Chromium Code Reviews Chromium Code Reviews
Issue 1317443002:
Fix UAF in Origin Info Bubble and permission settings UI. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/website_settings/website_settings.h" | 5 #include "chrome/browser/ui/website_settings/website_settings.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/i18n/time_formatting.h" | 11 #include "base/i18n/time_formatting.h" |
| 12 #include "base/metrics/field_trial.h" | 12 #include "base/metrics/field_trial.h" |
| 13 #include "base/metrics/histogram.h" | 13 #include "base/metrics/histogram.h" |
| 14 #include "base/strings/string_number_conversions.h" | 14 #include "base/strings/string_number_conversions.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "base/strings/utf_string_conversions.h" | 16 #include "base/strings/utf_string_conversions.h" |
| 17 #include "base/values.h" | 17 #include "base/values.h" |
| 18 #include "chrome/browser/browser_process.h" | 18 #include "chrome/browser/browser_process.h" |
| 19 #include "chrome/browser/browsing_data/browsing_data_channel_id_helper.h" | 19 #include "chrome/browser/browsing_data/browsing_data_channel_id_helper.h" |
| 20 #include "chrome/browser/browsing_data/browsing_data_cookie_helper.h" | 20 #include "chrome/browser/browsing_data/browsing_data_cookie_helper.h" |
| 21 #include "chrome/browser/browsing_data/browsing_data_database_helper.h" | 21 #include "chrome/browser/browsing_data/browsing_data_database_helper.h" |
| 22 #include "chrome/browser/browsing_data/browsing_data_file_system_helper.h" | 22 #include "chrome/browser/browsing_data/browsing_data_file_system_helper.h" |
| 23 #include "chrome/browser/browsing_data/browsing_data_indexed_db_helper.h" | 23 #include "chrome/browser/browsing_data/browsing_data_indexed_db_helper.h" |
| 24 #include "chrome/browser/browsing_data/browsing_data_local_storage_helper.h" | 24 #include "chrome/browser/browsing_data/browsing_data_local_storage_helper.h" |
| 25 #include "chrome/browser/history/history_service_factory.h" | 25 #include "chrome/browser/history/history_service_factory.h" |
| 26 #include "chrome/browser/infobars/infobar_service.h" | |
| 26 #include "chrome/browser/profiles/profile.h" | 27 #include "chrome/browser/profiles/profile.h" |
| 27 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" | 28 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate.h" |
| 28 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" | 29 #include "chrome/browser/ssl/chrome_ssl_host_state_delegate_factory.h" |
| 29 #include "chrome/browser/ssl/ssl_error_info.h" | 30 #include "chrome/browser/ssl/ssl_error_info.h" |
| 30 #include "chrome/browser/ui/website_settings/website_settings_infobar_delegate.h " | 31 #include "chrome/browser/ui/website_settings/website_settings_infobar_delegate.h " |
| 31 #include "chrome/browser/ui/website_settings/website_settings_ui.h" | 32 #include "chrome/browser/ui/website_settings/website_settings_ui.h" |
| 32 #include "chrome/common/chrome_switches.h" | 33 #include "chrome/common/chrome_switches.h" |
| 33 #include "chrome/grit/chromium_strings.h" | 34 #include "chrome/grit/chromium_strings.h" |
| 34 #include "chrome/grit/generated_resources.h" | 35 #include "chrome/grit/generated_resources.h" |
| 35 #include "components/content_settings/core/browser/content_settings_utils.h" | 36 #include "components/content_settings/core/browser/content_settings_utils.h" |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 139 return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT | 140 return is_ev ? WebsiteSettings::SITE_IDENTITY_STATUS_EV_CERT |
| 140 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT; | 141 : WebsiteSettings::SITE_IDENTITY_STATUS_CERT; |
| 141 } | 142 } |
| 142 | 143 |
| 143 } // namespace | 144 } // namespace |
| 144 | 145 |
| 145 WebsiteSettings::WebsiteSettings( | 146 WebsiteSettings::WebsiteSettings( |
| 146 WebsiteSettingsUI* ui, | 147 WebsiteSettingsUI* ui, |
| 147 Profile* profile, | 148 Profile* profile, |
| 148 TabSpecificContentSettings* tab_specific_content_settings, | 149 TabSpecificContentSettings* tab_specific_content_settings, |
