From 34482ee5da826627131767d907800f6f4a2f0a36 Mon Sep 17 00:00:00 2001 From: Jack Hsieh Date: Wed, 15 Mar 2023 01:03:48 +0000 Subject: [Backport] CVE-2023-2462: Inappropriate implementation in Prompts (10/10) Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4337726: hid: Handle opaque top level origin in addedEventListener In navigator.hid.addEventListener, throw an exception if the request is coming from a context whose top level frame has an opaque origin. Bug: 1375133 Change-Id: I43d3c59eb4715d5c1b970d6f466a256c580582d6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4337726 Commit-Queue: Jack Hsieh Reviewed-by: Reilly Grant Cr-Commit-Position: refs/heads/main@{#1117306} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476784 Reviewed-by: Michal Klocek --- .../third_party/blink/renderer/modules/hid/hid.cc | 43 +++++++++++++--------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/chromium/third_party/blink/renderer/modules/hid/hid.cc b/chromium/third_party/blink/renderer/modules/hid/hid.cc index 92543c029fd..47a00ea42c5 100644 --- a/chromium/third_party/blink/renderer/modules/hid/hid.cc +++ b/chromium/third_party/blink/renderer/modules/hid/hid.cc @@ -37,10 +37,12 @@ const char kFeaturePolicyBlocked[] = // returns false to indicate the call should be allowed. bool ShouldBlockHidServiceCall(LocalDOMWindow* window, ExecutionContext* context, - ExceptionState& exception_state) { + ExceptionState* exception_state) { if (!context) { - exception_state.ThrowDOMException(DOMExceptionCode::kNotSupportedError, - kContextGone); + if (exception_state) { + exception_state->ThrowDOMException(DOMExceptionCode::kNotSupportedError, + kContextGone); + } return true; } @@ -52,18 +54,25 @@ bool ShouldBlockHidServiceCall(LocalDOMWindow* window, window ? window->GetFrame()->Top()->GetSecurityContext()->GetSecurityOrigin() : context->GetSecurityOrigin(); - if (security_origin->IsOpaque()) { - exception_state.ThrowSecurityError( - "Access to the WebHID API is denied from contexts where the top-level " - "document has an opaque origin."); - } else if (!context->IsFeatureEnabled( - mojom::blink::PermissionsPolicyFeature::kHid, - ReportOptions::kReportOnFailure)) { - exception_state.ThrowSecurityError(kFeaturePolicyBlocked); + if (exception_state) { + exception_state->ThrowSecurityError( + "Access to the WebHID API is denied from contexts where the " + "top-level " + "document has an opaque origin."); + } + return true; } - return exception_state.HadException(); + if (!context->IsFeatureEnabled(mojom::blink::PermissionsPolicyFeature::kHid, + ReportOptions::kReportOnFailure)) { + if (exception_state) { + exception_state->ThrowSecurityError(kFeaturePolicyBlocked); + } + return true; + } + + return false; } void RejectWithTypeError(const String& message, @@ -124,10 +133,8 @@ void HID::AddedEventListener(const AtomicString& event_type, return; } - auto* context = GetExecutionContext(); - if (!context || - !context->IsFeatureEnabled(mojom::blink::PermissionsPolicyFeature::kHid, - ReportOptions::kDoNotReport)) { + if (ShouldBlockHidServiceCall(GetSupplementable()->DomWindow(), + GetExecutionContext(), nullptr)) { return; } @@ -163,7 +170,7 @@ void HID::DeviceChanged(device::mojom::blink::HidDeviceInfoPtr device_info) { ScriptPromise HID::getDevices(ScriptState* script_state, ExceptionState& exception_state) { if (ShouldBlockHidServiceCall(GetSupplementable()->DomWindow(), - GetExecutionContext(), exception_state)) { + GetExecutionContext(), &exception_state)) { return ScriptPromise(); } @@ -189,7 +196,7 @@ ScriptPromise HID::requestDevice(ScriptState* script_state, } if (ShouldBlockHidServiceCall(window, GetExecutionContext(), - exception_state)) { + &exception_state)) { return ScriptPromise(); } -- cgit v1.2.1