diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-17 11:10:32 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-10-21 08:13:00 +0000 |
commit | 2a45953d844a6d1be6df8aeb7359a98daaa52ee2 (patch) | |
tree | 679680fe5f711d19dddb48a9a1fec7524f8fea83 /chromium/components/download/internal | |
parent | 32d77d99be3f461a13c393167d61e107c800a364 (diff) | |
download | qtwebengine-chromium-2a45953d844a6d1be6df8aeb7359a98daaa52ee2.tar.gz |
[Backport] CVE-2019-13675
Fixing extension corruption when navigating to extension resource with slash at end
Because of how Content Verifier currently normalizes relative paths of
an extension resource, it (incorrectly) drops any separators at the end
of the relative path. This makes Content Verifier incorrectly think
that a resource exists (if the separators came after a valid extension
resource path) and this results in content verification failure.
Fix this by ensuring content verifier path normalization does not drop
trailing separator, if present.
Bug: 929578
bar.html is present must not corrupt or disable the extension.
Test: Navigating to chrome-extension://<extensionId>/bar.html/ when
Change-Id: I3972643d9f9566e011070e4b01f0b1a50e3fa659
Commit-Queue: Utkarsh Patankar <utkpat@microsoft.com>
Auto-Submit: Utkarsh Patankar <utkpat@microsoft.com>
Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#667431}
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/components/download/internal')
0 files changed, 0 insertions, 0 deletions