| 149 InfoBarService* infobar_service, | 150 content::WebContents* web_contents, |
| 150 const GURL& url, | 151 const GURL& url, |
| 151 const content::SSLStatus& ssl, | 152 const content::SSLStatus& ssl, |
| 152 content::CertStore* cert_store) | 153 content::CertStore* cert_store) |
| 153 : TabSpecificContentSettings::SiteDataObserver( | 154 : TabSpecificContentSettings::SiteDataObserver( |
| 154 tab_specific_content_settings), | 155 tab_specific_content_settings), |
| 155 ui_(ui), | 156 ui_(ui), |
| 156 infobar_service_(infobar_service), | 157 web_contents_(web_contents), |
| 157 show_info_bar_(false), | 158 show_info_bar_(false), |
| 158 site_url_(url), | 159 site_url_(url), |
| 159 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), | 160 site_identity_status_(SITE_IDENTITY_STATUS_UNKNOWN), |
| 160 cert_id_(0), | 161 cert_id_(0), |
| 161 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), | 162 site_connection_status_(SITE_CONNECTION_STATUS_UNKNOWN), |
| 162 cert_store_(cert_store), | 163 cert_store_(cert_store), |
| 163 content_settings_(profile->GetHostContentSettingsMap()), | 164 content_settings_(profile->GetHostContentSettingsMap()), |
| 164 chrome_ssl_host_state_delegate_( | 165 chrome_ssl_host_state_delegate_( |
| 165 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), | 166 ChromeSSLHostStateDelegateFactory::GetForProfile(profile)), |
| 166 did_revoke_user_ssl_decisions_(false) { | 167 did_revoke_user_ssl_decisions_(false) { |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 314 // Refresh the UI to reflect the new setting. | 315 // Refresh the UI to reflect the new setting. |
| 315 PresentSitePermissions(); | 316 PresentSitePermissions(); |
| 316 #endif | 317 #endif |
| 317 } | 318 } |
| 318 | 319 |
| 319 void WebsiteSettings::OnSiteDataAccessed() { | 320 void WebsiteSettings::OnSiteDataAccessed() { |
| 320 PresentSiteData(); | 321 PresentSiteData(); |
| 321 } | 322 } |
| 322 | 323 |
| 323 void WebsiteSettings::OnUIClosing() { | 324 void WebsiteSettings::OnUIClosing() { |
| 324 if (show_info_bar_) | 325 if (show_info_bar_) { |
| 325 WebsiteSettingsInfoBarDelegate::Create(infobar_service_); | 326 InfoBarService* infobar_service = |
| 327 InfoBarService::FromWebContents(web_contents_); | |
|
felt
2015/08/25 22:30:43
does this fail gracefully if web_contents is a nul
palmer
2015/08/25 22:40:50
We do need the check; it would deref the nullptr.
| |
| 328 if (infobar_service) | |
| 329 WebsiteSettingsInfoBarDelegate::Create(infobar_service); | |
| 330 } | |
| 326 | 331 |
| 327 SSLCertificateDecisionsDidRevoke user_decision = | 332 SSLCertificateDecisionsDidRevoke user_decision = |
| 328 did_revoke_user_ssl_decisions_ ? USER_CERT_DECISIONS_REVOKED | 333 did_revoke_user_ssl_decisions_ ? USER_CERT_DECISIONS_REVOKED |
| 329 : USER_CERT_DECISIONS_NOT_REVOKED; | 334 : USER_CERT_DECISIONS_NOT_REVOKED; |
| 330 | 335 |
| 331 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.did_user_revoke_decisions", | 336 UMA_HISTOGRAM_ENUMERATION("interstitial.ssl.did_user_revoke_decisions", |
| 332 user_decision, | 337 user_decision, |
| 333 END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM); | 338 END_OF_SSL_CERTIFICATE_DECISIONS_DID_REVOKE_ENUM); |
| 334 } | 339 } |
| 335 | 340 |
| (...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 720 info.connection_status = site_connection_status_; | 725 info.connection_status = site_connection_status_; |
| 721 info.connection_status_description = | 726 info.connection_status_description = |
| 722 UTF16ToUTF8(site_connection_details_); | 727 UTF16ToUTF8(site_connection_details_); |
| 723 info.identity_status = site_identity_status_; | 728 info.identity_status = site_identity_status_; |
| 724 info.identity_status_description = | 729 info.identity_status_description = |
| 725 UTF16ToUTF8(site_identity_details_); | 730 UTF16ToUTF8(site_identity_details_); |
| 726 info.cert_id = cert_id_; | 731 info.cert_id = cert_id_; |
| 727 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; | 732 info.show_ssl_decision_revoke_button = show_ssl_decision_revoke_button_; |
| 728 ui_->SetIdentityInfo(info); | 733 ui_->SetIdentityInfo(info); |
| 729 } | 734 } |
| OLD | NEW |
