Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(20)

Issue 1713093002: Fix SRI bypass by loading same resource twice in same origin. (Closed)

Created:
3 years, 6 months ago by jww
Modified:
3 years, 6 months ago
Reviewers:
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src@2623
Target Ref:
refs/pending/branch-heads/2623
Project:
chromium
Visibility:
Public.

Description

Fix SRI bypass by loading same resource twice in same origin. This fixes a bug where the memory cache was bypassing subresource integrity checks when a resource is loaded for a second time in the same origin. The resource in the memory cache was correctly storing that an integrity check had already been done so whene it was retrieved later, it wouldn't need to be checked again, but it didn't store the fact that this was a *failure*, so when the load happened a second time, it assumed it was a good integrity. This modifies the resources to store a disposition for the integrity check, rather than just that the integrity check occurred. On a reload of the resource, if the integrity had failed the first time, the resource will fail to load. BUG=584155 Review URL: https://codereview.chromium.org/1675183003 Cr-Commit-Position: refs/heads/master@{#374336} (cherry picked from commit bf24693238d407f90bec71453b18aae8dd1c0f43) Committed: https://chromium.googlesource.com/chromium/src/+/0979e9712439b056355af462d68fe5c6d9ee5466

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+50 lines, -6 lines) Patch
A third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-block-same-resource-twice.html View 1 chunk +26 lines, -0 lines 0 comments Download
M third_party/WebKit/Source/core/dom/PendingScript.cpp View 1 chunk +8 lines, -2 lines 0 comments Download
M third_party/WebKit/Source/core/fetch/ScriptResource.h View 3 chunks +10 lines, -3 lines 0 comments Download
M third_party/WebKit/Source/core/fetch/ScriptResource.cpp View 2 chunks +6 lines, -1 line 0 comments Download

Messages

Total messages: 2 (1 generated)
jww
3 years, 6 months ago (2016-02-19 17:54:51 UTC) #2
Message was sent while issue was closed.
Committed patchset #1 (id:1) manually as
0979e9712439b056355af462d68fe5c6d9ee5466.

Powered by Google App Engine
This is Rietveld 408576698