Changeset 185320 in webkit
- Timestamp:
- Jun 8, 2015 9:17:39 AM (9 years ago)
- Location:
- trunk/Source
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r185303 r185320 1 2015-06-08 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [SOUP] Performs DNS prefetch when a proxy is configured (information leak) 4 https://bugs.webkit.org/show_bug.cgi?id=145542 5 6 Reviewed by Alexey Proskuryakov. 7 8 Add template specialization for GUniquePtr<char*>. This smart pointer will free its data 9 with g_strfreev() (as opposed to g_free(), which is used for GUniquePtr<char>). 10 11 * wtf/gobject/GUniquePtr.h: 12 1 13 2015-06-05 Chris Dumez <cdumez@apple.com> 2 14 -
trunk/Source/WTF/wtf/gobject/GUniquePtr.h
r163797 r185320 44 44 macro(GDir, g_dir_close) \ 45 45 macro(GTimer, g_timer_destroy) \ 46 macro(GKeyFile, g_key_file_free) 46 macro(GKeyFile, g_key_file_free) \ 47 macro(char*, g_strfreev) 47 48 48 49 #define WTF_DEFINE_GPTR_DELETER(typeName, deleterFunc) \ -
trunk/Source/WebCore/ChangeLog
r185316 r185320 1 2015-06-08 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [SOUP] Performs DNS prefetch when a proxy is configured (information leak) 4 https://bugs.webkit.org/show_bug.cgi?id=145542 5 6 Reviewed by Alexey Proskuryakov. 7 8 No new tests, because it's hard to test whether a DNS request has been sent. We could do 9 this by adding new API to modify the GProxyResolver and GResolver used by the SoupSession in 10 the network process, but even if such API were desirable, it would be a big job. Tests 11 should not be allowed to dictate our public API. 12 13 * platform/network/DNSResolveQueue.cpp: 14 (WebCore::DNSResolveQueue::add): Do not check whether the system is using a proxy, since 15 this can't be determined for all ports here. 16 (WebCore::DNSResolveQueue::timerFired): Do not check whether the system is using a proxy, 17 since this can't be determined for all ports here. 18 (WebCore::DNSResolveQueue::DNSResolveQueue): Remove member variables and member functions 19 that are only needed by the CF backend. Rename platformResolve to 20 platformMaybeResolveHost. 21 (WebCore::DNSResolveQueue::isUsingProxy): Moved to DNSCFNet.cpp. 22 * platform/network/DNSResolveQueue.h: Remove member variables that are only needed by the 23 CF backend. 24 * platform/network/cf/DNSCFNet.cpp: 25 (WebCore::proxyIsEnabledInSystemPreferences): Renamed from 26 platformProxyIsEnabledInSystemPreferences. 27 (WebCore::isUsingProxy): Moved from DNSResolveQueue.cpp. The member variables removed from 28 DNSResolveQueue are not static here. This is safe since it's a singleton. 29 (WebCore::DNSResolveQueue::platformMaybeResolveHost): Renamed from platformResolve. 30 Bail early from here if a proxy is configured. 31 (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences): Renamed to 32 proxyIsEnabledInSystemPreferences. 33 (WebCore::DNSResolveQueue::platformResolve): Renamed to platformMaybeResolveHost. 34 * platform/network/soup/DNSSoup.cpp: 35 (WebCore::gotProxySettingsCallback): Added. Call soup_session_prefetch_dns from here only 36 if a proxy would not be used to resolve the host. 37 (WebCore::DNSResolveQueue::platformMaybeResolveHost): Renamed from platformResolve. 38 Look up proxy settings using g_proxy_resolver_lookup_async rather than calling 39 soup_session_prefetch_dns directly. 40 (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences): Deleted. 41 (WebCore::DNSResolveQueue::platformResolve): Renamed to platformMaybeResolveHost. 42 1 43 2015-06-08 Hunseop Jeong <hs85.jeong@samsung.com> 2 44 -
trunk/Source/WebCore/platform/network/DNSResolveQueue.cpp
