Changeset 288320 in webkit

Timestamp:

Jan 20, 2022 1:26:43 PM (2 years ago)

Author:

Russell Epstein

Message:

Cherry-pick r288078. rdar://problem/87662271

database names leak cross-origin within the same browser session
​https://bugs.webkit.org/show_bug.cgi?id=233548

Reviewed by Geoff Garen.

Source/WebCore:

Test: http/tests/security/getdatabases-crossorigin.html

• Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open UniqueIDBDatabases, only add them to the results list if their origins match.

• page/ClientOrigin.h: (WebCore::ClientOrigin::operator!= const):

LayoutTests:

• http/tests/security/getdatabases-crossorigin-expected.txt: Added.
• http/tests/security/getdatabases-crossorigin.html: Added.
• http/tests/security/resources/getdatabases-otherframe.html: Added.
• http/tests/security/resources/getdatabases-otherwindow.html: Added.

git-svn-id: ​https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Location:

branches/safari-613-branch

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/getdatabases-crossorigin-expected.txt (added)
• LayoutTests/http/tests/security/getdatabases-crossorigin.html (added)
• LayoutTests/http/tests/security/resources/getdatabases-otherframe.html (added)
• LayoutTests/http/tests/security/resources/getdatabases-otherwindow.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/indexeddb/server/IDBServer.cpp (modified) (1 diff)
• Source/WebCore/page/ClientOrigin.h (modified) (1 diff)

branches/safari-613-branch/LayoutTests/ChangeLog

@@ +1 @@
+2022-01-20  Russell Epstein  <repstein@apple.com>
+
+        Cherry-pick r288078. rdar://problem/87662271
+
+    database names leak cross-origin within the same browser session
+    https://bugs.webkit.org/show_bug.cgi?id=233548
+    
+    Reviewed by Geoff Garen.
+    
+    Source/WebCore:
+    
+    Test: http/tests/security/getdatabases-crossorigin.html
+    
+    * Modules/indexeddb/server/IDBServer.cpp:
+    (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+      UniqueIDBDatabases, only add them to the results list if their origins match.
+    
+    * page/ClientOrigin.h:
+    (WebCore::ClientOrigin::operator!= const):
+    
+    LayoutTests:
+    
+    * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+    * http/tests/security/getdatabases-crossorigin.html: Added.
+    * http/tests/security/resources/getdatabases-otherframe.html: Added.
+    * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-01-16  Brady Eidson  <beidson@apple.com>
+
+            database names leak cross-origin within the same browser session
+            https://bugs.webkit.org/show_bug.cgi?id=233548
+
+            Reviewed by Geoff Garen.
+
+            * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+            * http/tests/security/getdatabases-crossorigin.html: Added.
+            * http/tests/security/resources/getdatabases-otherframe.html: Added.
+            * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+
 2022-01-10  Carlos Garcia Campos  <cgarcia@igalia.com>
 

branches/safari-613-branch/Source/WebCore/ChangeLog

@@ +1 @@
+2022-01-20  Russell Epstein  <repstein@apple.com>
+
+        Cherry-pick r288078. rdar://problem/87662271
+
+    database names leak cross-origin within the same browser session
+    https://bugs.webkit.org/show_bug.cgi?id=233548
+    
+    Reviewed by Geoff Garen.
+    
+    Source/WebCore:
+    
+    Test: http/tests/security/getdatabases-crossorigin.html
+    
+    * Modules/indexeddb/server/IDBServer.cpp:
+    (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+      UniqueIDBDatabases, only add them to the results list if their origins match.
+    
+    * page/ClientOrigin.h:
+    (WebCore::ClientOrigin::operator!= const):
+    
+    LayoutTests:
+    
+    * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+    * http/tests/security/getdatabases-crossorigin.html: Added.
+    * http/tests/security/resources/getdatabases-otherframe.html: Added.
+    * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-01-16  Brady Eidson  <beidson@apple.com>
+
+            database names leak cross-origin within the same browser session
+            https://bugs.webkit.org/show_bug.cgi?id=233548
+
+            Reviewed by Geoff Garen.
+
+            Test: http/tests/security/getdatabases-crossorigin.html
+
+            * Modules/indexeddb/server/IDBServer.cpp:
+            (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+              UniqueIDBDatabases, only add them to the results list if their origins match.
+
+            * page/ClientOrigin.h:
+            (WebCore::ClientOrigin::operator!= const):
+
 2022-01-11  Russell Epstein  <repstein@apple.com>
 

branches/safari-613-branch/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp

@@ -531 +531 @@
 
     for (auto& database : m_uniqueIDBDatabaseMap.values()) {
+        if (database->identifier().origin() != origin)
+            continue;
+
         auto path = database->filePath();
         if (!path.isEmpty())

branches/safari-613-branch/Source/WebCore/page/ClientOrigin.h

@@ -38 +38 @@
     unsigned hash() const;
     bool operator==(const ClientOrigin&) const;
+    bool operator!=(const ClientOrigin& other) const { return !(*this == other); }
 
     template<class Encoder> void encode(Encoder&) const;