Changeset 288078 in webkit

Timestamp:

Jan 16, 2022 7:35:16 PM (2 years ago)

Author:

beidson@apple.com

Message:

database names leak cross-origin within the same browser session
​https://bugs.webkit.org/show_bug.cgi?id=233548

Reviewed by Geoff Garen.

Source/WebCore:

Test: http/tests/security/getdatabases-crossorigin.html

• Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open

UniqueIDBDatabases, only add them to the results list if their origins match.

• page/ClientOrigin.h:

(WebCore::ClientOrigin::operator!= const):

LayoutTests:

• http/tests/security/getdatabases-crossorigin-expected.txt: Added.
• http/tests/security/getdatabases-crossorigin.html: Added.
• http/tests/security/resources/getdatabases-otherframe.html: Added.
• http/tests/security/resources/getdatabases-otherwindow.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/getdatabases-crossorigin-expected.txt (added)
• LayoutTests/http/tests/security/getdatabases-crossorigin.html (added)
• LayoutTests/http/tests/security/resources/getdatabases-otherframe.html (added)
• LayoutTests/http/tests/security/resources/getdatabases-otherwindow.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/indexeddb/server/IDBServer.cpp (modified) (1 diff)
• Source/WebCore/page/ClientOrigin.h (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2022-01-16  Brady Eidson  <beidson@apple.com>
+
+        database names leak cross-origin within the same browser session
+        https://bugs.webkit.org/show_bug.cgi?id=233548
+
+        Reviewed by Geoff Garen.
+
+        * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+        * http/tests/security/getdatabases-crossorigin.html: Added.
+        * http/tests/security/resources/getdatabases-otherframe.html: Added.
+        * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+
 2022-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2022-01-16  Brady Eidson  <beidson@apple.com>
+
+        database names leak cross-origin within the same browser session
+        https://bugs.webkit.org/show_bug.cgi?id=233548
+
+        Reviewed by Geoff Garen.
+
+        Test: http/tests/security/getdatabases-crossorigin.html
+
+        * Modules/indexeddb/server/IDBServer.cpp:
+        (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+          UniqueIDBDatabases, only add them to the results list if their origins match.
+           
+        * page/ClientOrigin.h:
+        (WebCore::ClientOrigin::operator!= const):
+
 2022-01-16  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp

@@ -531 +531 @@
 
     for (auto& database : m_uniqueIDBDatabaseMap.values()) {
+        if (database->identifier().origin() != origin)
+            continue;
+
         auto path = database->filePath();
         if (!path.isEmpty())

trunk/Source/WebCore/page/ClientOrigin.h

@@ -38 +38 @@
     unsigned hash() const;
     bool operator==(const ClientOrigin&) const;
+    bool operator!=(const ClientOrigin& other) const { return !(*this == other); }
 
     template<class Encoder> void encode(Encoder&) const;