RESOLVED FIXED113030
bundle-ids need to be sanitized before using them in filesystem paths 
https://bugs.webkit.org/show_bug.cgi?id=113030
Summary bundle-ids need to be sanitized before using them in filesystem paths
Simon Cooper
Reported 2013-03-22 02:35:31 PDT
When choosing / looking for a specialized Sandbox for a Plugin the bundle-id needs to be sanitized before using it to construct a filesystem name to look up. The “/“ character should not be allowed and transformed into something else - e.g. “:”
Attachments
Patch (1.50 KB, patch)
2013-03-22 03:06 PDT, Simon Cooper 		no flags
DetailsFormatted DiffDiff
Patch (2.75 KB, patch)
2013-03-26 03:09 PDT, Simon Cooper 		no flags
DetailsFormatted DiffDiff
Patch (2.77 KB, patch)
2013-03-26 03:28 PDT, Simon Cooper 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Simon Cooper
Comment 1 2013-03-22 03:06:15 PDT
Created attachment 194493 [details] Patch
Alexey Proskuryakov
Comment 2 2013-03-22 10:03:25 PDT
Comment on attachment 194493 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=194493&action=review r- for the leak. I suggest using WTF types more here. Something like: String bundleIdentifier = CFBundleGetIdentifier(pluginBundle.get()); if (bundleIdentifier.isEmpty()) return String(); // Fold all / characters to : to prevent the plugin bundle-id from trying to escape the profile directory. bundleIdentifier.replace('/', ':'); RetainPtr<CFStringRef> sandboxFileName = adoptCF(CFStringCreateWithFormat(0, 0, CFSTR("%@.sb"), bundleIdentifier.createCFString().get())); Or you could go even further, and use String::format instead of CFStringCreateWithFormat too. > Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm:300 > + CFMutableStringRef bundleIdentifier = CFStringCreateMutableCopy(0, 0, bundleID); This allocated string needs to be released. We normally use a RetainPtr wrapper to automate it, like this: RetainPtr<CFMutableStringRef> bundleIdentifier = adoptCF(CFStringCreateMutableCopy(0, 0, bundleID)); I think that the distinction between bundleID and bundleIdentifier names is too subtle. > Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm:311 > RetainPtr<CFStringRef> sandboxFileName = CFStringCreateWithFormat(0, 0, CFSTR("%@.sb"), bundleIdentifier); This is existing code, but it also leaks. The reason is that this RetainPtr constructor retains the value, so the releases are not balanced. This line should have used adoptCF, like the one above.
Alexey Proskuryakov
Comment 3 2013-03-22 10:04:51 PDT
<rdar://problem/13300254>
Alexey Proskuryakov
Comment 4 2013-03-22 10:05:38 PDT
Oh, and the patch lacks a ChangeLog for some reason.
Simon Cooper
Comment 5 2013-03-26 03:09:15 PDT
Created attachment 195045 [details] Patch
Simon Cooper
Comment 6 2013-03-26 03:13:15 PDT
Comment on attachment 195045 [details] Patch *sigh* this attachment is not what I intended to upload.
Simon Cooper
Comment 7 2013-03-26 03:28:32 PDT
Created attachment 195047 [details] Patch
Alexey Proskuryakov
Comment 8 2013-03-26 09:53:35 PDT
Comment on attachment 195047 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=195047&action=review You didn't formally request commit queue, but since you are not a committer yet as far as I know, I'm assuming that you want the patch to be automatically landed. > Source/WebKit2/ChangeLog:12 > + filesystem name to look up. The â/â character should not be allowed > + and transformed into something else, in this case a â:â Not sure if quotation marks actually got garbled, but they certainly look garbled now. Did you use a UTF-8 aware editor?
WebKit Review Bot
Comment 9 2013-03-26 10:23:37 PDT
Comment on attachment 195047 [details] Patch Clearing flags on attachment: 195047 Committed r146902: <http://trac.webkit.org/changeset/146902>
WebKit Review Bot
Comment 10 2013-03-26 10:23:41 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.