瀏覽代碼

fix Block gateway attacks via websockets

Carmelo Messina 3 年之前
父節點
當前提交
b974c19b2e
共有 1 個文件被更改,包括 9 次插入5 次删除
  1. 9 5
      build/patches/Block-gateway-attacks-via-websockets.patch

+ 9 - 5
build/patches/Block-gateway-attacks-via-websockets.patch

@@ -4,15 +4,15 @@ Subject: Block gateway attacks via websockets
 
 ---
  .../renderer/core/loader/base_fetch_context.h |  1 +
- .../core/loader/frame_fetch_context.cc        | 18 +++++++++++++
+ .../core/loader/frame_fetch_context.cc        | 20 ++++++++++++++
  .../core/loader/frame_fetch_context.h         |  1 +
- .../core/loader/worker_fetch_context.cc       | 19 +++++++++++++
+ .../core/loader/worker_fetch_context.cc       | 21 +++++++++++++++
  .../core/loader/worker_fetch_context.h        |  1 +
  .../background_fetch_manager.cc               |  2 --
  .../websockets/websocket_channel_impl.cc      |  5 ++++
  .../modules/websockets/websocket_common.cc    | 27 +++++++++++++++++++
  .../modules/websockets/websocket_common.h     |  4 +++
- 9 files changed, 76 insertions(+), 2 deletions(-)
+ 9 files changed, 80 insertions(+), 2 deletions(-)
 
 diff --git a/third_party/blink/renderer/core/loader/base_fetch_context.h b/third_party/blink/renderer/core/loader/base_fetch_context.h
 --- a/third_party/blink/renderer/core/loader/base_fetch_context.h
@@ -28,7 +28,7 @@ diff --git a/third_party/blink/renderer/core/loader/base_fetch_context.h b/third
 diff --git a/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
 --- a/third_party/blink/renderer/core/loader/frame_fetch_context.cc
 +++ b/third_party/blink/renderer/core/loader/frame_fetch_context.cc
-@@ -566,6 +566,24 @@ bool FrameFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
+@@ -566,6 +566,26 @@ bool FrameFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
    return should_block_request;
  }
  
@@ -36,6 +36,8 @@ diff --git a/third_party/blink/renderer/core/loader/frame_fetch_context.cc b/thi
 +  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
 +  // all this up to //net and //content in order to have any real impact on
 +  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
++  if (requestor_space == network::mojom::IPAddressSpace::kUnknown)
++    requestor_space = network::mojom::IPAddressSpace::kPublic;
 +  network::mojom::IPAddressSpace target_space =
 +      network::mojom::IPAddressSpace::kPublic;
 +  if (network_utils::IsReservedIPAddress(request_url.Host()))
@@ -75,7 +77,7 @@ diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.cc b/th
  #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
  #include "third_party/blink/renderer/platform/supplementable.h"
  #include "third_party/blink/renderer/platform/weborigin/security_policy.h"
-@@ -90,6 +91,24 @@ bool WorkerFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
+@@ -90,6 +91,26 @@ bool WorkerFetchContext::ShouldBlockRequestByInspector(const KURL& url) const {
    return should_block_request;
  }
  
@@ -83,6 +85,8 @@ diff --git a/third_party/blink/renderer/core/loader/worker_fetch_context.cc b/th
 +  // TODO(mkwst): This only checks explicit IP addresses. We'll have to move
 +  // all this up to //net and //content in order to have any real impact on
 +  // gateway attacks. That turns out to be a TON of work (crbug.com/378566).
++  if (requestor_space == network::mojom::IPAddressSpace::kUnknown)
++    requestor_space = network::mojom::IPAddressSpace::kPublic;
 +  network::mojom::IPAddressSpace target_space =
 +      network::mojom::IPAddressSpace::kPublic;
 +  if (network_utils::IsReservedIPAddress(request_url.Host()))