8000 chore: cherry-pick c5571653d932 from chromium by nornagon · Pull Request #32354 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

chore: cherry-pick c5571653d932 from chromium #32354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 27, 2022
Merged

chore: cherry-pick c5571653d932 from chromium #32354

merged 4 commits into from
Jan 27, 2022

Conversation

nornagon
Copy link
Contributor
@nornagon nornagon commented Jan 5, 2022
edited
Loading

Quota: Use Threadsafe Pressure Callback.

Fixes UAF by removing use of raw ptr to StorageNotificationService.
Instead, the service's interface exposes a method to create a
thread-safe callback to pass to the quota manager instead.

This change also changes the parameter type for the call chain from
url::Origin to blink::StorageKey to match the type Quota is keyed on.

Bug:1275020

(cherry picked from commit e304c0373f9cc4a65d39d7094e4897627e83390e)

Change-Id: Icc696d22fa41324e7a6c056599db635bb5de6291
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3347939
Reviewed-by: Joshua Bell jsbell@chromium.org
Reviewed-by: Nasko Oskov nasko@chromium.org
Commit-Queue: Jarryd Goodman jarrydg@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#953375}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3360203
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Owners-Override: Krishna Govind govind@chromium.org
Commit-Queue: Krishna Govind govind@chromium.org
Cr-Commit-Position: refs/branch-heads/4664@{#1352}
Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}

Notes: Security: backported fix for https://crbug.com/1275020.

@nornagon nornagon requested a review from a team as a code owner January 5, 2022 19:43
@nornagon nornagon added 14-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-compatible bug fixes labels Jan 5, 2022
@electron-cation electron-cation bot added new-pr 🌱 PR opened recently and removed new-pr 🌱 PR opened recently labels Jan 5, 2022
zcbenz
zcbenz suggested changes Jan 13, 2022
View reviewed changes
Copy link
Contributor
@zcbenz zcbenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Build is failing

../../content/browser/storage_partition_impl.cc:1179:15: error: 'CreateThreadSafePressureNotificationCallback' is a private member of 'content::StorageNotificationService'
            ->CreateThreadSafePressureNotificationCallback());
              ^
../../content/public/browser/storage_notification_service.h:42:3: note: declared private here
  CreateThreadSafePressureNotificationCallback() = 0;
  ^
1 error generated.

@zcbenz zcbenz merged commit e3b8dd1 into 14-x-y Jan 27, 2022
@zcbenz zcbenz deleted the cherry-pick/14-x-y/chromium/c5571653d932 branch January 27, 2022 11:25
@release-clerk
Copy link
release-clerk bot commented Jan 27, 2022

Release Notes Persisted

Security: backported fix for https://crbug.com/1275020.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckerr ckerr ckerr approved these changes

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
14-x-y backport-check-skip Skip trop's backport validity checking semver/patch backwards-com 48A1 patible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nornagon @ckerr @zcbenz
0