Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Side by Side Diff: media/blink/buffered_data_source.cc

Issue 1220963004: Check the response URL origin in BufferedDataSource to avoid mixing cross-origin responses. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: incorporated hubbe and falken's comment Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "media/blink/buffered_data_source.h" 5 #include "media/blink/buffered_data_source.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/callback_helpers.h" 8 #include "base/callback_helpers.h"
9 #include "base/location.h" 9 #include "base/location.h"
10 #include "base/single_thread_task_runner.h" 10 #include "base/single_thread_task_runner.h"
(...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after
349 349
350 bool init_cb_is_null = false; 350 bool init_cb_is_null = false;
351 { 351 {
352 base::AutoLock auto_lock(lock_); 352 base::AutoLock auto_lock(lock_);
353 init_cb_is_null = init_cb_.is_null(); 353 init_cb_is_null = init_cb_.is_null();
354 } 354 }
355 if (init_cb_is_null) { 355 if (init_cb_is_null) {
356 loader_->Stop(); 356 loader_->Stop();
357 return; 357 return;
358 } 358 }
359 response_original_url_ = loader_->response_original_url();
359 360
360 // All responses must be successful. Resources that are assumed to be fully 361 // All responses must be successful. Resources that are assumed to be fully
361 // buffered must have a known content length. 362 // buffered must have a known content length.
362 bool success = status == BufferedResourceLoader::kOk && 363 bool success = status == BufferedResourceLoader::kOk &&
363 (!assume_fully_buffered() || 364 (!assume_fully_buffered() ||
364 loader_->instance_size() != kPositionNotSpecified); 365 loader_->instance_size() != kPositionNotSpecified);
365 366
366 if (success) { 367 if (success) {
367 total_bytes_ = loader_->instance_size(); 368 total_bytes_ = loader_->instance_size();
368 streaming_ = 369 streaming_ =
(...skipping 27 matching lines...) Expand all
396 loader_->range_supported()); 397 loader_->range_supported());
397 } 398 }
398 399
399 base::ResetAndReturn(&init_cb_).Run(success); 400 base::ResetAndReturn(&init_cb_).Run(success);
400 } 401 }
401 402
402 void BufferedDataSource::PartialReadStartCallback( 403 void BufferedDataSource::PartialReadStartCallback(
403 BufferedResourceLoader::Status status) { 404 BufferedResourceLoader::Status status) {
404 DCHECK(render_task_runner_->BelongsToCurrentThread()); 405 DCHECK(render_task_runner_->BelongsToCurrentThread());
405 DCHECK(loader_.get()); 406 DCHECK(loader_.get());
407 if (status == BufferedResourceLoader::kOk &&
408 response_original_url_ == loader_->response_original_url()) {
falken 2015/07/03 04:00:25 Actually a question. Should this really just compa
horo 2015/07/06 11:45:47 Changed to compare the origin. And added canReques
409 // We don't support mixed range responses. Otherwise malicious attackers can
falken 2015/07/03 03:43:44 I'm not sure "mixed range response" is a term of a
horo 2015/07/06 11:45:47 Changed to "mixing different origin responses".
410 // scan the bytes of other origin resources by mixing their generated bytes
411 // and the target response. See http://crbug.com/489060#c32 for details.
406 412
407 if (status == BufferedResourceLoader::kOk) {
408 // Once the request has started successfully, we can proceed with 413 // Once the request has started successfully, we can proceed with
409 // reading from it. 414 // reading from it.
410 ReadInternal(); 415 ReadInternal();
411 return; 416 return;
412 } 417 }
413 418
414 // Stop the resource loader since we have received an error. 419 // Stop the resource loader since we have received an error.
415 loader_->Stop(); 420 loader_->Stop();
416 421
417 // TODO(scherkus): we shouldn't have to lock to signal host(), see 422 // TODO(scherkus): we shouldn't have to lock to signal host(), see
418 // http://crbug.com/113712 for details. 423 // http://crbug.com/113712 for details.
419 base::AutoLock auto_lock(lock_); 424 base::AutoLock auto_lock(lock_);
420 if (stop_signal_received_) 425 if (stop_signal_received_)
421 return; 426 return;
422 ReadOperation::Run(read_op_.Pass(), kReadError); 427 ReadOperation::Run(read_op_.Pass(), kReadError);
falken 2015/07/03 04:00:25 When we fail due to the security check, should we
horo 2015/07/06 11:45:48 It may be better to have. But BufferedDataSource B
423 } 428 }
424 429
425 void BufferedDataSource::ReadCallback( 430 void BufferedDataSource::ReadCallback(
426 BufferedResourceLoader::Status status, 431 BufferedResourceLoader::Status status,
427 int bytes_read) { 432 int bytes_read) {
428 DCHECK(render_task_runner_->BelongsToCurrentThread()); 433 DCHECK(render_task_runner_->BelongsToCurrentThread());
429 434
430 // TODO(scherkus): we shouldn't have to lock to signal host(), see 435 // TODO(scherkus): we shouldn't have to lock to signal host(), see
431 // http://crbug.com/113712 for details. 436 // http://crbug.com/113712 for details.
432 base::AutoLock auto_lock(lock_); 437 base::AutoLock auto_lock(lock_);
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after
551 } 556 }
552 557
553 // If media is currently playing or the page indicated preload=auto or the 558 // If media is currently playing or the page indicated preload=auto or the
554 // the server does not support the byte range request or we do not want to go 559 // the server does not support the byte range request or we do not want to go
555 // too far ahead of the read head, use threshold strategy to enable/disable 560 // too far ahead of the read head, use threshold strategy to enable/disable
556 // deferring when the buffer is full/depleted. 561 // deferring when the buffer is full/depleted.
557 loader_->UpdateDeferStrategy(BufferedResourceLoader::kCapacityDefer); 562 loader_->UpdateDeferStrategy(BufferedResourceLoader::kCapacityDefer);
558 } 563 }
559 564
560 } // namespace media 565 } // namespace media
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698