Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(796)

Unified Diff: media/blink/buffered_data_source.cc

Issue 1220963004: Check the response URL origin in BufferedDataSource to avoid mixing cross-origin responses. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: incorporated hubbe and falken's comment Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: media/blink/buffered_data_source.cc
diff --git a/media/blink/buffered_data_source.cc b/media/blink/buffered_data_source.cc
index d5f32b1ca298d4c787731c70eb26ead26632bea0..412b9c01c51b687da936ebc2c2da8b78d93cbbe4 100644
--- a/media/blink/buffered_data_source.cc
+++ b/media/blink/buffered_data_source.cc
@@ -356,6 +356,7 @@ void BufferedDataSource::StartCallback(
loader_->Stop();
return;
}
+ response_original_url_ = loader_->response_original_url();
// All responses must be successful. Resources that are assumed to be fully
// buffered must have a known content length.
@@ -403,8 +404,12 @@ void BufferedDataSource::PartialReadStartCallback(
BufferedResourceLoader::Status status) {
DCHECK(render_task_runner_->BelongsToCurrentThread());
DCHECK(loader_.get());
+ if (status == BufferedResourceLoader::kOk &&
+ response_original_url_ == loader_->response_original_url()) {
falken 2015/07/03 04:00:25 Actually a question. Should this really just compa
horo 2015/07/06 11:45:47 Changed to compare the origin. And added canReques
+ // We don't support mixed range responses. Otherwise malicious attackers can
falken 2015/07/03 03:43:44 I'm not sure "mixed range response" is a term of a
horo 2015/07/06 11:45:47 Changed to "mixing different origin responses".
+ // scan the bytes of other origin resources by mixing their generated bytes
+ // and the target response. See http://crbug.com/489060#c32 for details.
- if (status == BufferedResourceLoader::kOk) {
// Once the request has started successfully, we can proceed with
// reading from it.
ReadInternal();

Powered by Google App Engine
This is Rietveld 408576698