Crash under com.apple.WebKit.Networking at WebCore: WebCore::NetworkStorageSession...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Jun 2018 16:58:18 +0000 (16:58 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Jun 2018 16:58:18 +0000 (16:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=186433
<rdar://problem/40750907>

Reviewed by Geoffrey Garen.

Do some hardening in NetworkStorageSession::hasStorageAccess() to make sure
we do not try and do a HashMap lookup with a null firstPartyDomain, as this
would crash.

* platform/network/cf/NetworkStorageSessionCFNet.cpp:
(WebCore::NetworkStorageSession::hasStorageAccess const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232720 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/network/cf/NetworkStorageSessionCFNet.cpp

index ae7f01a..c8e099d 100644 (file)
@@ -1,3 +1,18 @@
+2018-06-11  Chris Dumez  <cdumez@apple.com>
+
+        Crash under com.apple.WebKit.Networking at WebCore: WebCore::NetworkStorageSession::hasStorageAccess const
+        https://bugs.webkit.org/show_bug.cgi?id=186433
+        <rdar://problem/40750907>
+
+        Reviewed by Geoffrey Garen.
+
+        Do some hardening in NetworkStorageSession::hasStorageAccess() to make sure
+        we do not try and do a HashMap lookup with a null firstPartyDomain, as this
+        would crash.
+
+        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
+        (WebCore::NetworkStorageSession::hasStorageAccess const):
+
 2018-06-11  Zalan Bujtas  <zalan@apple.com>
 
         [LFC] Remove redundant position functions for out-of-flow elements
index 5fab809..22746f0 100644 (file)
@@ -316,11 +316,13 @@ bool NetworkStorageSession::hasStorageAccess(const String& resourceDomain, const
         }
     }
 
-    auto pagesGrantedIterator = m_pagesGrantedStorageAccess.find(pageID);
-    if (pagesGrantedIterator != m_pagesGrantedStorageAccess.end()) {
-        auto it = pagesGrantedIterator->value.find(firstPartyDomain);
-        if (it != pagesGrantedIterator->value.end() && it->value == resourceDomain)
-            return true;
+    if (!firstPartyDomain.isEmpty()) {
+        auto pagesGrantedIterator = m_pagesGrantedStorageAccess.find(pageID);
+        if (pagesGrantedIterator != m_pagesGrantedStorageAccess.end()) {
+            auto it = pagesGrantedIterator->value.find(firstPartyDomain);
+            if (it != pagesGrantedIterator->value.end() && it->value == resourceDomain)
+                return true;
+        }
     }
 
     return false;
@@ -340,6 +342,8 @@ Vector<String> NetworkStorageSession::getAllStorageAccessEntries() const
 void NetworkStorageSession::grantStorageAccess(const String& resourceDomain, const String& firstPartyDomain, std::optional<uint64_t> frameID, uint64_t pageID)
 {
     if (!frameID) {
+        if (firstPartyDomain.isEmpty())
+            return;
         auto pagesGrantedIterator = m_pagesGrantedStorageAccess.find(pageID);
         if (pagesGrantedIterator == m_pagesGrantedStorageAccess.end()) {
             HashMap<String, String> entry;