAllowed(), channel, "%p - NetworkConnectionToWebProcess::" fmt, this, ##__VA_ARGS__)
 
 #undef RELEASE_LOG_IF_ALLOWED
 #define RELEASE_LOG_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_IF(m_sessionID.isAlwaysOnLoggingAllowed(), channel, "%p - NetworkConnectionToWebProcess::" fmt, this, ##__VA_ARGS__)
 
+#define NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(assertion, completion) do { \
+    ASSERT(assertion); \
+    if (UNLIKELY(!(assertion))) { \
+        m_networkProcess->parentProcessConnection()->send(Messages::NetworkProcessProxy::TerminateWebProcess(m_webProcessIdentifier), 0); \
+        { completion; } \
+        return; \
+    } \
+} while (0)
+
 namespace WebKit {
 using namespace WebCore;
 
 namespace WebKit {
 using namespace WebCore;
 
@@ -664,6 +673,8 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c
 
 void NetworkConnectionToWebProcess::domCookiesForHost(const String& host, bool subscribeToCookieChangeNotifications, CompletionHandler<void(const Vector<WebCore::Cookie>&)>&& completionHandler)
 {
 
 void NetworkConnectionToWebProcess::domCookiesForHost(const String& host, bool subscribeToCookieChangeNotifications, CompletionHandler<void(const Vector<WebCore::Cookie>&)>&& completionHandler)
 {
+    NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ }));
+
     auto* networkStorageSession = storageSession();
     if (!networkStorageSession)
         return completionHandler({ });
     auto* networkStorageSession = storageSession();
     if (!networkStorageSession)
         return completionHandler({ });
@@ -1104,3 +1115,5 @@ void NetworkConnectionToWebProcess::checkProcessLocalPortForActivity(const Messa
 }
 
 } // namespace WebKit
 }
 
 } // namespace WebKit
+
+#undef NETWORK_PROCESS_MESSAGE_CHECK_COMPLETION