From 432a3b5a08c1dff5693d7b804b9e9cf19ad92a2e Mon Sep 17 00:00:00 2001 From: Selim Gurun Date: Wed, 7 Dec 2011 10:50:23 -0800 Subject: Prevent native crashes on client cert request Bug: 4586251 Explicitly manage ref counter for WebUrlLoaderClient. This will prevent early release of the object. Change-Id: I4b8e41b470eaacb594ce85afdd650e7827ab4a6d --- .../android/WebCoreSupport/WebUrlLoaderClient.cpp | 20 ++++++++++---------- .../android/WebCoreSupport/WebUrlLoaderClient.h | 3 ++- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'Source') diff --git a/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp b/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp index a6e58c8..43037ab 100644 --- a/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp +++ b/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.cpp @@ -324,16 +324,6 @@ void WebUrlLoaderClient::cancelSslCertError(int cert_error) this->Release(); } -void WebUrlLoaderClient::sslClientCert(EVP_PKEY* pkey, net::X509Certificate* chain) -{ - base::Thread* thread = ioThread(); - scoped_refptr scopedChain(chain); - if (isActive() && thread) - thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::sslClientCert, pkey, scopedChain)); - this->Release(); -} - - void WebUrlLoaderClient::finish() { m_finished = true; @@ -492,12 +482,22 @@ void WebUrlLoaderClient::reportSslCertError(int cert_error, net::X509Certificate m_webFrame->reportSslCertError(this, cert_error, chain_bytes[0], m_request->getUrl()); } +void WebUrlLoaderClient::sslClientCert(EVP_PKEY* pkey, net::X509Certificate* chain) +{ + base::Thread* thread = ioThread(); + scoped_refptr scopedChain(chain); + if (isActive() && thread) + thread->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(m_request.get(), &WebRequest::sslClientCert, pkey, scopedChain)); + this->Release(); +} + void WebUrlLoaderClient::requestClientCert(net::SSLCertRequestInfo* cert_request_info) { if (!isActive()) return; std::string host_and_port = cert_request_info->host_and_port; + this->AddRef(); m_webFrame->requestClientCert(this, host_and_port); } diff --git a/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.h b/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.h index 5f03339..4463dfb 100644 --- a/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.h +++ b/Source/WebKit/android/WebCoreSupport/WebUrlLoaderClient.h @@ -74,7 +74,6 @@ public: void cancelAuth(); void proceedSslCertError(); void cancelSslCertError(int cert_error); - void sslClientCert(EVP_PKEY* pkey, net::X509Certificate* chain); typedef void CallbackFunction(void*); @@ -92,6 +91,8 @@ public: void willSendRequest(PassOwnPtr); void authRequired(scoped_refptr, bool firstTime, bool suppressDialog); void reportSslCertError(int cert_error, net::X509Certificate* cert); + + void sslClientCert(EVP_PKEY* pkey, net::X509Certificate* chain); void requestClientCert(net::SSLCertRequestInfo* cert); // Handle to the chrome IO thread -- cgit v1.1