Changeset 256792 in webkit
- Timestamp:
- Feb 17, 2020 5:19:46 PM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r256790 r256792 1 2020-02-17 Alex Christensen <achristensen@webkit.org> and Pavel Feldman <pavel.feldman@gmail.com> 2 3 Ephemeral session data leaks between processes 4 https://bugs.webkit.org/show_bug.cgi?id=207404 5 6 Reviewed by Darin Adler. 7 8 If two processes with the same bundle identifier create an ephemeral WKWebsiteDataStore, we were calling 9 _CFURLStorageSessionCreate with the same string, which caused our cookies to be shared. To prevent this, 10 add a UUID to the identifier to make them truly unique. 11 12 We don't have test infrastructure for multiple UI processes at the same time, but I manually verified 13 that this fixes the bug. 14 15 * NetworkProcess/NetworkProcess.cpp: 16 (WebKit::NetworkProcess::ensureSession): 17 1 18 2020-02-17 Megan Gardner <megan_gardner@apple.com> 2 19 -
trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp
r256700 r256792 87 87 #include <wtf/ProcessPrivilege.h> 88 88 #include <wtf/RunLoop.h> 89 #include <wtf/UUID.h> 89 90 #include <wtf/UniqueRef.h> 90 91 #include <wtf/text/AtomString.h> … … 511 512 #if PLATFORM(COCOA) 512 513 RetainPtr<CFURLStorageSessionRef> storageSession; 513 RetainPtr<CFStringRef> cfIdentifier = String(identifierBase + ".PrivateBrowsing").createCFString();514 RetainPtr<CFStringRef> cfIdentifier = makeString(identifierBase, ".PrivateBrowsing.", createCanonicalUUIDString()).createCFString(); 514 515 if (sessionID.isEphemeral()) 515 516 storageSession = adoptCF(createPrivateStorageSession(cfIdentifier.get())); -
trunk/Source/WebKitLegacy/ChangeLog
r256731 r256792 1 2020-02-17 Alex Christensen <achristensen@webkit.org> and Pavel Feldman <pavel.feldman@gmail.com> 2 3 Ephemeral session data leaks between processes 4 https://bugs.webkit.org/show_bug.cgi?id=207404 5 6 Reviewed by Darin Adler. 7 8 * WebCoreSupport/NetworkStorageSessionMap.cpp: 9 (NetworkStorageSessionMap::ensureSession): 10 1 11 2020-02-17 Don Olmstead <don.olmstead@sony.com> 2 12 -
trunk/Source/WebKitLegacy/WebCoreSupport/NetworkStorageSessionMap.cpp
r248846 r256792 31 31 #include <wtf/ProcessID.h> 32 32 #include <wtf/ProcessPrivilege.h> 33 #include <wtf/UUID.h> 33 34 #include <wtf/text/StringConcatenateNumbers.h> 34 35 … … 86 87 return; 87 88 88 RetainPtr<CFStringRef> cfIdentifier = String(identifierBase + ".PrivateBrowsing").createCFString();89 RetainPtr<CFStringRef> cfIdentifier = makeString(identifierBase, ".PrivateBrowsing.", createCanonicalUUIDString()).createCFString(); 89 90 90 91 RetainPtr<CFURLStorageSessionRef> storageSession;
Note: See TracChangeset
for help on using the changeset viewer.