diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-03-10 11:56:30 +0100 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2020-03-13 11:31:37 +0000 |
commit | 4af826b4d3512f93c6aaf891c9e4434da0f8a7f6 (patch) | |
tree | 3ae33601af04ed894676b5494586506cd38eb240 /chromium/content/browser/renderer_host/code_cache_host_impl.h | |
parent | 80bf361c042c697a7adc2fcdee190b35a594df1b (diff) | |
download | qtwebengine-chromium-4af826b4d3512f93c6aaf891c9e4434da0f8a7f6.tar.gz |
[Backport] Fix for security issue 925035
Hand merged from:
CacheStorage: Ignore code cache for origins that do not match the renderer.
This CL is inspired by the previously attempted crrev.com/c/1434754. That
was reverted due to excessive renderer crashes. As an interim step this CL
instead ignores code cache when the origin seems wrong. We also add a
UMA to see how often its triggering in practice so we can start trying to
isolate the unexpected circumstances.
Bug: 925035
Change-Id: Iec4d0206ba5ed74950537d74a4ad180ee6b98905
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Robert Kaplow <rkaplow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#709036}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
Diffstat (limited to 'chromium/content/browser/renderer_host/code_cache_host_impl.h')
-rw-r--r-- | chromium/content/browser/renderer_host/code_cache_host_impl.h | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/chromium/content/browser/renderer_host/code_cache_host_impl.h b/chromium/content/browser/renderer_host/code_cache_host_impl.h index 1f4a7f5401e..30b05af8512 100644 --- a/chromium/content/browser/renderer_host/code_cache_host_impl.h +++ b/chromium/content/browser/renderer_host/code_cache_host_impl.h @@ -44,14 +44,12 @@ class CONTENT_EXPORT CodeCacheHostImpl : public blink::mojom::CodeCacheHost { CodeCacheHostImpl( int render_process_id, scoped_refptr<CacheStorageContextImpl> cache_storage_context, - scoped_refptr<GeneratedCodeCacheContext> generated_code_cache_context); - ~CodeCacheHostImpl() override; - - static void Create( - int render_process_id, - scoped_refptr<CacheStorageContextImpl> cache_storage_context, scoped_refptr<GeneratedCodeCacheContext> generated_code_cache_context, blink::mojom::CodeCacheHostRequest request); + ~CodeCacheHostImpl() override; + + void SetCacheStorageContextForTesting( + scoped_refptr<CacheStorageContextImpl> context); private: // blink::mojom::CodeCacheHost implementation. @@ -91,6 +89,8 @@ class CONTENT_EXPORT CodeCacheHostImpl : public blink::mojom::CodeCacheHost { scoped_refptr<GeneratedCodeCacheContext> generated_code_cache_context_; + mojo::Binding<blink::mojom::CodeCacheHost> binding_; + base::WeakPtrFactory<CodeCacheHostImpl> weak_ptr_factory_{this}; DISALLOW_COPY_AND_ASSIGN(CodeCacheHostImpl); |