Per bug 121738, ignore old saved logins for http*://www.google.com.

chrome/browser/password_manager/password_store.cc

Index: chrome/browser/password_manager/password_store.cc
===================================================================
--- chrome/browser/password_manager/password_store.cc	(revision 134335)
+++ chrome/browser/password_manager/password_store.cc	(working copy)
@@ -19,9 +19,26 @@
 PasswordStore::GetLoginsRequest::GetLoginsRequest(
     const GetLoginsCallback& callback)
     : CancelableRequest1<GetLoginsCallback,
-                         std::vector<PasswordForm*> >(callback) {
+                         std::vector<PasswordForm*> >(callback),
+      ignore_logins_cutoff_(0) {
 }
 
+void PasswordStore::GetLoginsRequest::ApplyIgnoreLoginsCutoff() {
+  if (ignore_logins_cutoff_ > 0) {
+    const base::Time cutoff_time = base::Time::FromTimeT(ignore_logins_cutoff_);
+    // Count down rather than up since we may be deleting elements.
+    // Note that in principle it could be more efficient to copy the whole array
+    // since that's worst-case linear time, but we expect that elements will be
+    // deleted rarely and lists will be small, so this avoids the copies.
+    for (size_t i = value.size(); i > 0; --i) {
+      if (value[i - 1]->date_created < cutoff_time) {
+        delete value[i - 1];
+        value.erase(value.begin() + (i - 1));
+      }
+    }
+  }
+}
+
 PasswordStore::GetLoginsRequest::~GetLoginsRequest() {
   if (canceled()) {
     STLDeleteElements(&value);
@@ -61,7 +78,23 @@
 
 CancelableRequestProvider::Handle PasswordStore::GetLogins(
     const PasswordForm& form, PasswordStoreConsumer* consumer) {
-  return Schedule(&PasswordStore::GetLoginsImpl, consumer, form);
+  // Per http://crbug.com/121738, we deliberately ignore saved logins for
+  // http*://www.google.com/ that were stored prior to 2012. (Google now uses
+  // https://accounts.google.com/ for all login forms, so these should be
+  // unused.) We don't delete them just yet, and they'll still be visible in the
+  // password manager, but we won't use them to autofill any forms. This is a
+  // security feature to help minimize damage that can be done by XSS attacks.
+  // TODO(mdm): actually delete them at some point, say M24 or so.
+  time_t ignore_logins_cutoff = 0;
+  if (form.scheme == PasswordForm::SCHEME_HTML &&
+      (form.signon_realm == "http://www.google.com" ||
+       form.signon_realm == "http://www.google.com/" ||

[Tom Sepez, 2012/04/28 01:04:08]

Is slash the only trailing character that could be mistakenly appended to a
realm?

[Mike Mammarella, 2012/04/30 16:09:45]

As far as I know, yes.

+       form.signon_realm == "https://www.google.com" ||
+       form.signon_realm == "https://www.google.com/")) {
+    ignore_logins_cutoff = 1325376000;  // 00:00 Jan 1 2012 UTC
+  }
+  return Schedule(&PasswordStore::GetLoginsImpl, consumer, form,
+                  ignore_logins_cutoff);
 }
 
 CancelableRequestProvider::Handle PasswordStore::GetAutofillableLogins(
@@ -98,6 +131,7 @@
 }
 
 void PasswordStore::ForwardLoginsResult(GetLoginsRequest* request) {
+  request->ApplyIgnoreLoginsCutoff();
   request->ForwardResult(request->handle(), request->value);
 }
 
@@ -112,14 +146,16 @@
   return request->handle();
 }
 
-template<typename BackendFunc, typename ArgA>
+template<typename BackendFunc>
 CancelableRequestProvider::Handle PasswordStore::Schedule(
-    BackendFunc func, PasswordStoreConsumer* consumer, const ArgA& a) {
+    BackendFunc func, PasswordStoreConsumer* consumer,
+    const PasswordForm& form, time_t ignore_logins_cutoff) {
   scoped_refptr<GetLoginsRequest> request(NewGetLoginsRequest(
       base::Bind(&PasswordStoreConsumer::OnPasswordStoreRequestDone,
                  base::Unretained(consumer))));
+  request->set_ignore_logins_cutoff(ignore_logins_cutoff);
   AddRequest(request, consumer->cancelable_consumer());
-  ScheduleTask(base::Bind(func, this, request, a));
+  ScheduleTask(base::Bind(func, this, request, form));
   return request->handle();
 }
 
@@ -135,7 +171,6 @@
 #if !defined(OS_MACOSX)
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
 #endif  // !defined(OS_MACOSX)
-
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&PasswordStore::NotifyLoginsChanged, this));