HYL/HYL_OK3568_LINUX
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
HYL_OK3568_LINUX/yocto/poky/meta/recipes-gnome/epiphany/files/CVE-2023-26081.patch
HYL c6e7b553e6 first commit
2025-05-10 21:49:39 +08:00

91 lines
3.8 KiB
Diff
Raw Blame History

From 53363c3c8178bf9193dad9fa3516f4e10cff0ffd Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Fri, 3 Feb 2023 13:07:15 -0600
Subject: [PATCH] Don't autofill passwords in sandboxed contexts
If using the sandbox CSP or iframe tag, the web content is supposed to
be not trusted by the main resource origin. Therefore, we'd better
disable the password manager entirely so the untrusted web content
cannot exfiltrate passwords.
https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275>
Upstream-Status: Backport
[https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd]
CVE: CVE-2023-26081
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
.../resources/js/ephy.js | 26 +++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/embed/web-process-extension/resources/js/ephy.js b/embed/web-process-extension/resources/js/ephy.js
index 38b806f..44d1792 100644
--- a/embed/web-process-extension/resources/js/ephy.js
+++ b/embed/web-process-extension/resources/js/ephy.js
@@ -352,6 +352,12 @@ Ephy.hasModifiedForms = function()
}
};
+Ephy.isSandboxedWebContent = function()
+{
+ // https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x
+ return self.origin === null || self.origin === 'null';
+};
+
Ephy.PasswordManager = class PasswordManager
{
constructor(pageID, frameID)
@@ -385,6 +391,11 @@ Ephy.PasswordManager = class PasswordManager
query(origin, targetOrigin, username, usernameField, passwordField)
{
+ if (Ephy.isSandboxedWebContent()) {
+ Ephy.log(`Not querying passwords for origin=${origin} because web content is sandboxed`);
+ return Promise.resolve(null);
+ }
+
Ephy.log(`Querying passwords for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}`);
return new Promise((resolver, reject) => {
@@ -396,6 +407,11 @@ Ephy.PasswordManager = class PasswordManager
save(origin, targetOrigin, username, password, usernameField, passwordField, isNew)
{
+ if (Ephy.isSandboxedWebContent()) {
+ Ephy.log(`Not saving password for origin=${origin} because web content is sandboxed`);
+ return;
+ }
+
Ephy.log(`Saving password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
window.webkit.messageHandlers.passwordManagerSave.postMessage({
@@ -407,6 +423,11 @@ Ephy.PasswordManager = class PasswordManager
// FIXME: Why is pageID a parameter here?
requestSave(origin, targetOrigin, username, password, usernameField, passwordField, isNew, pageID)
{
+ if (Ephy.isSandboxedWebContent()) {
+ Ephy.log(`Not requesting to save password for origin=${origin} because web content is sandboxed`);
+ return;
+ }
+
Ephy.log(`Requesting to save password for origin=${origin}, targetOrigin=${targetOrigin}, username=${username}, usernameField=${usernameField}, passwordField=${passwordField}, isNew=${isNew}`);
window.webkit.messageHandlers.passwordManagerRequestSave.postMessage({
@@ -426,6 +447,11 @@ Ephy.PasswordManager = class PasswordManager
queryUsernames(origin)
{
+ if (Ephy.isSandboxedWebContent()) {
+ Ephy.log(`Not querying usernames for origin=${origin} because web content is sandboxed`);
+ return Promise.resolve(null);
+ }
+
Ephy.log(`Requesting usernames for origin=${origin}`);
return new Promise((resolver, reject) => {
--
2.35.5
Reference in New Issue View Git Blame Copy Permalink