diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 03:27:32 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-02-13 03:27:32 +0000 |
| commit | eda4202e5ea47bd008885e2234b402fc7d817a7e (patch) | |
| tree | 5900aeeeccb1a397c2f002d158455b4317f9fa60 /content | |
| parent | 894b99cd4de1d21e55540dc8348e98d34c2b1981 (diff) | |
| download | chromium_src-eda4202e5ea47bd008885e2234b402fc7d817a7e.zip chromium_src-eda4202e5ea47bd008885e2234b402fc7d817a7e.tar.gz chromium_src-eda4202e5ea47bd008885e2234b402fc7d817a7e.tar.bz2 | |
Revert 182090
> Merge 182008
> > Improve IndexedDB IPC message sanitization
> >
> > Defend against a compromised renderer sending junk to the browser.
> >
> > BUG=174895
> >
> >
> > Review URL: https://chromiumcodereview.appspot.com/12208119
>
> TBR=dgrogan@chromium.org
> Review URL: https://codereview.chromium.org/12223123
TBR=dgrogan@chromium.org
Review URL: https://codereview.chromium.org/12225161
git-svn-id: svn://svn.chromium.org/chrome/branches/1364/src@182104 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
| -rw-r--r-- | content/browser/in_process_webkit/indexed_db_dispatcher_host.cc | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc b/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc index 9a51660..3f46966 100644 --- a/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc +++ b/content/browser/in_process_webkit/indexed_db_dispatcher_host.cc @@ -26,8 +26,6 @@ #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBCursor.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBDatabase.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBDatabaseCallbacks.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBDatabaseError.h" -#include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBDatabaseException.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBFactory.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBIndex.h" #include "third_party/WebKit/Source/WebKit/chromium/public/WebIDBMetadata.h" @@ -44,7 +42,6 @@ using WebKit::WebExceptionCode; using WebKit::WebIDBCallbacks; using WebKit::WebIDBCursor; using WebKit::WebIDBDatabase; -using WebKit::WebIDBDatabaseError; using WebKit::WebIDBIndex; using WebKit::WebIDBKey; using WebKit::WebIDBMetadata; @@ -717,14 +714,6 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnPut( scoped_ptr<WebIDBCallbacks> callbacks( new IndexedDBCallbacks<WebIDBKey>(parent_, params.ipc_thread_id, params.ipc_response_id)); - - if (params.index_ids.size() != params.index_keys.size()) { - callbacks->onError(WebIDBDatabaseError( - WebKit::WebIDBDatabaseExceptionUnknownError, - "Malformed IPC message: index_ids.size() != index_keys.size()")); - return; - } - idb_object_store->put(params.serialized_value, params.key, params.put_mode, callbacks.release(), *idb_transaction, params.index_ids, @@ -746,12 +735,6 @@ void IndexedDBDispatcherHost::ObjectStoreDispatcherHost::OnSetIndexKeys( &map_, ipc_object_store_id); WebIDBTransaction* idb_transaction = parent_->GetOrTerminateProcess( &parent_->transaction_dispatcher_host_->map_, ipc_transaction_id); - - if (index_names.size() != index_keys.size()) { - idb_transaction->abort(); - return; - } - if (!idb_transaction || !idb_object_store) return; idb_object_store->setIndexKeys(primary_key, |