summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJüri Valdmann <juri.valdmann@qt.io>2019-07-22 11:33:46 +0200
committerJüri Valdmann <juri.valdmann@qt.io>2019-07-24 10:00:52 +0200
commit9dce1c5b12db094cdc469d7d68eb3124f9393dc7 (patch)
tree3feb586869f425173ec959b14259cb2dd3bcbf3a
parent76a66c886156012ec85250904b64587960e733f3 (diff)
Fix use-after-free of HostResolver
Create one HostResolver per profile to avoid use-after-free in NetworkHintsMessageFilter (5.12) or NetworkContext (5.13). Fixes: QTBUG-75884 Change-Id: Ic1a2973b4fb0aed6bd0fa1bb9a1d7c3012c30fe0 Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r--src/core/profile_io_data_qt.cpp3
-rw-r--r--src/core/profile_io_data_qt.h1
2 files changed, 3 insertions, 1 deletions
diff --git a/src/core/profile_io_data_qt.cpp b/src/core/profile_io_data_qt.cpp
index dd363f74..99a6f6db 100644
--- a/src/core/profile_io_data_qt.cpp
+++ b/src/core/profile_io_data_qt.cpp
@@ -200,9 +200,11 @@ content::ResourceContext *ProfileIODataQt::resourceContext()
void ProfileIODataQt::initializeOnIOThread()
{
m_networkDelegate.reset(new NetworkDelegateQt(this));
+ m_hostResolver = net::HostResolver::CreateDefaultResolver(NULL);
m_urlRequestContext.reset(new net::URLRequestContext());
m_urlRequestContext->set_network_delegate(m_networkDelegate.get());
m_urlRequestContext->set_enable_brotli(base::FeatureList::IsEnabled(features::kBrotliEncoding));
+ m_urlRequestContext->set_host_resolver(m_hostResolver.get());
// this binds factory to io thread
m_weakPtr = m_weakPtrFactory.GetWeakPtr();
QMutexLocker lock(&m_mutex);
@@ -289,7 +291,6 @@ void ProfileIODataQt::generateStorage()
ct_verifier->AddLogs(ct_logs);
m_storage->set_cert_transparency_verifier(std::move(ct_verifier));
m_storage->set_ct_policy_enforcer(base::WrapUnique(new net::DefaultCTPolicyEnforcer()));
- m_storage->set_host_resolver(net::HostResolver::CreateDefaultResolver(NULL));
m_storage->set_ssl_config_service(std::make_unique<net::SSLConfigServiceDefaults>());
if (!m_httpAuthPreferences) {
m_httpAuthPreferences.reset(new net::HttpAuthPreferences());
diff --git a/src/core/profile_io_data_qt.h b/src/core/profile_io_data_qt.h
index 2d4706bf..8ce6185b 100644
--- a/src/core/profile_io_data_qt.h
+++ b/src/core/profile_io_data_qt.h
@@ -120,6 +120,7 @@ private:
std::unique_ptr<net::HttpAuthPreferences> m_httpAuthPreferences;
std::unique_ptr<net::URLRequestJobFactory> m_jobFactory;
std::unique_ptr<net::TransportSecurityPersister> m_transportSecurityPersister;
+ std::unique_ptr<net::HostResolver> m_hostResolver;
base::WeakPtr<ProfileIODataQt> m_weakPtr;
scoped_refptr<CookieMonsterDelegateQt> m_cookieDelegate;
content::URLRequestInterceptorScopedVector m_requestInterceptors;