Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webkit/browser/database/database_util.cc

Issue 199153003: Look closer at the components of vfsfilenames that are used filenames. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webkit/browser/database/database_util.cc
diff --git a/webkit/browser/database/database_util.cc b/webkit/browser/database/database_util.cc
index f037638b2087e309dc6170ad60d45edbb4e70391..0fdf576b26f000949c08203a116185117670e475 100644
--- a/webkit/browser/database/database_util.cc
+++ b/webkit/browser/database/database_util.cc
@@ -8,9 +8,28 @@
#include "base/strings/utf_string_conversions.h"
#include "webkit/browser/database/database_tracker.h"
#include "webkit/browser/database/vfs_backend.h"
+#include "webkit/common/database/database_identifier.h"
namespace webkit_database {
+namespace {
+
+bool IsSafeSuffix(const base::string16& suffix) {
+ base::char16 prev_c = 0;
+ for (base::string16::const_iterator it = suffix.begin();
+ it < suffix.end(); ++it) {
+ base::char16 c = *it;
+ if (!(IsAsciiAlpha(c) || IsAsciiDigit(c) || c == '-' || c == '.'))
+ return false;
+ if (c == '.' && prev_c == '.')
+ return false;
+ prev_c = c;
+ }
+ return true;
+}
+
+}
+
const char DatabaseUtil::kJournalFileSuffix[] = "-journal";
bool DatabaseUtil::CrackVfsFileName(const base::string16& vfs_file_name,
@@ -31,18 +50,27 @@ bool DatabaseUtil::CrackVfsFileName(const base::string16& vfs_file_name,
return false;
}
- if (origin_identifier) {
- *origin_identifier = UTF16ToASCII(
+ std::string origin_id = UTF16ToASCII(
vfs_file_name.substr(0, first_slash_index));
- }
+ if (!IsValidOriginIdentifier(origin_id))
+ return false;
+
+ base::string16 suffix = vfs_file_name.substr(
jschuh 2014/03/14 03:38:00 I can't tell how we verify host:port. Could you ch
michaeln 2014/03/14 03:55:56 Maybe DatabaseIdentifier::Parse should test for ':
+ last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1);
+ if (!IsSafeSuffix(suffix))
+ return false;
+
+ if (origin_identifier)
+ *origin_identifier = origin_id;
+
if (database_name) {
*database_name = vfs_file_name.substr(
first_slash_index + 1, last_pound_index - first_slash_index - 1);
}
- if (sqlite_suffix) {
- *sqlite_suffix = vfs_file_name.substr(
- last_pound_index + 1, vfs_file_name.length() - last_pound_index - 1);
- }
+
+ if (sqlite_suffix)
+ *sqlite_suffix = suffix;
+
return true;
}
@@ -76,10 +104,14 @@ bool DatabaseUtil::IsValidOriginIdentifier(
char forbidden[] = {'\\', '/', '\0'};
std::string::size_type pos = origin_identifier.find(dotdot);
- if (pos == std::string::npos)
- pos = origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden));
+ if (origin_identifier.find(dotdot) != std::string::npos)
+ return false;
+ if (origin_identifier.find_first_of(forbidden, 0, arraysize(forbidden)) !=
+ std::string::npos) {
+ return false;
+ }
- return pos == std::string::npos;
+ return GetOriginFromIdentifier(origin_identifier).is_valid();
}
} // namespace webkit_database
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698