Google Git
Sign in
chromium / chromium / src.git / 3187fae1b0fcee628a0b5fb39f65a4fe33f93869
commit3187fae1b0fcee628a0b5fb39f65a4fe33f93869[log] [tgz]
authorTommy Li <[email protected]>Thu Nov 14 20:04:22 2019
committerCommit Bot <[email protected]>Thu Nov 14 20:04:22 2019
tree8f7418674774f9a5a2e50f3eb641c4bfde9197fb
parenta5315dfe44f94abf96dac68ce57c415d1b2f3452 [diff]
[net] Fix spoof attack on file:// URLs on POSIX systems

For file:// URLs on POSIX, we currently discard the host portion of the
URL, and treat all file:// URLs as local. On Windows, we use the host
portion as the SAMBA share, so this bug is inapplicable to Windows.

This allows us to have URLs like:
file://accounts.google.com/home/tommycli/Downloads/evil.html

This is a low severity bug, since it's quite hard to exploit, but we
should fix it anyways.

RFC 8089 doesn't actually prohibit our previous behavior, but it does
frown on it.

This CL *could* break file:// links that relied on the old behavior,
but those file:// links should probably be rightfully-broken, since
they didn't work on Windows anyways.

Bug: 881675
Change-Id: Ie9c90ac6285b698089205e73f46f0af13867e806
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1907071
Reviewed-by: Adam Langley <[email protected]>
Reviewed-by: Min Qin <[email protected]>
Reviewed-by: Mohammad Refaat <[email protected]>
Commit-Queue: Tommy Li <[email protected]>
Cr-Commit-Position: refs/heads/master@{#715373}
5 files changed
tree: 8f7418674774f9a5a2e50f3eb641c4bfde9197fb
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. jingle/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .vpython
  60. .vpython3
  61. AUTHORS
  62. BUILD.gn
  63. CODE_OF_CONDUCT.md
  64. codereview.settings
  65. DEPS
  66. ENG_REVIEW_OWNERS
  67. LICENSE
  68. LICENSE.chromium_os
  69. OWNERS
  70. PRESUBMIT.py
  71. PRESUBMIT_test.py
  72. PRESUBMIT_test_mocks.py
  73. README.md
  74. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .