Chromium Code Reviews Chromium Code Reviews
Issue 98753005:
[Autofill] Sanitize all data that comes in over IPC. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: components/autofill/core/browser/autofill_manager.cc |
| diff --git a/components/autofill/core/browser/autofill_manager.cc b/components/autofill/core/browser/autofill_manager.cc |
| index b780de8caceffd1700b55c08cc61196f365f5c1e..635abf6ad647664df5514989f67bcacd2def39ba 100644 |
| --- a/components/autofill/core/browser/autofill_manager.cc |
| +++ b/components/autofill/core/browser/autofill_manager.cc |
| @@ -35,6 +35,7 @@ |
| #include "components/autofill/core/browser/personal_data_manager.h" |
| #include "components/autofill/core/browser/phone_number.h" |
| #include "components/autofill/core/browser/phone_number_i18n.h" |
| +#include "components/autofill/core/common/autofill_data_sanitizer.h" |
| #include "components/autofill/core/common/autofill_pref_names.h" |
| #include "components/autofill/core/common/autofill_switches.h" |
| #include "components/autofill/core/common/form_data.h" |
| @@ -230,8 +231,16 @@ void AutofillManager::SetExternalDelegate(AutofillExternalDelegate* delegate) { |
| autocomplete_history_manager_->SetExternalDelegate(delegate); |
| } |
| +void AutofillManager::ShowAutofillSettings() { |
| + manager_delegate_->ShowAutofillSettings(); |
| +} |
| + |
| bool AutofillManager::OnFormSubmitted(const FormData& form, |
| const TimeTicks& timestamp) { |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedFormData(form)) |
| + return false; |
| + |
| // Let Autocomplete know as well. |
| autocomplete_history_manager_->OnFormSubmitted(form); |
| @@ -301,6 +310,10 @@ bool AutofillManager::OnFormSubmitted(const FormData& form, |
| void AutofillManager::OnFormsSeen(const std::vector<FormData>& forms, |
| const TimeTicks& timestamp, |
| autofill::FormsSeenState state) { |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedFormDataVector(forms)) |
| + return; |
| + |
| bool is_post_document_load = state == autofill::DYNAMIC_FORMS_SEEN; |
| // If new forms were added dynamically, treat as a new page. |
| if (is_post_document_load) |
| @@ -325,6 +338,10 @@ void AutofillManager::OnFormsSeen(const std::vector<FormData>& forms, |
| void AutofillManager::OnTextFieldDidChange(const FormData& form, |
| const FormFieldData& field, |
| const TimeTicks& timestamp) { |
| + // Bail if the arguments appear to be corrupt. |
|
palmer
2013/12/20 19:53:36
Nit: I'd drop the instances of this comment. The f
Ilya Sherman
2013/12/20 23:54:52
Done.
|
| + if (!IsSanitizedFormData(form) || !IsSanitizedFormFieldData(field)) |
| + return; |
| + |
| FormStructure* form_structure = NULL; |
| AutofillField* autofill_field = NULL; |
| if (!GetCachedFormAndField(form, field, &form_structure, &autofill_field)) |
| @@ -355,6 +372,10 @@ void AutofillManager::OnQueryFormFieldAutofill(int query_id, |
| const FormFieldData& field, |
| const gfx::RectF& bounding_box, |
| bool display_warning) { |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedFormData(form) || !IsSanitizedFormFieldData(field)) |
| + return; |
| + |
| std::vector<base::string16> values; |
| std::vector<base::string16> labels; |
| std::vector<base::string16> icons; |
| @@ -442,6 +463,10 @@ void AutofillManager::OnFillAutofillFormData(int query_id, |
| const FormData& form, |
| const FormFieldData& field, |
| int unique_id) { |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedFormData(form) || !IsSanitizedFormFieldData(field)) |
| + return; |
| + |
| const AutofillDataModel* data_model = NULL; |
| size_t variant = 0; |
| FormStructure* form_structure = NULL; |
| @@ -522,10 +547,6 @@ void AutofillManager::OnFillAutofillFormData(int query_id, |
| driver_->SendFormDataToRenderer(query_id, result); |
| } |
| -void AutofillManager::OnShowAutofillDialog() { |
| - manager_delegate_->ShowAutofillSettings(); |
| -} |
| - |
| void AutofillManager::OnDidPreviewAutofillFormData() { |
| if (test_delegate_) |
| test_delegate_->DidPreviewFormData(); |
| @@ -599,9 +620,14 @@ void AutofillManager::SetTestDelegate( |
| } |
| void AutofillManager::OnAddPasswordFormMapping( |
| - const FormFieldData& form, |
| + const FormFieldData& username_field, |
| const PasswordFormFillData& fill_data) { |
| - external_delegate_->AddPasswordFormMapping(form, fill_data); |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedFormFieldData(username_field) || |
| + !IsSanitizedPasswordFormFillData(fill_data)) |
| + return; |
| + |
| + external_delegate_->AddPasswordFormMapping(username_field, fill_data); |
| } |
| void AutofillManager::OnShowPasswordSuggestions( |
| @@ -609,6 +635,12 @@ void AutofillManager::OnShowPasswordSuggestions( |
| const gfx::RectF& bounds, |
| const std::vector<base::string16>& suggestions, |
| const std::vector<base::string16>& realms) { |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedString16Vector(suggestions) || |
| + !IsSanitizedString16Vector(realms) || |
| + suggestions.size() != realms.size()) |
| + return; |
| + |
| external_delegate_->OnShowPasswordSuggestions(suggestions, |
| realms, |
| field, |
| @@ -617,7 +649,10 @@ void AutofillManager::OnShowPasswordSuggestions( |
| void AutofillManager::OnSetDataList(const std::vector<base::string16>& values, |
| const std::vector<base::string16>& labels) { |
| - if (values.size() != labels.size()) |
| + // Bail if the arguments appear to be corrupt. |
| + if (!IsSanitizedString16Vector(values) || |
| + !IsSanitizedString16Vector(labels) || |
| + values.size() != labels.size()) |
| return; |
| external_delegate_->SetCurrentDataListValues(values, labels); |
