Changeset 256792 in webkit

Timestamp:

Feb 17, 2020 5:19:46 PM (4 years ago)

Author:

achristensen@apple.com

Message:

Ephemeral session data leaks between processes
​https://bugs.webkit.org/show_bug.cgi?id=207404

Patch by Alex Christensen <​achristensen@webkit.org> and Pavel Feldman <​pavel.feldman@gmail.com> on 2020-02-17
Reviewed by Darin Adler.

Source/WebKit:

If two processes with the same bundle identifier create an ephemeral WKWebsiteDataStore, we were calling
_CFURLStorageSessionCreate with the same string, which caused our cookies to be shared. To prevent this,
add a UUID to the identifier to make them truly unique.

We don't have test infrastructure for multiple UI processes at the same time, but I manually verified
that this fixes the bug.

• NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::ensureSession):

Source/WebKitLegacy:

• WebCoreSupport/NetworkStorageSessionMap.cpp:

(NetworkStorageSessionMap::ensureSession):

Location:

trunk/Source

Files:

• WebKit/ChangeLog (modified) (1 diff)
• WebKit/NetworkProcess/NetworkProcess.cpp (modified) (2 diffs)
• WebKitLegacy/ChangeLog (modified) (1 diff)
• WebKitLegacy/WebCoreSupport/NetworkStorageSessionMap.cpp (modified) (2 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-17  Alex Christensen  <achristensen@webkit.org> and Pavel Feldman <pavel.feldman@gmail.com>
+
+        Ephemeral session data leaks between processes
+        https://bugs.webkit.org/show_bug.cgi?id=207404
+
+        Reviewed by Darin Adler.
+
+        If two processes with the same bundle identifier create an ephemeral WKWebsiteDataStore, we were calling
+        _CFURLStorageSessionCreate with the same string, which caused our cookies to be shared.  To prevent this,
+        add a UUID to the identifier to make them truly unique.
+
+        We don't have test infrastructure for multiple UI processes at the same time, but I manually verified
+        that this fixes the bug.
+
+        * NetworkProcess/NetworkProcess.cpp:
+        (WebKit::NetworkProcess::ensureSession):
+
 2020-02-17  Megan Gardner  <megan_gardner@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp

@@ -87 +87 @@
 #include <wtf/ProcessPrivilege.h>
 #include <wtf/RunLoop.h>
+#include <wtf/UUID.h>
 #include <wtf/UniqueRef.h>
 #include <wtf/text/AtomString.h>
@@ -511 +512 @@
 #if PLATFORM(COCOA)
     RetainPtr<CFURLStorageSessionRef> storageSession;
-    RetainPtr<CFStringRef> cfIdentifier = String(identifierBase + ".PrivateBrowsing").createCFString();
+    RetainPtr<CFStringRef> cfIdentifier = makeString(identifierBase, ".PrivateBrowsing.", createCanonicalUUIDString()).createCFString();
     if (sessionID.isEphemeral())
         storageSession = adoptCF(createPrivateStorageSession(cfIdentifier.get()));

trunk/Source/WebKitLegacy/ChangeLog

@@ +1 @@
+2020-02-17  Alex Christensen  <achristensen@webkit.org> and Pavel Feldman <pavel.feldman@gmail.com>
+
+        Ephemeral session data leaks between processes
+        https://bugs.webkit.org/show_bug.cgi?id=207404
+
+        Reviewed by Darin Adler.
+
+        * WebCoreSupport/NetworkStorageSessionMap.cpp:
+        (NetworkStorageSessionMap::ensureSession):
+
 2020-02-17  Don Olmstead  <don.olmstead@sony.com>
 

trunk/Source/WebKitLegacy/WebCoreSupport/NetworkStorageSessionMap.cpp

@@ -31 +31 @@
 #include <wtf/ProcessID.h>
 #include <wtf/ProcessPrivilege.h>
+#include <wtf/UUID.h>
 #include <wtf/text/StringConcatenateNumbers.h>
 
@@ -86 +87 @@
         return;
 
-    RetainPtr<CFStringRef> cfIdentifier = String(identifierBase + ".PrivateBrowsing").createCFString();
+    RetainPtr<CFStringRef> cfIdentifier = makeString(identifierBase, ".PrivateBrowsing.", createCanonicalUUIDString()).createCFString();
 
     RetainPtr<CFURLStorageSessionRef> storageSession;