Chromium Code Reviews Chromium Code Reviews
Issue 11428052:
[android_webview] Fix use after free in intercepted requests. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "android_webview/native/android_protocol_handler.h" | 5 #include "android_webview/native/android_protocol_handler.h" |
| 6 | 6 |
| 7 #include "android_webview/browser/net/android_stream_reader_url_request_job.h" | 7 #include "android_webview/browser/net/android_stream_reader_url_request_job.h" |
| 8 #include "android_webview/common/url_constants.h" | 8 #include "android_webview/common/url_constants.h" |
| 9 #include "android_webview/native/input_stream_impl.h" | 9 #include "android_webview/native/input_stream_impl.h" |
| 10 #include "base/android/jni_android.h" | 10 #include "base/android/jni_android.h" |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 47 : public AndroidStreamReaderURLRequestJob::Delegate { | 47 : public AndroidStreamReaderURLRequestJob::Delegate { |
| 48 public: | 48 public: |
| 49 AndroidStreamReaderURLRequestJobDelegateImpl(); | 49 AndroidStreamReaderURLRequestJobDelegateImpl(); |
| 50 | 50 |
| 51 virtual scoped_ptr<InputStream> OpenInputStream( | 51 virtual scoped_ptr<InputStream> OpenInputStream( |
| 52 JNIEnv* env, | 52 JNIEnv* env, |
| 53 net::URLRequest* request) OVERRIDE; | 53 net::URLRequest* request) OVERRIDE; |
| 54 | 54 |
| 55 virtual bool GetMimeType(JNIEnv* env, | 55 virtual bool GetMimeType(JNIEnv* env, |
| 56 net::URLRequest* request, | 56 net::URLRequest* request, |
| 57 const InputStream& stream, | 57 InputStream& stream, |
|
joth
2012/11/29 17:44:09
use pointer: non-const references not allowed.
mkosiba (inactive)
2012/11/29 18:54:11
ah, well, back to ye olde pointer then
| |
| 58 std::string* mime_type) OVERRIDE; | 58 std::string* mime_type) OVERRIDE; |
| 59 | 59 |
| 60 virtual bool GetCharset(JNIEnv* env, | 60 virtual bool GetCharset(JNIEnv* env, |
| 61 net::URLRequest* request, | 61 net::URLRequest* request, |
| 62 const InputStream& stream, | 62 InputStream& stream, |
| 63 std::string* charset) OVERRIDE; | 63 std::string* charset) OVERRIDE; |
| 64 | 64 |
| 65 virtual ~AndroidStreamReaderURLRequestJobDelegateImpl(); | 65 virtual ~AndroidStreamReaderURLRequestJobDelegateImpl(); |
| 66 }; | 66 }; |
| 67 | 67 |
| 68 class AssetFileProtocolInterceptor : | 68 class AssetFileProtocolInterceptor : |
| 69 public net::URLRequestJobFactory::Interceptor { | 69 public net::URLRequestJobFactory::Interceptor { |
| 70 public: | 70 public: |
| 71 AssetFileProtocolInterceptor(); | 71 AssetFileProtocolInterceptor(); |
| 72 virtual ~AssetFileProtocolInterceptor() OVERRIDE; | 72 virtual ~AssetFileProtocolInterceptor() OVERRIDE; |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 144 if (ClearException(env) || stream.is_null()) { | 144 if (ClearException(env) || stream.is_null()) { |
| 145 DLOG(ERROR) << "Unable to open input stream for Android URL"; | 145 DLOG(ERROR) << "Unable to open input stream for Android URL"; |
| 146 return scoped_ptr<InputStream>(); | 146 return scoped_ptr<InputStream>(); |
| 147 } | 147 } |
| 148 return make_scoped_ptr<InputStream>(new InputStreamImpl(stream)); | 148 return make_scoped_ptr<InputStream>(new InputStreamImpl(stream)); |
| 149 } | 149 } |
| 150 | 150 |
| 151 bool AndroidStreamReaderURLRequestJobDelegateImpl::GetMimeType( | 151 bool AndroidStreamReaderURLRequestJobDelegateImpl::GetMimeType( |
| 152 JNIEnv* env, | 152 JNIEnv* env, |
| 153 net::URLRequest* request, | 153 net::URLRequest* request, |
| 154 const android_webview::InputStream& stream, | 154 android_webview::InputStream& stream, |
| 155 std::string* mime_type) { | 155 std::string* mime_type) { |
