Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(876)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2920833003: FrameHostMsg_OpenURL_Params.resource_request_body needs to be validated. (Closed)

Created:
3 years, 6 months ago by Łukasz Anforowicz
Modified:
3 years, 6 months ago
Reviewers:
CC:
chromium-reviews
Target Ref:
refs/branch-heads/3112
Project:
chromium
Visibility:
Public.

Description

FrameHostMsg_OpenURL_Params.resource_request_body needs to be validated. FrameHostMsg_OpenURL_Params comes from an untrusted source and needs to be validated to check whether the sender of the IPC really has access to the contents of the resource request body. BUG=726067 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation Review-Url: https://codereview.chromium.org/2908433003 Cr-Original-Commit-Position: refs/heads/master@{#475179} Review-Url: https://codereview.chromium.org/2920833003 . Cr-Commit-Position: refs/branch-heads/3112@{#91} Cr-Branched-From: b6460e24cf59f429d69de255538d0fc7a425ccf9-refs/heads/master@{#474897} Committed: https://chromium.googlesource.com/chromium/src/+/4d785e9281d5bcf83b730c6cb2c3ddabeac2910e

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+252 lines, -1 line) Patch
M content/browser/bad_message.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/browser/child_process_security_policy_impl.h View 4 chunks +20 lines, -0 lines 0 comments Download
M content/browser/child_process_security_policy_impl.cc View 2 chunks +67 lines, -0 lines 0 comments Download
M content/browser/cross_site_transfer_browsertest.cc View 2 chunks +92 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_host_impl.cc View 1 chunk +6 lines, -0 lines 0 comments Download
M content/browser/frame_host/render_frame_proxy_host.cc View 3 chunks +12 lines, -1 line 0 comments Download
M content/browser/security_exploit_browsertest.cc View 1 chunk +53 lines, -0 lines 0 comments Download
M tools/metrics/histograms/enums.xml View 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 2 (1 generated)
Łukasz Anforowicz
3 years, 6 months ago (2017-06-01 16:14:56 UTC) #2
Message was sent while issue was closed. 
Committed patchset #1 (id:1) manually as
4d785e9281d5bcf83b730c6cb2c3ddabeac2910e.

Powered by Google App Engine
This is Rietveld 408576698