[GLib] Validate proxy URLs passed to WebKitNetworkProxySettings

https://bugs.webkit.org/show_bug.cgi?id=241485 Patch by Michael Catanzaro <mcatanzaro@redhat.com> on 2022-06-10 Reviewed by Philippe Normand. Validate that users pass only valid URLs to these APIs. * Source/WTF/wtf/URL.h: Opportunistic typo fix. * Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp: (webkit_network_proxy_settings_new): (webkit_network_proxy_settings_add_proxy_for_scheme): Canonical link: https://commits.webkit.org/251460@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295454 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Jun 10, 2022 · 4d8b4bcd64876c9ace4da719d2dd522a2d40fb08 · 4d8b4bc
1 parent 7fd49d1
commit 4d8b4bcd64876c9ace4da719d2dd522a2d40fb08
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/Source/WTF/wtf/URL.h b/Source/WTF/wtf/URL.h
@@ -61,7 +61,7 @@ class URL {
     bool isHashTableDeletedValue() const { return m_string.isHashTableDeletedValue(); }
 
     // Resolves the relative URL with the given base URL. If provided, the
-    // URLTextEncoding is used to encode non-ASCII characers. The base URL can be
+    // URLTextEncoding is used to encode non-ASCII characters. The base URL can be
     // null or empty, in which case the relative URL will be interpreted as absolute.
     WTF_EXPORT_PRIVATE URL(const URL& base, const String& relative, const URLTextEncoding* = nullptr);
 

diff --git a/Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp b/Source/WebKit/UIProcess/API/glib/WebKitNetworkProxySettings.cpp
@@ -22,7 +22,9 @@
 
 #include "WebKitNetworkProxySettingsPrivate.h"
 #include <WebCore/SoupNetworkProxySettings.h>
+#include <wtf/URL.h>
 #include <wtf/glib/WTFGType.h>
+#include <wtf/text/WTFString.h>
 
 using namespace WebCore;
 
@@ -105,8 +107,10 @@ WebKitNetworkProxySettings* webkit_network_proxy_settings_new(const char* defaul
 {
     WebKitNetworkProxySettings* proxySettings = static_cast<WebKitNetworkProxySettings*>(fastMalloc(sizeof(WebKitNetworkProxySettings)));
     new (proxySettings) WebKitNetworkProxySettings;
-    if (defaultProxyURI)
+    if (defaultProxyURI) {
+        g_return_val_if_fail(URL(String::fromUTF8(defaultProxyURI)).isValid(), nullptr);
         proxySettings->settings.defaultProxyURL = defaultProxyURI;
+    }
     if (ignoreHosts)
         proxySettings->settings.ignoreHosts.reset(g_strdupv(const_cast<char**>(ignoreHosts)));
     return proxySettings;
@@ -164,6 +168,7 @@ void webkit_network_proxy_settings_add_proxy_for_scheme(WebKitNetworkProxySettin
     g_return_if_fail(proxySettings);
     g_return_if_fail(scheme);
     g_return_if_fail(proxyURI);
+    g_return_if_fail(URL(String::fromUTF8(proxyURI)).isValid());
 
     proxySettings->settings.proxyMap.add(scheme, proxyURI);
 }