Skip to content

GitLab

T
tangled
Commit 4c7ba309 authored by ap@webkit.org's avatar ap@webkit.org
Browse files
Options

<rdar://problem/6795285> Infinite recursion in... 

        <rdar://problem/6795285> Infinite recursion in ResourceHandle::receivedRequestToContinueWithoutCredential

        Rolled out <http://trac.webkit.org/projects/webkit/changeset/42536> - the two instances of
        authentication challenge are different, after all. Added a FIXME comment about a possible
        future improvement.

        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::clearAuthentication):
        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal):
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
        (WebCore::ResourceHandle::receivedCancellation):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::didCancelAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
        (WebCore::ResourceHandle::receivedCancellation):



git-svn-id: svn://svn.chromium.org/blink/trunk@42572 bbb929c8-8fbe-4397-9dbb-9b2b20218538
parent 43cfda6f
Hide whitespace changes
Inline Side-by-side
Showing with 70 additions and 27 deletions
third_party/WebKit/WebCore/ChangeLog
View file @ 4c7ba309
2009-04-16 Alexey Proskuryakov <ap@webkit.org>
<rdar://problem/6795285> Infinite recursion in ResourceHandle::receivedRequestToContinueWithoutCredential
Rolled out <http://trac.webkit.org/projects/webkit/changeset/42536> - the two instances of
authentication challenge are different, after all. Added a FIXME comment about a possible
future improvement.
* platform/network/ResourceHandle.cpp:
(WebCore::ResourceHandle::clearAuthentication):
* platform/network/ResourceHandleInternal.h:
(WebCore::ResourceHandleInternal::ResourceHandleInternal):
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):
(WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
(WebCore::ResourceHandle::receivedCancellation):
* platform/network/mac/ResourceHandleMac.mm:
(WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
(WebCore::ResourceHandle::didCancelAuthenticationChallenge):
(WebCore::ResourceHandle::receivedCredential):
(WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
(WebCore::ResourceHandle::receivedCancellation):
2009-04-15 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
third_party/WebKit/WebCore/platform/network/ResourceHandle.cpp
View file @ 4c7ba309
......@@ -103,7 +103,12 @@ const ResourceRequest& ResourceHandle::request() const
void ResourceHandle::clearAuthentication()
{
d->m_currentChallenge.nullify();
#if PLATFORM(MAC)
d->m_currentMacChallenge = nil;
#elif USE(CFNETWORK)
d->m_currentCFChallenge = 0;
#endif
d->m_currentWebChallenge.nullify();
}
static bool portAllowed(const ResourceRequest& request)
......
third_party/WebKit/WebCore/platform/network/ResourceHandleInternal.h
View file @ 4c7ba309
......@@ -127,6 +127,9 @@ namespace WebCore {
#endif
#if PLATFORM(MAC)
, m_startWhenScheduled(false)
, m_currentMacChallenge(nil)
#elif USE(CFNETWORK)
, m_currentCFChallenge(0)
#endif
, m_failureTimer(loader, &ResourceHandle::fireFailure)
{
......@@ -206,7 +209,15 @@ namespace WebCore {
#endif
QWebFrame* m_frame;
#endif
AuthenticationChallenge m_currentChallenge;
// FIXME: The platform challenge is almost identical to the one stored in m_currentWebChallenge, but it has a different sender. We only need to store a sender reference here.
#if PLATFORM(MAC)
NSURLAuthenticationChallenge *m_currentMacChallenge;
#endif
#if USE(CFNETWORK)
CFURLAuthChallengeRef m_currentCFChallenge;
#endif
AuthenticationChallenge m_currentWebChallenge;
ResourceHandle::FailureType m_failureType;
Timer<ResourceHandle> m_failureTimer;
......
third_party/WebKit/WebCore/platform/network/cf/ResourceHandleCFNet.cpp
View file @ 4c7ba309
......@@ -409,7 +409,8 @@ bool ResourceHandle::shouldUseCredentialStorage()
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
LOG(Network, "CFNet - didReceiveAuthenticationChallenge()");
ASSERT(d->m_currentChallenge.isNull());
ASSERT(!d->m_currentCFChallenge);
ASSERT(d->m_currentWebChallenge.isNull());
// Since CFURLConnection networking relies on keeping a reference to the original CFURLAuthChallengeRef,
// we make sure that is actually present
ASSERT(challenge.cfURLAuthChallengeRef());
......@@ -436,10 +437,11 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
}
}
d->m_currentChallenge = AuthenticationChallenge(challenge.cfURLAuthChallengeRef(), this);
d->m_currentCFChallenge = challenge.cfURLAuthChallengeRef();
d->m_currentWebChallenge = AuthenticationChallenge(d->m_currentCFChallenge, this);
if (client())
client()->didReceiveAuthenticationChallenge(this, d->m_currentChallenge);
client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
}
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
......@@ -447,7 +449,7 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
LOG(Network, "CFNet - receivedCredential()");
ASSERT(!challenge.isNull());
ASSERT(challenge.cfURLAuthChallengeRef());
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
if (credential.persistence() == CredentialPersistenceForSession) {
......@@ -470,7 +472,7 @@ void ResourceHandle::receivedRequestToContinueWithoutCredential(const Authentica
LOG(Network, "CFNet - receivedRequestToContinueWithoutCredential()");
ASSERT(!challenge.isNull());
ASSERT(challenge.cfURLAuthChallengeRef());
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
