Bug 228719 - [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present
Summary: [COOP] Cross-Origin-Opener-Policy header parsing fails when report-to paramet...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 228755
  Show dependency treegraph
 
Reported: 2021-08-02 15:15 PDT by Chris Dumez
Modified: 2021-08-03 15:15 PDT (History)
6 users (show)

See Also:


Attachments
Patch (10.29 KB, patch)
2021-08-02 15:19 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (10.49 KB, patch)
2021-08-02 19:28 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff
Patch (10.72 KB, patch)
2021-08-02 19:31 PDT, Chris Dumez
ews-feeder: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-08-02 15:15:03 PDT
Cross-Origin-Opener-Policy header parsing fails when report-to parameter is present, because parseStructuredFieldValue() doesn't handle parameters whose value is double-quoted.
Comment 1 Chris Dumez 2021-08-02 15:19:31 PDT
Created attachment 434793 [details]
Patch
Comment 2 Geoffrey Garen 2021-08-02 15:29:57 PDT
Comment on attachment 434793 [details]
Patch

r=me
Comment 3 Darin Adler 2021-08-02 16:03:21 PDT
Comment on attachment 434793 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434793&action=review

> Source/WebCore/platform/network/HTTPParsers.cpp:634
> +                value = header.substring(valueStart, index - valueStart).toStringWithoutCopying();

Not new, but "without copying" here does not seem right, since we move this value into a map and then return it. Why is it OK to not copy?
Comment 4 Chris Dumez 2021-08-02 19:26:32 PDT
Comment on attachment 434793 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=434793&action=review

>> Source/WebCore/platform/network/HTTPParsers.cpp:634
>> +                value = header.substring(valueStart, index - valueStart).toStringWithoutCopying();
> 
> Not new, but "without copying" here does not seem right, since we move this value into a map and then return it. Why is it OK to not copy?

Yes, this looks risky. I'll use toString().
Comment 5 Chris Dumez 2021-08-02 19:28:08 PDT
Created attachment 434812 [details]
Patch
Comment 6 Chris Dumez 2021-08-02 19:31:22 PDT
Created attachment 434813 [details]
Patch
Comment 7 EWS 2021-08-02 20:53:32 PDT
Committed r280582 (240204@main): <https://commits.webkit.org/240204@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434813 [details].
Comment 8 Radar WebKit Bug Importer 2021-08-02 20:54:16 PDT
<rdar://problem/81442770>