Protect WebSWServerConnection::scheduleJobInServer from bad scopeURL

https://bugs.webkit.org/show_bug.cgi?id=207722 Reviewed by Chris Dumez. * NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: (WebKit::WebSWServerConnection::scheduleJobInServer): In case of bad scope, fail the job early on. * WebProcess/Storage/WebSWClientConnection.cpp: (WebKit::WebSWClientConnection::scheduleJobInServer): Remove the RELEASE_ASSERT from now since we defend in Network process. We will add it back in ServiceWorkerRegistration::getOrCreate as a follow-up. Canonical link: https://commits.webkit.org/220697@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256578 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Feb 14, 2020 · c764630 · c764630
1 parent 15daf39
commit c764630
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,18 @@
+2020-02-13  Youenn Fablet  <youenn@apple.com>
+
+        Protect WebSWServerConnection::scheduleJobInServer from bad scopeURL
+        https://bugs.webkit.org/show_bug.cgi?id=207722
+
+        Reviewed by Chris Dumez.
+
+        * NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
+        (WebKit::WebSWServerConnection::scheduleJobInServer):
+        In case of bad scope, fail the job early on.
+        * WebProcess/Storage/WebSWClientConnection.cpp:
+        (WebKit::WebSWClientConnection::scheduleJobInServer):
+        Remove the RELEASE_ASSERT from now since we defend in Network process.
+        We will add it back in ServiceWorkerRegistration::getOrCreate as a follow-up.
+
 2020-02-13  Ben Nham  <nham@apple.com>
 
         Flash of white can occur if JS forces an early layout

diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
@@ -272,6 +272,12 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
 
 void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData)
 {
+    ASSERT(!jobData.scopeURL.isNull());
+    if (jobData.scopeURL.isNull()) {
+        rejectJobInClient(jobData.identifier().jobIdentifier, ExceptionData { InvalidStateError, "Scope URL is empty"_s });
+        return;
+    }
+
     SWSERVERCONNECTION_RELEASE_LOG_IF_ALLOWED("Scheduling ServiceWorker job %s in server", jobData.identifier().loggingString().utf8().data());
     ASSERT(identifier() == jobData.connectionIdentifier());
 

diff --git a/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp b/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp
@@ -73,7 +73,6 @@ IPC::Connection* WebSWClientConnection::messageSenderConnection() const
 
 void WebSWClientConnection::scheduleJobInServer(const ServiceWorkerJobData& jobData)
 {
-    RELEASE_ASSERT(!jobData.scopeURL.isNull());
     runOrDelayTaskForImport([this, jobData] {
         send(Messages::WebSWServerConnection::ScheduleJobInServer { jobData });
     });