CFURLConnectionUseCredential(d->m_connection.get(), 0, challenge.cfURLAuthChallengeRef());
......@@ -481,7 +483,7 @@ void ResourceHandle::receivedRequestToContinueWithoutCredential(const Authentica
void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
{
LOG(Network, "CFNet - receivedCancellation()");
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
if (client())
......
third_party/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm
View file @ 4c7ba309
......@@ -406,7 +406,8 @@ bool ResourceHandle::shouldUseCredentialStorage()
void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
ASSERT(d->m_currentChallenge.isNull());
ASSERT(!d->m_currentMacChallenge);
ASSERT(d->m_currentWebChallenge.isNull());
// Since NSURLConnection networking relies on keeping a reference to the original NSURLAuthenticationChallenge,
// we make sure that is actually present
ASSERT(challenge.nsURLAuthenticationChallenge());
......@@ -415,7 +416,8 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:d->m_user
password:d->m_pass
persistence:NSURLCredentialPersistenceNone];
d->m_currentChallenge = challenge;
d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
d->m_currentWebChallenge = challenge;
receivedCredential(challenge, core(credential));
[credential release];
// FIXME: Per the specification, the user shouldn't be asked for credentials if there were incorrect ones provided explicitly.
......@@ -432,19 +434,21 @@ void ResourceHandle::didReceiveAuthenticationChallenge(const AuthenticationChall
}
}
NSURLAuthenticationChallenge *webChallenge = [[NSURLAuthenticationChallenge alloc] initWithAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()
d->m_currentMacChallenge = challenge.nsURLAuthenticationChallenge();
NSURLAuthenticationChallenge *webChallenge = [[NSURLAuthenticationChallenge alloc] initWithAuthenticationChallenge:d->m_currentMacChallenge
sender:(id<NSURLAuthenticationChallengeSender>)delegate()];
d->m_currentChallenge = core(webChallenge);
d->m_currentWebChallenge = core(webChallenge);
[webChallenge release];
if (client())
client()->didReceiveAuthenticationChallenge(this, d->m_currentChallenge);
client()->didReceiveAuthenticationChallenge(this, d->m_currentWebChallenge);
}
void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChallenge& challenge)
{
ASSERT(!d->m_currentChallenge.isNull());
ASSERT(d->m_currentChallenge == challenge);
ASSERT(d->m_currentMacChallenge);
ASSERT(!d->m_currentWebChallenge.isNull());
ASSERT(d->m_currentWebChallenge == challenge);
if (client())
client()->didCancelAuthenticationChallenge(this, challenge);
......@@ -453,28 +457,26 @@ void ResourceHandle::didCancelAuthenticationChallenge(const AuthenticationChalle
void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge, const Credential& credential)
{
ASSERT(!challenge.isNull());
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
NSURLAuthenticationChallenge *currentMacChallenge = challenge.nsURLAuthenticationChallenge();
#ifdef BUILDING_ON_TIGER
if (credential.persistence() == CredentialPersistenceNone) {
// NSURLCredentialPersistenceNone doesn't work on Tiger, so we have to use session persistence.
Credential webCredential(credential.user(), credential.password(), CredentialPersistenceForSession);
WebCoreCredentialStorage::set(mac(webCredential), [currentMacChallenge protectionSpace]);
[[currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:currentMacChallenge];
WebCoreCredentialStorage::set(mac(webCredential), [d->m_currentMacChallenge protectionSpace]);
[[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge];
} else
#else
if (credential.persistence() == CredentialPersistenceForSession) {
// Manage per-session credentials internally, because once NSURLCredentialPersistenceForSession is used, there is no way
// to ignore it for a particular request (short of removing it altogether).
Credential webCredential(credential.user(), credential.password(), CredentialPersistenceNone);
WebCoreCredentialStorage::set(mac(webCredential), [currentMacChallenge protectionSpace]);
[[currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:currentMacChallenge];
WebCoreCredentialStorage::set(mac(webCredential), [d->m_currentMacChallenge protectionSpace]);
[[d->m_currentMacChallenge sender] useCredential:mac(webCredential) forAuthenticationChallenge:d->m_currentMacChallenge];
} else
#endif
[[currentMacChallenge sender] useCredential:mac(credential) forAuthenticationChallenge:currentMacChallenge];
[[d->m_currentMacChallenge sender] useCredential:mac(credential) forAuthenticationChallenge:d->m_currentMacChallenge];
clearAuthentication();
}
......@@ -482,18 +484,17 @@ void ResourceHandle::receivedCredential(const AuthenticationChallenge& challenge
void ResourceHandle::receivedRequestToContinueWithoutCredential(const AuthenticationChallenge& challenge)
{
ASSERT(!challenge.isNull());
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
NSURLAuthenticationChallenge *currentMacChallenge = challenge.nsURLAuthenticationChallenge();
[[currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:currentMacChallenge];
[[d->m_currentMacChallenge sender] continueWithoutCredentialForAuthenticationChallenge:d->m_currentMacChallenge];
clearAuthentication();
}
void ResourceHandle::receivedCancellation(const AuthenticationChallenge& challenge)
{
if (challenge != d->m_currentChallenge)
if (challenge != d->m_currentWebChallenge)
return;
if (client())
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment