diff options
author | Michael Catanzaro <mcatanzaro@gnome.org> | 2017-02-01 21:43:01 -0600 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@gnome.org> | 2017-02-01 22:21:45 -0600 |
commit | 2b0cf9aee2347c948c22578252d5a29d1856b956 (patch) | |
tree | 9c5561cc34a328d1b385a207cbba0b4a5a34fa0d | |
parent | f3f29da094841988c50094d8b6251d109eb473af (diff) | |
download | epiphany-2b0cf9aee2347c948c22578252d5a29d1856b956.tar.gz |
Fix impedance mismatch between web extension and form auth data cache
Using just host is not sufficient, we need to have protocol and port as
well for matching based on security origin to work properly.
Unfortunately the existing code here was full of subtle errors: the
parameters named "uri" were actually passed hostnames from the web
extension, and not URIs at all. The code only worked as long as that
assumption held, but I broke it because I expected the URI parameters to
actually contain URIs. So fix this. Really pass URIs and not hostnames,
and properly convert them to security origins.
Thanks to Hussam for reporting this bug so quickly after it was
introduced. (As well as lots of other bugs in the past that I've rarely
credited him for in commit messages.)
https://bugzilla.gnome.org/show_bug.cgi?id=752738
-rw-r--r-- | embed/web-extension/ephy-web-extension.c | 24 | ||||
-rw-r--r-- | lib/ephy-form-auth-data.c | 31 |
2 files changed, 27 insertions, 28 deletions
diff --git a/embed/web-extension/ephy-web-extension.c b/embed/web-extension/ephy-web-extension.c index d528fe0fc..003f9ba32 100644 --- a/embed/web-extension/ephy-web-extension.c +++ b/embed/web-extension/ephy-web-extension.c @@ -213,15 +213,15 @@ store_password (EphyEmbedFormAuth *form_auth) username_field_value, password_field_value, NULL, NULL); - g_free (uri_str); /* Update internal caching */ ephy_form_auth_data_cache_add (extension->form_auth_data_cache, - uri->host, + uri_str, username_field_name, password_field_name, username_field_value); + g_free (uri_str); g_free (username_field_name); g_free (username_field_value); g_free (password_field_name); @@ -434,14 +434,15 @@ pre_fill_form (EphyEmbedFormAuth *form_auth) return; extension = ephy_web_extension_get (); - form_auth_data_list = ephy_form_auth_data_cache_get_list (extension->form_auth_data_cache, uri->host); + uri_str = soup_uri_to_string (uri, FALSE); + form_auth_data_list = ephy_form_auth_data_cache_get_list (extension->form_auth_data_cache, uri_str); l = g_slist_find_custom (form_auth_data_list, form_auth, (GCompareFunc)ephy_form_auth_data_compare); - if (!l) + if (!l) { + g_free (uri_str); return; + } form_data = (EphyFormAuthData *)l->data; - uri_str = soup_uri_to_string (uri, FALSE); - username_node = ephy_embed_form_auth_get_username_node (form_auth); if (username_node) g_object_get (username_node, "value", &username, NULL); @@ -955,8 +956,7 @@ web_page_document_loaded (WebKitWebPage *web_page, if (ephy_web_dom_utils_find_form_auth_elements (form, &username_node, &password_node)) { EphyEmbedFormAuth *form_auth; GSList *auth_data_list; - const char *uri_string; - SoupURI *uri; + const char *uri; LOG ("Hooking and pre-filling a form"); @@ -972,12 +972,8 @@ web_page_document_loaded (WebKitWebPage *web_page, } /* Plug in the user autocomplete */ - uri_string = webkit_web_page_get_uri (web_page); - uri = soup_uri_new (uri_string); - - auth_data_list = ephy_form_auth_data_cache_get_list (extension->form_auth_data_cache, uri->host); - - soup_uri_free (uri); + uri = webkit_web_page_get_uri (web_page); + auth_data_list = ephy_form_auth_data_cache_get_list (extension->form_auth_data_cache, uri); if (auth_data_list && auth_data_list->next && username_node) { LOG ("More than 1 password saved, hooking menu for choosing which on focus"); diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c index 1b8e90df1..4d397a7c7 100644 --- a/lib/ephy-form-auth-data.c +++ b/lib/ephy-form-auth-data.c @@ -311,18 +311,13 @@ screcet_service_search_finished (SecretService *service, for (p = results; p; p = p->next) { SecretItem *item = (SecretItem *)p->data; GHashTable *attributes; - char *origin; attributes = secret_item_get_attributes (item); - origin = ephy_uri_to_security_origin (g_hash_table_lookup (attributes, URI_KEY)); - if (origin != NULL) { - ephy_form_auth_data_cache_add (cache, origin, - g_hash_table_lookup (attributes, FORM_USERNAME_KEY), - g_hash_table_lookup (attributes, FORM_PASSWORD_KEY), - g_hash_table_lookup (attributes, USERNAME_KEY)); - - g_free (origin); - } + ephy_form_auth_data_cache_add (cache, + g_hash_table_lookup (attributes, URI_KEY), + g_hash_table_lookup (attributes, FORM_USERNAME_KEY), + g_hash_table_lookup (attributes, FORM_PASSWORD_KEY), + g_hash_table_lookup (attributes, USERNAME_KEY)); g_hash_table_unref (attributes); } @@ -393,24 +388,32 @@ ephy_form_auth_data_cache_add (EphyFormAuthDataCache *cache, { EphyFormAuthData *data; GSList *l; + char *origin; g_return_if_fail (cache); g_return_if_fail (uri); g_return_if_fail (form_password); data = ephy_form_auth_data_new (form_username, form_password, username); - l = g_hash_table_lookup (cache->form_auth_data_map, uri); + origin = ephy_uri_to_security_origin (uri); + l = g_hash_table_lookup (cache->form_auth_data_map, origin); l = g_slist_append (l, data); - g_hash_table_replace (cache->form_auth_data_map, - g_strdup (uri), l); + g_hash_table_replace (cache->form_auth_data_map, origin, l); } GSList * ephy_form_auth_data_cache_get_list (EphyFormAuthDataCache *cache, const char *uri) { + char *origin; + GSList *list; + g_return_val_if_fail (cache, NULL); g_return_val_if_fail (uri, NULL); - return g_hash_table_lookup (cache->form_auth_data_map, uri); + origin = ephy_uri_to_security_origin (uri); + list = g_hash_table_lookup (cache->form_auth_data_map, origin); + g_free (origin); + + return list; } |