diff options
Diffstat (limited to 'chromium/net/base/filename_util.cc')
-rw-r--r-- | chromium/net/base/filename_util.cc | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/chromium/net/base/filename_util.cc b/chromium/net/base/filename_util.cc index a3135f1ed85..eec7c218e4f 100644 --- a/chromium/net/base/filename_util.cc +++ b/chromium/net/base/filename_util.cc @@ -17,6 +17,7 @@ #include "net/base/escape.h" #include "net/base/filename_util_internal.h" #include "net/base/net_string_util.h" +#include "net/base/url_util.h" #include "net/http/http_content_disposition.h" #include "url/gurl.h" @@ -69,6 +70,10 @@ bool FileURLToFilePath(const GURL& url, base::FilePath* file_path) { if (!url.is_valid()) return false; + // We may want to change this to a CHECK in the future. + if (!url.SchemeIsFile()) + return false; + #if defined(OS_WIN) std::string path; std::string host = url.host(); @@ -89,10 +94,13 @@ bool FileURLToFilePath(const GURL& url, base::FilePath* file_path) { } std::replace(path.begin(), path.end(), '/', '\\'); #else // defined(OS_WIN) - // Firefox seems to ignore the "host" of a file url if there is one. That is, - // file://foo/bar.txt maps to /bar.txt. - // TODO(dhg): This should probably take into account UNCs which could - // include a hostname other than localhost or blank + // On POSIX, there's no obvious interpretation of file:// URLs with a host. + // Usually, remote mounts are still mounted onto the local filesystem. + // Therefore, we discard all URLs that are not obviously local to prevent + // spoofing attacks using file:// URLs. See crbug.com/881675. + if (!url.host().empty() && !net::IsLocalhost(url)) { + return false; + } std::string path = url.path(); #endif // !defined(OS_WIN) |