| 156 DCHECK(env); | 156 DCHECK(env); |
| 157 DCHECK(request); | 157 DCHECK(request); |
| 158 DCHECK(mime_type); | 158 DCHECK(mime_type); |
| 159 | 159 |
| 160 // Query the mime type from the Java side. It is possible for the query to | 160 // Query the mime type from the Java side. It is possible for the query to |
| 161 // fail, as the mime type cannot be determined for all supported schemes. | 161 // fail, as the mime type cannot be determined for all supported schemes. |
| 162 ScopedJavaLocalRef<jstring> url = | 162 ScopedJavaLocalRef<jstring> url = |
| 163 ConvertUTF8ToJavaString(env, request->url().spec()); | 163 ConvertUTF8ToJavaString(env, request->url().spec()); |
| 164 const InputStreamImpl* stream_impl = | 164 const InputStreamImpl* stream_impl = |
| 165 InputStreamImpl::FromInputStream(&stream); | 165 InputStreamImpl::FromInputStream(&stream); |
| 166 ScopedJavaLocalRef<jstring> returned_type = | 166 ScopedJavaLocalRef<jstring> returned_type = |
| 167 android_webview::Java_AndroidProtocolHandler_getMimeType( | 167 android_webview::Java_AndroidProtocolHandler_getMimeType( |
| 168 env, | 168 env, |
| 169 GetResourceContext(env).obj(), | 169 GetResourceContext(env).obj(), |
| 170 stream_impl->jobj(), url.obj()); | 170 stream_impl->jobj(), url.obj()); |
| 171 if (ClearException(env) || returned_type.is_null()) | 171 if (ClearException(env) || returned_type.is_null()) |
| 172 return false; | 172 return false; |
| 173 | 173 |
| 174 *mime_type = base::android::ConvertJavaStringToUTF8(returned_type); | 174 *mime_type = base::android::ConvertJavaStringToUTF8(returned_type); |
| 175 return true; | 175 return true; |
| 176 } | 176 } |
| 177 | 177 |
| 178 bool AndroidStreamReaderURLRequestJobDelegateImpl::GetCharset( | 178 bool AndroidStreamReaderURLRequestJobDelegateImpl::GetCharset( |
| 179 JNIEnv* env, | 179 JNIEnv* env, |
| 180 net::URLRequest* request, | 180 net::URLRequest* request, |
| 181 const android_webview::InputStream& stream, | 181 android_webview::InputStream& stream, |
| 182 std::string* charset) { | 182 std::string* charset) { |
| 183 // TODO: We should probably be getting this from the managed side. | 183 // TODO: We should probably be getting this from the managed side. |
| 184 return false; | 184 return false; |
| 185 } | 185 } |
| 186 | 186 |
| 187 AssetFileProtocolInterceptor::AssetFileProtocolInterceptor() | 187 AssetFileProtocolInterceptor::AssetFileProtocolInterceptor() |
| 188 : asset_prefix_(std::string(chrome::kFileScheme) + | 188 : asset_prefix_(std::string(chrome::kFileScheme) + |
| 189 std::string(content::kStandardSchemeSeparator) + | 189 std::string(content::kStandardSchemeSeparator) + |
| 190 android_webview::kAndroidAssetPath), | 190 android_webview::kAndroidAssetPath), |
| 191 resource_prefix_(std::string(chrome::kFileScheme) + | 191 resource_prefix_(std::string(chrome::kFileScheme) + |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 271 env, android_webview::kAndroidAssetPath).Release(); | 271 env, android_webview::kAndroidAssetPath).Release(); |
| 272 } | 272 } |
| 273 | 273 |
| 274 static jstring GetAndroidResourcePath(JNIEnv* env, jclass /*clazz*/) { | 274 static jstring GetAndroidResourcePath(JNIEnv* env, jclass /*clazz*/) { |
| 275 // OK to release, JNI binding. | 275 // OK to release, JNI binding. |
| 276 return ConvertUTF8ToJavaString( | 276 return ConvertUTF8ToJavaString( |
| 277 env, android_webview::kAndroidResourcePath).Release(); | 277 env, android_webview::kAndroidResourcePath).Release(); |
| 278 } | 278 } |
| 279 | 279 |
| 280 } // namespace android_webview | 280 } // namespace android_webview |
| OLD | NEW |
