Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 2941a90229 from chromium #34228

Merged
merged 4 commits into from May 17, 2022
Merged

chore: cherry-pick 2941a90229 from chromium #34228

merged 4 commits into from May 17, 2022

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented May 13, 2022
edited

[Merge to M100] Don't use GetOriginalOpener to get opener's origin on FrameTree initialization

When setting the origin of the new main RFH on FrameTree initialization,
we base it on the opener's origin if it exists. GetOriginalOpener()
was used to get the opener, but that function will actually return the
main frame of the opener. This means when the FrameTree is opened by a
non-main frame, we might inherit the wrong origin.

This CL fixes the bug by getting the actual opener using GetOpener()
instead, and adds a regression test and warning note to
GetOriginalOpener().

(cherry picked from commit 4eb716ef5cdbca4db3a9377ee6390964d0d4025f)

Bug: 1311820, 1291764
Change-Id: I7e6f63a394ba4188eee3ce3043b174a2695508eb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3564826
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Rakina Zata Amni <rakina@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#989165}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3600157
Auto-Submit: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Nidhi Jaju <nidhijaju@chromium.org>
Commit-Queue: Nidhi Jaju <nidhijaju@chromium.org>
Owners-Override: Nidhi Jaju <nidhijaju@chromium.org>
Cr-Commit-Position: refs/branch-heads/4896@{#1179}
Cr-Branched-From: 1f63ff4bc27570761b35ffbc7f938f6586f7bee8-refs/heads/main@{#972766}

Notes: Backported fix for CVE-2022-1637.

@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 17-x-y labels May 13, 2022
@ppontes ppontes requested review from a team as code owners May 13, 2022 16:35
@jkleinsc jkleinsc merged commit 160afc8 into 17-x-y May 17, 2022
@jkleinsc jkleinsc deleted the cherry-pick/17-x-y/chromium/2941a90229 branch May 17, 2022 19:13
@release-clerk
Copy link

release-clerk bot commented May 17, 2022

Release Notes Persisted

Backported fix for CVE-2022-1637.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
17-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ppontes @jkleinsc @electron-bot