228719 – [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present

Bug 228719 - [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present

Summary: [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to paramet...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:	228755
	Show dependency tree / graph

Reported:	2021-08-02 15:15 PDT by Chris Dumez
Modified:	2021-08-03 15:15 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (10.29 KB, patch) 2021-08-02 15:19 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (10.49 KB, patch) 2021-08-02 19:28 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (10.72 KB, patch) 2021-08-02 19:31 PDT, Chris Dumez	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2021-08-02 15:15:03 PDT

Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present, because parseStructuredFieldValue() doesn't handle parameters whose value is double-quoted.

Comment 1 Chris Dumez 2021-08-02 15:19:31 PDT

Created attachment 434793 [details]
Patch

Comment 2 Geoffrey Garen 2021-08-02 15:29:57 PDT

Comment on attachment 434793 [details]
Patch

r=me

Comment 3 Darin Adler 2021-08-02 16:03:21 PDT

Comment on attachment 434793 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434793&action=review

> Source/WebCore/platform/network/HTTPParsers.cpp:634
> +                value = header.substring(valueStart, index - valueStart).toStringWithoutCopying();

Not new, but "without copying" here does not seem right, since we move this value into a map and then return it. Why is it OK to not copy?

Comment 4 Chris Dumez 2021-08-02 19:26:32 PDT

Comment on attachment 434793 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434793&action=review

>> Source/WebCore/platform/network/HTTPParsers.cpp:634
>> +                value = header.substring(valueStart, index - valueStart).toStringWithoutCopying();
> 
> Not new, but "without copying" here does not seem right, since we move this value into a map and then return it. Why is it OK to not copy?

Yes, this looks risky. I'll use toString().

Comment 5 Chris Dumez 2021-08-02 19:28:08 PDT

Created attachment 434812 [details]
Patch

Comment 6 Chris Dumez 2021-08-02 19:31:22 PDT

Created attachment 434813 [details]
Patch

Comment 7 EWS 2021-08-02 20:53:32 PDT

Committed r280582 (240204@main): <https://commits.webkit.org/240204@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434813 [details].

Comment 8 Radar WebKit Bug Importer 2021-08-02 20:54:16 PDT

<rdar://problem/81442770>