WebKit Bugzilla
Attachment 346050 Details for
Bug 188154
: [Curl] Bug fix for pre-supplied credential information handling.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
PATCH
188154.diff (text/plain), 4.50 KB, created by
Basuke Suzuki
on 2018-07-29 23:21:01 PDT
(
hide
)
Description:
PATCH
Filename:
MIME Type:
Creator:
Basuke Suzuki
Created:
2018-07-29 23:21:01 PDT
Size:
4.50 KB
patch
obsolete
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 1dd1d5290c2..98dc3fcf601 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,14 @@ >+2018-07-29 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Bug fix for pre-supplied credential information handling. >+ https://bugs.webkit.org/show_bug.cgi?id=188154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * platform/wincairo/TestExpectations: >+ - http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Pass >+ - http/tests/xmlhttprequest/failed-auth.html: Pass >+ > 2018-07-29 Basuke Suzuki <Basuke.Suzuki@sony.com> > > [Curl] Fix the bug when client reject the redirect on WebKitLegacy. >diff --git a/LayoutTests/platform/wincairo/TestExpectations b/LayoutTests/platform/wincairo/TestExpectations >index 16eaf3e81d7..083a8f50231 100644 >--- a/LayoutTests/platform/wincairo/TestExpectations >+++ b/LayoutTests/platform/wincairo/TestExpectations >@@ -928,8 +928,8 @@ http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior.html [ Failu > http/tests/workers [ Skip ] > > http/tests/xmlhttprequest [ Skip ] >-http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html [ Crash ] >-http/tests/xmlhttprequest/failed-auth.html [ Crash ] >+http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html [ Pass ] >+http/tests/xmlhttprequest/failed-auth.html [ Pass ] > http/tests/xmlhttprequest/simple-sync.html [ Pass ] > http/tests/xmlhttprequest/xmlhttprequest-unsafe-redirect.html [ Pass ] > >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index bfef6390a7b..d14a807855f 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2018-07-29 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Bug fix for pre-supplied credential information handling. >+ https://bugs.webkit.org/show_bug.cgi?id=188154 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Say user and password is supplied when ResourceHandle is created, such as XMLHTTPRequest or >+ credentials in a url. If the credential was wrong, it keeps using that information to retry >+ without asking client and it will crash by stack overflow. >+ >+ Fixing the bug by forgetting the credentials stored once it is used. >+ >+ Test: >+ - http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Pass >+ - http/tests/xmlhttprequest/failed-auth.html: Pass >+ >+ * platform/network/curl/ResourceHandleCurl.cpp: >+ (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): >+ (WebCore::ResourceHandle::getCredential): >+ > 2018-07-28 Darin Adler <darin@apple.com> > > [Cocoa] Update more WebCore Objective-C code to be ARC compatible >diff --git a/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp b/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp >index 641fe1b4fdb..78ffc30b2b2 100644 >--- a/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp >+++ b/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp >@@ -222,6 +222,8 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall > > if (!d->m_user.isNull() && !d->m_pass.isNull()) { > Credential credential(d->m_user, d->m_pass, CredentialPersistenceNone); >+ d->m_user = String(); >+ d->m_pass = String(); > > URL urlToStore; > if (challenge.failureResponse().httpStatusCode() == 401) >@@ -229,9 +231,6 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall > CredentialStorage::defaultCredentialStorage().set(partition, credential, challenge.protectionSpace(), urlToStore); > > restartRequestWithCredential(credential.user(), credential.password()); >- >- d->m_user = String(); >- d->m_pass = String(); > // FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly. > return; > } >@@ -349,12 +348,18 @@ std::optional<std::pair<String, String>> ResourceHandle::getCredential(ResourceR > } > } > >- String user = d->m_user; >- String password = d->m_pass; >+ String user; >+ String password; > > if (!d->m_initialCredential.isEmpty()) { > user = d->m_initialCredential.user(); > password = d->m_initialCredential.password(); >+ } else { >+ String user = d->m_user; >+ String password = d->m_pass; >+ >+ d->m_user = String(); >+ d->m_pass = String(); > } > > if (user.isEmpty() && password.isEmpty())
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=346050">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188154
: 346050 |
346057