r179409 r185320 28 28 #include "DNSResolveQueue.h" 29 29 30 #include <wtf/CurrentTime.h>31 30 #include <wtf/NeverDestroyed.h> 32 31 … … 61 60 : m_timer(*this, &DNSResolveQueue::timerFired) 62 61 , m_requestsInFlight(0) 63 , m_cachedProxyEnabledStatus(false)64 , m_lastProxyEnabledStatusCheckTime(0)65 62 { 66 }67 68 bool DNSResolveQueue::isUsingProxy()69 {70 double time = monotonicallyIncreasingTime();71 static const double minimumProxyCheckDelay = 5;72 if (time - m_lastProxyEnabledStatusCheckTime > minimumProxyCheckDelay) {73 m_lastProxyEnabledStatusCheckTime = time;74 m_cachedProxyEnabledStatus = platformProxyIsEnabledInSystemPreferences();75 }76 return m_cachedProxyEnabledStatus;77 63 } 78 64 … … 81 67 // If there are no names queued, and few enough are in flight, resolve immediately (the mouse may be over a link). 82 68 if (!m_names.size()) { 83 if (isUsingProxy())84 return;85 69 if (++m_requestsInFlight <= gNamesToResolveImmediately) { 86 platform Resolve(hostname);70 platformMaybeResolveHost(hostname); 87 71 return; 88 72 } … … 101 85 void DNSResolveQueue::timerFired() 102 86 { 103 if (isUsingProxy()) {104 m_names.clear();105 return;106 }107 108 87 int requestsAllowed = gMaxSimultaneousRequests - m_requestsInFlight; 109 88 … … 111 90 ++m_requestsInFlight; 112 91 HashSet<String>::iterator currentName = m_names.begin(); 113 platform Resolve(*currentName);92 platformMaybeResolveHost(*currentName); 114 93 m_names.remove(currentName); 115 94 } -
trunk/Source/WebCore/platform/network/DNSResolveQueue.h
r179409 r185320 51 51 DNSResolveQueue(); 52 52 53 bool isUsingProxy(); 54 55 bool platformProxyIsEnabledInSystemPreferences(); 56 void platformResolve(const String&); 53 // This function performs the actual DNS prefetch. Platforms must ensure that performing the 54 // prefetch will not violate the user's expectations of privacy; for example, if an HTTP proxy 55 // is in use, then performing a DNS lookup would be inappropriate, but this may be acceptable 56 // for other types of proxies (e.g. SOCKS proxies). 57 void platformMaybeResolveHost(const String&); 57 58 58 59 void timerFired(); … … 62 63 HashSet<String> m_names; 63 64 std::atomic<int> m_requestsInFlight; 64 bool m_cachedProxyEnabledStatus;65 double m_lastProxyEnabledStatusCheckTime;66 65 }; 67 66 -
trunk/Source/WebCore/platform/network/cf/DNSCFNet.cpp
r179409 r185320 32 32 #include "URL.h" 33 33 #include "Timer.h" 34 #include <wtf/CurrentTime.h> 34 35 #include <wtf/HashSet.h> 35 36 #include <wtf/MainThread.h> … … 49 50 namespace WebCore { 50 51 51 bool DNSResolveQueue::platformProxyIsEnabledInSystemPreferences()52 static bool proxyIsEnabledInSystemPreferences() 52 53 { 53 54 // Don't do DNS prefetch if proxies are involved. For many proxy types, the user agent is never exposed … … 76 77 } 77 78 79 static bool isUsingProxy() 80 { 81 static bool cachedProxyEnabledStatus = false; 82 static double lastProxyEnabledStatusCheckTime = 0; 83 static const double minimumProxyCheckDelay = 5; 84 double time = monotonicallyIncreasingTime(); 85 if (time - lastProxyEnabledStatusCheckTime > minimumProxyCheckDelay) { 86 lastProxyEnabledStatusCheckTime = time; 87 cachedProxyEnabledStatus = proxyIsEnabledInSystemPreferences(); 88 } 89 return cachedProxyEnabledStatus; 90 } 91 78 92 static void clientCallback(CFHostRef theHost, CFHostInfoType, const CFStreamError*, void*) 79 93 { … … 82 96 } 83 97 84 void DNSResolveQueue::platform Resolve(const String& hostname)98 void DNSResolveQueue::platformMaybeResolveHost(const String& hostname) 85 99 { 86 100 ASSERT(isMainThread()); 87 101 88 102 RetainPtr<CFHostRef> host = adoptCF(CFHostCreateWithName(0, hostname.createCFString().get())); 89 if (!host ) {103 if (!host || isUsingProxy()) { 90 104 decrementRequestCount(); 91 105 return; -
trunk/Source/WebCore/platform/network/soup/DNSSoup.cpp
