Improve geolocation permission security

Ensure we only grant permission to the origin the user replied to,
otherwise we might get a race exploit.

Change-Id: I4f737148f4e41432c160b81c324531e9cde0edc6
Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>

1 files changed, 9 insertions, 2 deletions

diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp
index 92b61dcdd..18b61cd2d 100644
--- a/src/core/web_contents_delegate_qt.cpp
+++ b/src/core/web_contents_delegate_qt.cpp
@@ -314,6 +314,13 @@ void WebContentsDelegateQt::allowCertificateError(const QExplicitlySharedDataPoi
 
 void WebContentsDelegateQt::requestGeolocationPermission(const GURL &requestingFrameOrigin, base::Callback<void (bool)> resultCallback)
 {
-    m_lastGeolocationRequestCallback = resultCallback;
-    m_viewClient->runGeolocationPermissionRequest(toQt(requestingFrameOrigin));
+    m_lastGeolocationPermissionRequest.url = toQt(requestingFrameOrigin);
+    m_lastGeolocationPermissionRequest.callback = resultCallback;
+    m_viewClient->runGeolocationPermissionRequest(m_lastGeolocationPermissionRequest.url);
+}
+
+void WebContentsDelegateQt::geolocationPermissionReply(const QUrl &origin, bool permission)
+{
+    if (m_lastGeolocationPermissionRequest.url == origin)
+        m_lastGeolocationPermissionRequest.callback.Run(permission);
 }