diff options
| author | Charlie Harrison <csharrison@chromium.org> | 2018-11-12 21:00:39 +0000 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2019-03-27 15:18:23 +0000 |
| commit | 64d3770e5e9cd7baeb15f8a907658c3980f7eb7e (patch) | |
| tree | 07058a3d635003609500851fc4c12d02f6c0d0f8 | |
| parent | 597dae52a3b63ecb632d2006b00bc950665f3148 (diff) | |
| download | qtwebengine-chromium-64d3770e5e9cd7baeb15f8a907658c3980f7eb7e.tar.gz | |
[Backport] CVE-2019-5802 (2/5)
Backport of original patch by Charlie Harrison
<csharrison@chromium.org>:
Add more specific download policies for opener navigations
Bug: 632514
Change-Id: I6cbf33505c844f87bed359a7433e157d638c130e
Reviewed-on: https://chromium-review.googlesource.com/c/1329863
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
| -rw-r--r-- | chromium/content/common/navigation_params.cc | 3 | ||||
| -rw-r--r-- | chromium/content/common/navigation_params.h | 19 | ||||
| -rw-r--r-- | chromium/content/renderer/render_frame_impl.cc | 23 | ||||
| -rw-r--r-- | chromium/tools/metrics/histograms/enums.xml | 3 |
4 files changed, 41 insertions, 7 deletions
diff --git a/chromium/content/common/navigation_params.cc b/chromium/content/common/navigation_params.cc index 32750028fea..cb0c8c9549e 100644 --- a/chromium/content/common/navigation_params.cc +++ b/chromium/content/common/navigation_params.cc @@ -32,6 +32,9 @@ bool IsNavigationDownloadAllowed(NavigationDownloadPolicy policy) { case NavigationDownloadPolicy::kDisallowInterstitial: return false; case NavigationDownloadPolicy::kAllowOpener: + case NavigationDownloadPolicy::kAllowOpenerNoGesture: + case NavigationDownloadPolicy::kAllowOpenerCrossOrigin: + case NavigationDownloadPolicy::kAllowOpenerCrossOriginNoGesture: return true; } } diff --git a/chromium/content/common/navigation_params.h b/chromium/content/common/navigation_params.h index 23071210e96..c4423040180 100644 --- a/chromium/content/common/navigation_params.h +++ b/chromium/content/common/navigation_params.h @@ -68,11 +68,22 @@ enum class NavigationDownloadPolicy { kDisallowViewSource = 1, kDisallowInterstitial = 2, - // TODO(csharrison): Temporary to collect metrics. Opener navigations should - // be disallowed from creating downloads. See http://crbug.com/632514. + // TODO(csharrison): Temporary to collect metrics. Some opener navigations + // should be disallowed from creating downloads. See http://crbug.com/632514. + // All of these policies are mutually exclusive, and more specific policies + // will be set if their conditions match. + // + // The navigation was initiated on an opener. kAllowOpener = 3, - - kMaxValue = kAllowOpener + // Opener navigation without a user gesture. + kAllowOpenerNoGesture = 4, + // Opener navigation initiated by a site that is cross origin from the target. + kAllowOpenerCrossOrigin = 5, + // Opener navigation initiated by a site that is cross origin from the target, + // and without a user gesture. + kAllowOpenerCrossOriginNoGesture = 6, + + kMaxValue = kAllowOpenerCrossOriginNoGesture }; // Returns whether the given |policy| should allow for a download. This function diff --git a/chromium/content/renderer/render_frame_impl.cc b/chromium/content/renderer/render_frame_impl.cc index f70bfda38ef..dcda7c548f4 100644 --- a/chromium/content/renderer/render_frame_impl.cc +++ b/chromium/content/renderer/render_frame_impl.cc @@ -490,7 +490,25 @@ WebURLRequest CreateURLRequestForNavigation( return request; } +NavigationDownloadPolicy GetDownloadPolicy( + bool is_opener_navigation, + const blink::WebURLRequest& request, + const WebSecurityOrigin& current_origin) { + if (!is_opener_navigation) + return NavigationDownloadPolicy::kAllow; + bool gesture = request.HasUserGesture(); + bool cross_origin = request.RequestorOrigin().CanAccess(current_origin); + if (!gesture && cross_origin) + return NavigationDownloadPolicy::kAllowOpenerCrossOriginNoGesture; + if (!gesture) + return NavigationDownloadPolicy::kAllowOpenerNoGesture; + if (cross_origin) + return NavigationDownloadPolicy::kAllowOpenerCrossOrigin; + return NavigationDownloadPolicy::kAllowOpener; +} + CommonNavigationParams MakeCommonNavigationParams( + const WebSecurityOrigin& current_origin, const blink::WebLocalFrameClient::NavigationPolicyInfo& info, int load_flags) { Referrer referrer( @@ -528,9 +546,8 @@ CommonNavigationParams MakeCommonNavigationParams( const RequestExtraData* extra_data = static_cast<RequestExtraData*>(info.url_request.GetExtraData()); DCHECK(extra_data); - NavigationDownloadPolicy download_policy = - info.is_opener_navigation ? NavigationDownloadPolicy::kAllowOpener - : NavigationDownloadPolicy::kAllow; + NavigationDownloadPolicy download_policy = GetDownloadPolicy( + info.is_opener_navigation, info.url_request, current_origin); return CommonNavigationParams( info.url_request.Url(), referrer, extra_data->transition_type(), navigation_type, download_policy, info.replaces_current_history_item, GURL(), GURL(), diff --git a/chromium/tools/metrics/histograms/enums.xml b/chromium/tools/metrics/histograms/enums.xml index 8108328b182..a9427402395 100644 --- a/chromium/tools/metrics/histograms/enums.xml +++ b/chromium/tools/metrics/histograms/enums.xml @@ -32122,6 +32122,9 @@ Called by update_use_counter_css.py.--> <int value="1" label="Disallowed (view-source)"/> <int value="2" label="Disallowed (interstitial)"/> <int value="3" label="Allowed (opener)"/> + <int value="4" label="Allowed (no gesture)"/> + <int value="5" label="Allowed (x-origin)"/> + <int value="6" label="Allowed (no gesture and x-origin)"/> </enum> <enum name="NavigationInterceptResult"> |