[webkit-changes] [WebKit/WebKit] e59cd4: Block connections to 0.0.0.0

Commit Queue noreply at github.com
Fri Jun 7 14:34:34 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e59cd4a4330877f4692ab31caaf5039185e845bf
      https://github.com/WebKit/WebKit/commit/e59cd4a4330877f4692ab31caaf5039185e845bf
  Author: Matthew Finkel <m_finkel at apple.com>
  Date:   2024-06-07 (Fri, 07 Jun 2024)

  Changed paths:
    A LayoutTests/http/tests/media/video-error-all-zero-address-blocked-expected.txt
    A LayoutTests/http/tests/media/video-error-all-zero-address-blocked.html
    A LayoutTests/http/tests/security/block-iframe-to-all-zero-address-expected.txt
    A LayoutTests/http/tests/security/block-iframe-to-all-zero-address.html
    A LayoutTests/http/tests/security/block-popup-to-all-zero-address-expected.txt
    A LayoutTests/http/tests/security/block-popup-to-all-zero-address.html
    A LayoutTests/http/tests/security/redirect-BLOCKED-to-all-zero-address-expected.txt
    A LayoutTests/http/tests/security/redirect-BLOCKED-to-all-zero-address.html
    A LayoutTests/http/tests/websocket/connection-to-all-zero-address-blocked-expected.txt
    A LayoutTests/http/tests/websocket/connection-to-all-zero-address-blocked.html
    M LayoutTests/platform/wincairo/TestExpectations
    M Source/WebCore/Modules/mediastream/RTCPeerConnection.cpp
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/ResourceLoader.cpp
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebCore/platform/network/DNS.cpp
    M Source/WebCore/platform/network/DNS.h
    M Source/WebCore/platform/network/ResourceHandle.cpp
    M Source/WebKit/NetworkProcess/NetworkDataTask.cpp

  Log Message:
  -----------
  Block connections to 0.0.0.0
https://bugs.webkit.org/show_bug.cgi?id=275224
rdar://125913679

Reviewed by Alex Christensen.

This patch blocks connections to 0.0.0.0 and [::], as per RFC 6890 [0]. That
spec says that these addresses may only be used as source addresses, not
destinations. Requesting connections to either of these addresses is generally
confusing, and likely not motivated by a good reason.

Coincidentally, Blink seems to be making a similar change [1], and their use
counters are showing below 0.001%. We can't exactly extrapolate from that, but
it's a good indicator that this is safe.

[0] https://www.rfc-editor.org/rfc/rfc6890#section-2.2.3
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/9uymCQNGVgw

* LayoutTests/http/tests/media/video-error-all-zero-address-blocked-expected.txt: Added.
* LayoutTests/http/tests/media/video-error-all-zero-address-blocked.html: Added.
* LayoutTests/http/tests/security/block-iframe-to-all-zero-address-expected.txt: Added.
* LayoutTests/http/tests/security/block-iframe-to-all-zero-address.html: Added.
* LayoutTests/http/tests/security/block-popup-to-all-zero-address-expected.txt: Added.
* LayoutTests/http/tests/security/block-popup-to-all-zero-address.html: Added.
* LayoutTests/http/tests/security/redirect-BLOCKED-to-all-zero-address-expected.txt: Added.
* LayoutTests/http/tests/security/redirect-BLOCKED-to-all-zero-address.html: Added.
* LayoutTests/http/tests/websocket/connection-to-all-zero-address-blocked-expected.txt: Added.
* LayoutTests/http/tests/websocket/connection-to-all-zero-address-blocked.html: Added.
* LayoutTests/platform/wincairo/TestExpectations:
* Source/WebCore/Modules/mediastream/RTCPeerConnection.cpp:
(WebCore::RTCPeerConnection::iceServersFromConfiguration):
* Source/WebCore/Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::connect):
* Source/WebCore/html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::isSafeToLoadURL const):
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::reportBlockedLoadFailed):
* Source/WebCore/loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::init):
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable):
(WebCore::FrameLoader::SubframeLoader::loadSubframe):
* Source/WebCore/loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestResource):
* Source/WebCore/platform/network/DNS.cpp:
(WebCore::isIPAddressDisallowed):
* Source/WebCore/platform/network/DNS.h:
* Source/WebCore/platform/network/ResourceHandle.cpp:
(WebCore::ResourceHandle::ResourceHandle):
* Source/WebKit/NetworkProcess/NetworkDataTask.cpp:
(WebKit::NetworkDataTask::NetworkDataTask):

Canonical link: https://commits.webkit.org/279835@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list