r179409 r185320 1 1 /* 2 2 * Copyright (C) 2008 Apple Inc. All rights reserved. 3 * Copyright (C) 2009, 2012 Igalia S.L.3 * Copyright (C) 2009, 2012, 2015 Igalia S.L. 4 4 * 5 5 * Redistribution and use in source and binary forms, with or without … … 34 34 #include <libsoup/soup.h> 35 35 #include <wtf/MainThread.h> 36 #include <wtf/gobject/GRefPtr.h> 37 #include <wtf/gobject/GUniquePtr.h> 36 38 #include <wtf/text/CString.h> 37 39 38 40 namespace WebCore { 39 41 40 // There is no current reliable way to know if we're behind a proxy at 41 // this level. We'll have to implement it in 42 // SoupSession/SoupProxyURIResolver/GProxyResolver 43 bool DNSResolveQueue::platformProxyIsEnabledInSystemPreferences() 42 static void gotProxySettingsCallback(GObject* sourceObject, GAsyncResult* result, void* userData) 44 43 { 45 return false; 44 GProxyResolver* resolver = G_PROXY_RESOLVER(sourceObject); 45 GUniquePtr<char> hostname(static_cast<char*>(userData)); 46 GUniqueOutPtr<GError> error; 47 48 GUniquePtr<char*> uris(g_proxy_resolver_lookup_finish(resolver, result, &error.outPtr())); 49 if (error) { 50 WTFLogAlways("Error determining proxy to use for %s: %s", hostname.get(), error->message); 51 return; 52 } 53 54 // We have a list of possible proxies to use for the URI. If the first item in the list is 55 // direct:// (the usual case), then the user prefers not to use a proxy. This is similar to 56 // resolving hostnames: there could be many possibilities returned in order of preference, and 57 // if we're trying to connect we should attempt each one in order, but here we are not trying 58 // to connect, merely to decide whether a proxy "should" be used. 59 if (uris && *uris.get() && !strcmp(*uris.get(), "direct://")) { 60 soup_session_prefetch_dns(SoupNetworkSession::defaultSession().soupSession(), hostname.get(), nullptr, [](SoupAddress*, guint, void*) { 61 DNSResolveQueue::singleton().decrementRequestCount(); 62 }, nullptr); 63 } 46 64 } 47 65 48 static void resolvedCallback(SoupAddress*, guint, void*) 49 { 50 DNSResolveQueue::singleton().decrementRequestCount(); 51 } 52 53 void DNSResolveQueue::platformResolve(const String& hostname) 66 void DNSResolveQueue::platformMaybeResolveHost(const String& hostname) 54 67 { 55 68 ASSERT(isMainThread()); 56 69 57 soup_session_prefetch_dns(SoupNetworkSession::defaultSession().soupSession(), hostname.utf8().data(), nullptr, resolvedCallback, nullptr); 70 GRefPtr<GProxyResolver> resolver; 71 g_object_get(SoupNetworkSession::defaultSession().soupSession(), "proxy-resolver", &resolver.outPtr(), nullptr); 72 ASSERT_WITH_SECURITY_IMPLICATION(resolver); 73 74 char* uri = g_strdup(hostname.utf8().data()); // Freed by gotProxySettingsCallback. 75 g_proxy_resolver_lookup_async(resolver.get(), uri, nullptr, gotProxySettingsCallback, uri); 58 76 } 59 77 -
trunk/Source/WebKit2/ChangeLog
r185317 r185320 1 2015-06-08 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [SOUP] Performs DNS prefetch when a proxy is configured (information leak) 4 https://bugs.webkit.org/show_bug.cgi?id=145542 5 6 Reviewed by Alexey Proskuryakov. 7 8 Add documentation to webkit_web_context_prefetch_dns to indicate that the function does 9 nothing if the system configuration indicates we should use a proxy to resolve the host. 10 11 * UIProcess/API/gtk/WebKitWebContext.cpp: 12 1 13 2015-06-08 Carlos Garcia Campos <cgarcia@igalia.com> 2 14 -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp
r185311 r185320 1045 1045 * 1046 1046 * Resolve the domain name of the given @hostname in advance, so that if a URI 1047 * of @hostname is requested the load will be performed more quickly. 1047 * of @hostname is requested the load will be performed more quickly. This 1048 * function does nothing if the system has been configured to use a proxy to 1049 * resolve @hostname. 1048 1050 */ 1049 1051 void webkit_web_context_prefetch_dns(WebKitWebContext* context, const char* hostname)
Note: See TracChangeset
for help on using the changeset viewer.