Changeset 138676 in webkit


Ignore:
Timestamp:
Jan 2, 2013, 4:26:37 PM (12 years ago)
Author:
ap@apple.com
Message:

[WK2 NetworkProcess] Uploading fails if a client modified the request
https://bugs.webkit.org/show_bug.cgi?id=105965

Reviewed by Brady Eidson.

Associating streams with additional information via a side HashMap does not work,
because the stream we can see is an internal one, with address and other information
not matching a stream that we created.

It's surprising that this design issue was not causing major trouble without NetworkProcess.

  • platform/network/cf/FormDataStreamCFNet.cpp: (WebCore): Renamed FormContext to FormCreationContext, because this type only used for creation. Later, we use FormStreamFields as context. (WebCore::closeCurrentStream): Moved a star. (WebCore::formCreate): We no longer have a side map to keep updated. (WebCore::formFinalize): Ditto. (WebCore::formCopyProperty): Added an accessor to get FormData pointer from a stream. (WebCore::setHTTPBody): Ditto. (WebCore::httpBodyFromStream): Use the new property to get FormData pointer.
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r138674 r138676  
     12013-01-02  Alexey Proskuryakov  <ap@apple.com>
     2
     3        [WK2 NetworkProcess] Uploading fails if a client modified the request
     4        https://bugs.webkit.org/show_bug.cgi?id=105965
     5
     6        Reviewed by Brady Eidson.
     7
     8        Associating streams with additional information via a side HashMap does not work,
     9        because the stream we can see is an internal one, with address and other information
     10        not matching a stream that we created.
     11
     12        It's surprising that this design issue was not causing major trouble without NetworkProcess.
     13
     14        * platform/network/cf/FormDataStreamCFNet.cpp:
     15        (WebCore): Renamed FormContext to FormCreationContext, because this type only used
     16        for creation. Later, we use FormStreamFields as context.
     17        (WebCore::closeCurrentStream): Moved a star.
     18        (WebCore::formCreate): We no longer have a side map to keep updated.
     19        (WebCore::formFinalize): Ditto.
     20        (WebCore::formCopyProperty): Added an accessor to get FormData pointer from a stream.
     21        (WebCore::setHTTPBody): Ditto.
     22        (WebCore::httpBodyFromStream): Use the new property to get FormData pointer.
     23
    1242013-01-02  Elliott Sprehn  <esprehn@chromium.org>
    225

  • trunk/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp

    r134262 r138676  
    8787namespace WebCore {
    8888
    89 static Mutex& streamFieldsMapMutex()
    90 {
    91     DEFINE_STATIC_LOCAL(Mutex, staticMutex, ());
    92     return staticMutex;
    93 }
    94 
    9589static void formEventCallback(CFReadStreamRef stream, CFStreamEventType type, void* context);
    9690
    97 struct FormContext {
     91static CFStringRef formDataPointerPropertyName = CFSTR("WebKitFormDataPointer");
     92
     93struct FormCreationContext {
    9894    RefPtr<FormData> formData;
    9995    unsigned long long streamLength;
     
    114110};
    115111
    116 typedef HashMap<CFReadStreamRef, FormStreamFields*> StreamFieldsMap;
    117 static StreamFieldsMap& streamFieldsMap()
    118 {
    119     DEFINE_STATIC_LOCAL(StreamFieldsMap, streamFieldsMap, ());
    120     return streamFieldsMap;
    121 }
    122 
    123 static void closeCurrentStream(FormStreamFields *form)
     112static void closeCurrentStream(FormStreamFields* form)
    124113{
    125114    if (form->currentStream) {
     
    206195static void* formCreate(CFReadStreamRef stream, void* context)
    207196{
    208     FormContext* formContext = static_cast<FormContext*>(context);
     197    FormCreationContext* formContext = static_cast<FormCreationContext*>(context);
    209198
    210199    FormStreamFields* newInfo = new FormStreamFields;
     
    225214        newInfo->remainingElements.append(newInfo->formData->elements()[size - i - 1]);
    226215
    227     MutexLocker locker(streamFieldsMapMutex());
    228     ASSERT(!streamFieldsMap().contains(stream));
    229     streamFieldsMap().add(stream, newInfo);
    230 
    231216    return newInfo;
    232217}
     
    242227{
    243228    FormStreamFields* form = static_cast<FormStreamFields*>(context);
    244 
    245     MutexLocker locker(streamFieldsMapMutex());
    246 
    247229    ASSERT(form->formStream == stream);
    248     ASSERT(streamFieldsMap().get(stream) == context);
    249 
    250     // Do this right away because the CFReadStreamRef is being deallocated.
    251     // We can't wait to remove this from the map until we finish finalizing
    252     // on the main thread because in theory the freed memory could be reused
    253     // for a new CFReadStream before that runs.
    254     streamFieldsMap().remove(stream);
    255230
    256231    callOnMainThread(formFinishFinalizationOnMainThread, form);
     
    326301
    327302    closeCurrentStream(form);
     303}
     304
     305static CFTypeRef formCopyProperty(CFReadStreamRef, CFStringRef propertyName, void *context)
     306{
     307    FormStreamFields* form = static_cast<FormStreamFields*>(context);
     308
     309    if (kCFCompareEqualTo != CFStringCompare(propertyName, formDataPointerPropertyName, 0))
     310        return 0;
     311
     312    long formDataAsNumber = static_cast<long>(reinterpret_cast<intptr_t>(form->formData.get()));
     313    return CFNumberCreate(0, kCFNumberLongType, &formDataAsNumber);
    328314}
    329315
     
    427413
    428414    // Pass the length along with the formData so it does not have to be recomputed.
    429     FormContext formContext = { formData.release(), length };
    430 
    431     CFReadStreamCallBacksV1 callBacks = { 1, formCreate, formFinalize, 0, formOpen, 0, formRead, 0, formCanRead, formClose, 0, 0, 0, formSchedule, formUnschedule
     415    FormCreationContext formContext = { formData.release(), length };
     416
     417    CFReadStreamCallBacksV1 callBacks = { 1, formCreate, formFinalize, 0, formOpen, 0, formRead, 0, formCanRead, formClose, formCopyProperty, 0, 0, formSchedule, formUnschedule
    432418    };
    433419    RetainPtr<CFReadStreamRef> stream = adoptCF(CFReadStreamCreate(0, static_cast<const void*>(&callBacks), &formContext));
     
    441427        return 0;
    442428
    443     MutexLocker locker(streamFieldsMapMutex());
    444     FormStreamFields* formStream = streamFieldsMap().get(stream);
    445     if (!formStream)
     429    // Passing the pointer as property appears to be the only way to associate a stream with FormData.
     430    // A new stream is always created in CFURLRequestCopyHTTPRequestBodyStream (or -[NSURLRequest HTTPBodyStream]),
     431    // so a side HashMap wouldn't work.
     432    // Even the stream's context pointer is different from the one we returned from formCreate().
     433
     434    RetainPtr<CFNumberRef> formDataPointerAsCFNumber = adoptCF(static_cast<CFNumberRef>(CFReadStreamCopyProperty(stream, formDataPointerPropertyName)));
     435    if (!formDataPointerAsCFNumber)
    446436        return 0;
    447     return formStream->formData.get();
     437
     438    long formDataPointerAsNumber;
     439    if (!CFNumberGetValue(formDataPointerAsCFNumber.get(), kCFNumberLongType, &formDataPointerAsNumber))
     440        return 0;
     441
     442    return reinterpret_cast<FormData*>(static_cast<intptr_t>(formDataPointerAsNumber));
    448443}
    449444
Note: See TracChangeset for help on using the changeset viewer.