WebKit Bugzilla
Attachment 342471 Details for
Bug 186535
: Bad optional access in WebCore::ContentSecurityPolicySource::portMatches
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186535-20180611173118.patch (text/plain), 2.16 KB, created by
Michael Catanzaro
on 2018-06-11 15:31:19 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Michael Catanzaro
Created:
2018-06-11 15:31:19 PDT
Size:
2.16 KB
patch
obsolete
>Subversion Revision: 232725 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index c8e099d1e235fec314a27af5cba310fa4e4ae4e2..1e21c56b54f04cf74e8edebed878466cabe304da 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,21 @@ >+2018-06-11 Michael Catanzaro <mcatanzaro@igalia.com> >+ >+ Bad optional access in WebCore::ContentSecurityPolicySource::portMatches >+ https://bugs.webkit.org/show_bug.cgi?id=186535 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Make sure the ports have explicit values before dereferencing them. >+ >+ This is hard to test. If the layout test script-src-parsing-implicit-and-explicit-port-number >+ continues to pass for WebKitLegacy, then I have at least probably not broken anything. To >+ reproduce the crash in a layout test that I can run, I think I would need to implement >+ internals.registerDefaultPortForProtocol for modern WebKit, which is too much work for this >+ crash. Otherwise, we'd need to run the test server on port 80, which would be unfriendly. >+ >+ * page/csp/ContentSecurityPolicySource.cpp: >+ (WebCore::ContentSecurityPolicySource::portMatches const): >+ > 2018-06-11 Chris Dumez <cdumez@apple.com> > > Crash under com.apple.WebKit.Networking at WebCore: WebCore::NetworkStorageSession::hasStorageAccess const >diff --git a/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp b/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp >index 13a89630190a280268b96b99afe83e67cd6b741c..617a8ad0a3a9ef329c1954aff8ddc5b068869e90 100644 >--- a/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp >+++ b/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp >@@ -100,7 +100,7 @@ bool ContentSecurityPolicySource::portMatches(const URL& url) const > if (port == m_port) > return true; > >- if (isDefaultPortForProtocol(m_port.value(), "http") && ((!port && url.protocolIs("https")) || isDefaultPortForProtocol(port.value(), "https"))) >+ if ((m_port && isDefaultPortForProtocol(m_port.value(), "http")) && ((!port && url.protocolIs("https")) || (port && isDefaultPortForProtocol(port.value(), "https")))) > return true; > > if (!port)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342471">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186535
: 342471 |
342661