LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-11 13:36:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Fix unchecked Variant access in Request::construct_impl()

Browse Source 
We need to keep an Infrastructure::Request::BodyType around as we're not
sure what's actually inside, instead accessing Infrastructure::Body
directly.

Co-authored-by: Luke Wilde <lukew@serenityos.org>
This commit is contained in:
Linus Groh 2022-10-26 10:32:53 +01:00
parent 16136f0bdd
commit 419eb7ab97
Notes: sideshowbarker 2024-07-17 07:06:47 +09:00 
Author: https://github.com/linusg
Commit: https://github.com/SerenityOS/serenity/commit/419eb7ab97
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Userland/Libraries/LibWeb/Fetch/Request.cpp
View File

@ -429,12 +429,12 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<Request>> Request::construct_impl(JS::Realm
}
// 33. Let inputBody be inputs requests body if input is a Request object; otherwise null.
auto const& input_body = input.has<JS::Handle<Request>>()
? input.get<JS::Handle<Request>>()->request()->body().get<Infrastructure::Body>()
: Optional<Infrastructure::Body> {};
Optional<Infrastructure::Request::BodyType const&> input_body;
if (input.has<JS::Handle<Request>>())
input_body = input.get<JS::Handle<Request>>()->request()->body();
// 34. If either init["body"] exists and is non-null or inputBody is non-null, and requests method is `GET` or `HEAD`, then throw a TypeError.
if (((init.body.has_value() && (*init.body).has_value()) || input_body.has_value()) && StringView { request->method() }.is_one_of("GET"sv, "HEAD"sv))
if (((init.body.has_value() && (*init.body).has_value()) || (input_body.has_value() && !input_body.value().has<Empty>())) && StringView { request->method() }.is_one_of("GET"sv, "HEAD"sv))
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Method must not be GET or HEAD when body is provided"sv };
// 35. Let initBody be null.
@ -457,10 +457,13 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<Request>> Request::construct_impl(JS::Realm
}
// 37. Let inputOrInitBody be initBody if it is non-null; otherwise inputBody.
auto const& input_or_init_body = init_body.has_value() ? init_body : input_body;
Optional<Infrastructure::Request::BodyType> input_or_init_body = init_body.has_value()
? Infrastructure::Request::BodyType { init_body.value() }
: input_body;
// 38. If inputOrInitBody is non-null and inputOrInitBodys source is null, then:
if (input_or_init_body.has_value() && input_or_init_body->source().has<Empty>()) {
// FIXME: The spec doesn't check if inputOrInitBody is a body before accessing source.
if (input_or_init_body.has_value() && input_or_init_body->has<Infrastructure::Body>() && input_or_init_body->get<Infrastructure::Body>().source().has<Empty>()) {
// 1. If initBody is non-null and init["duplex"] does not exist, then throw a TypeError.
if (init_body.has_value() && !init.duplex.has_value())
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Body without source requires 'duplex' value to be set"sv };