angler-fishThe Vulnerability History Project

CSP source *.x.y should not match host x.y

      This fixes a minor CSP bug where a source in a source list with a
wildcard was matching more liberally than it should have. It was
matching a source of the form *.x.y to host x.y when, in fact, it should
only be matching subdomains.

BUG=534542
TBR=mkwst@chromium.org

Review URL: https://codereview.chromium.org/1367933003

Cr-Commit-Position: refs/heads/master@{#350629}
by Alexander the Pony 2015-09-24 19:52:29 UTC
commit 6282934a62f7b1416b677acad89a2880f2de201c
Chromium Fix CVE-2015-6785
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-allowed-expected.txt
+2
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/{image-full-host-wildcard-fails.html => image-full-host-wildcard-allowed.html}
+1 -1
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/image-full-host-wildcard-fails-expected.txt
-4
third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-11.html
-17
third_party/WebKit/Source/core/frame/UseCounter.h
-1
third_party/WebKit/Source/core/frame/csp/CSPSource.cpp
+4 -19
third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp
+1 -2
third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp
+3 -5
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
+1 -1
third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+1 -2
tools/metrics/histograms/histograms.xml
+1 -6
expand_less