Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(275)

Issue 1675183003: Fix SRI bypass by loading same resource twice in same origin. (Closed)

Created:
4 years, 10 months ago by jww
Modified:
4 years, 10 months ago
Reviewers:
dcheng
CC:
blink-reviews, blink-reviews-dom_chromium.org, chromium-reviews, dglazkov+blink, eae+blinkwatch, gavinp+loader_chromium.org, Nate Chapin, loading-reviews+fetch_chromium.org, rwlbuis, sof, tyoshino+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix SRI bypass by loading same resource twice in same origin. This fixes a bug where the memory cache was bypassing subresource integrity checks when a resource is loaded for a second time in the same origin. The resource in the memory cache was correctly storing that an integrity check had already been done so whene it was retrieved later, it wouldn't need to be checked again, but it didn't store the fact that this was a *failure*, so when the load happened a second time, it assumed it was a good integrity. This modifies the resources to store a disposition for the integrity check, rather than just that the integrity check occurred. On a reload of the resource, if the integrity had failed the first time, the resource will fail to load. BUG=584155 Committed: https://crrev.com/bf24693238d407f90bec71453b18aae8dd1c0f43 Cr-Commit-Position: refs/heads/master@{#374336}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Address comments #

Patch Set 3 : Rebase on ToT #

Unified diffs Side-by-side diffs Delta from patch set Stats (+50 lines, -6 lines) Patch
A third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-block-same-resource-twice.html View 1 chunk +26 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/PendingScript.cpp View 1 2 1 chunk +8 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/core/fetch/ScriptResource.h View 1 2 3 chunks +10 lines, -3 lines 0 comments Download
M third_party/WebKit/Source/core/fetch/ScriptResource.cpp View 1 2 2 chunks +6 lines, -1 line 0 comments Download

Messages

Total messages: 25 (13 generated)
jww
4 years, 10 months ago (2016-02-08 12:20:10 UTC) #2
jww
dcheng@, would you mind reviewing this for me? It appears that mkwst@ is OOO, and ...
4 years, 10 months ago (2016-02-08 23:15:28 UTC) #6
dcheng
https://codereview.chromium.org/1675183003/diff/1/third_party/WebKit/Source/core/dom/PendingScript.cpp File third_party/WebKit/Source/core/dom/PendingScript.cpp (right): https://codereview.chromium.org/1675183003/diff/1/third_party/WebKit/Source/core/dom/PendingScript.cpp#newcode161 third_party/WebKit/Source/core/dom/PendingScript.cpp:161: scriptResource->setIntegrityAlreadyChecked(!m_integrityFailure); I don't think it's obvious from the callsite ...
4 years, 10 months ago (2016-02-09 01:12:46 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1675183003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1675183003/20001
4 years, 10 months ago (2016-02-09 04:37:24 UTC) #9
commit-bot: I haz the power
No L-G-T-M from a valid reviewer yet. Only full committers are accepted. Even if an ...
4 years, 10 months ago (2016-02-09 04:37:29 UTC) #11
jww
Sorry, accidental commit queue :-) Nits addressed, I think. https://codereview.chromium.org/1675183003/diff/1/third_party/WebKit/Source/core/dom/PendingScript.cpp File third_party/WebKit/Source/core/dom/PendingScript.cpp (right): https://codereview.chromium.org/1675183003/diff/1/third_party/WebKit/Source/core/dom/PendingScript.cpp#newcode161 third_party/WebKit/Source/core/dom/PendingScript.cpp:161: ...
4 years, 10 months ago (2016-02-09 04:38:50 UTC) #13
dcheng
lgtm
4 years, 10 months ago (2016-02-09 05:04:55 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1675183003/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1675183003/20001
4 years, 10 months ago (2016-02-09 05:36:01 UTC) #16
commit-bot: I haz the power
Try jobs failed on following builders: ios_dbg_simulator_ninja on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios_dbg_simulator_ninja/builds/128278) ios_rel_device_ninja on tryserver.chromium.mac (JOB_FAILED, ...
4 years, 10 months ago (2016-02-09 05:39:35 UTC) #18
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1675183003/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1675183003/40001
4 years, 10 months ago (2016-02-09 06:37:51 UTC) #21
commit-bot: I haz the power
Committed patchset #3 (id:40001)
4 years, 10 months ago (2016-02-09 08:19:15 UTC) #23
commit-bot: I haz the power
4 years, 10 months ago (2016-02-09 08:20:00 UTC) #25
Message was sent while issue was closed.
Patchset 3 (id:??) landed as
https://crrev.com/bf24693238d407f90bec71453b18aae8dd1c0f43
Cr-Commit-Position: refs/heads/master@{#374336}

Powered by Google App Engine
This is Rietveld 408576698