New issue
Advanced search Search tips

Issue 792482 link

Starred by 1 user
Status: Fixed
Owner:
tobiasjs@chromium.org
Closed: Dec 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug



Sign in to add a comment

URLs with hostnames starting with . cause a JNI error in WebView when performing cleartext permitted checks.

Project Member Reported by tobiasjs@chromium.org, Dec 6 2017 
NetworkSecurityPolicy.isCleartextTrafficPermitted can throw an IllegalArgumentException, which is uncaught and returned to native code, causing any application that has declared a network-security-config to crash.

Comment 1 by tobiasjs@chromium.org, Dec 6 2017 

Relevant internal bug: b/70257360
Project Member

Comment 2 by bugdroid1@chromium.org, Dec 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/96e0b6dfa35b843592a40829c5b0178f97cc1bce

commit 96e0b6dfa35b843592a40829c5b0178f97cc1bce
Author: Tobias Sargeant <tobiasjs@google.com>
Date: Mon Dec 11 13:50:51 2017

Treat IAE while checking cleartext policy as default.

NetworkSecurityPolicy.isCleartextTrafficPermitted can throw
an IllegalArgumentException, which is uncaught and returned to
native code, causing any WebView application that has declared a
network security config to crash.

Bug:  792482 
Change-Id: Ide2c0293d7cebad68109a4af5bcea127c83ee96c
Reviewed-on: https://chromium-review.googlesource.com/810969
Commit-Queue: Tobias Sargeant <tobiasjs@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#523088}
[modify] https://crrev.com/96e0b6dfa35b843592a40829c5b0178f97cc1bce/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
[modify] https://crrev.com/96e0b6dfa35b843592a40829c5b0178f97cc1bce/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java
[modify] https://crrev.com/96e0b6dfa35b843592a40829c5b0178f97cc1bce/net/url_request/url_request_http_job_unittest.cc

Comment 3 by tobiasjs@chromium.org, Dec 11 2017

Labels: Merge-Request-64

Comment 4 by candr...@chromium.org, Dec 11 2017

Labels: OS-Android

Comment 5 by cmasso@google.com, Dec 11 2017

Labels: -Merge-Request-64 Merge-Approved-64
Merge approved!
Project Member

Comment 6 by bugdroid1@chromium.org, Dec 12 2017

Labels: -merge-approved-64 merge-merged-3282
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3451cc9b66864022eedf3a15fd613aee6c9da4bd

commit 3451cc9b66864022eedf3a15fd613aee6c9da4bd
Author: Tobias Sargeant <tobiasjs@google.com>
Date: Tue Dec 12 14:36:19 2017

Treat IAE while checking cleartext policy as default.

NetworkSecurityPolicy.isCleartextTrafficPermitted can throw
an IllegalArgumentException, which is uncaught and returned to
native code, causing any WebView application that has declared a
network security config to crash.

TBR=tobiasjs@google.com

(cherry picked from commit 96e0b6dfa35b843592a40829c5b0178f97cc1bce)

Bug:  792482 
Change-Id: Ide2c0293d7cebad68109a4af5bcea127c83ee96c
Reviewed-on: https://chromium-review.googlesource.com/810969
Commit-Queue: Tobias Sargeant <tobiasjs@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#523088}
Reviewed-on: https://chromium-review.googlesource.com/822431
Reviewed-by: Tobias Sargeant <tobiasjs@chromium.org>
Cr-Commit-Position: refs/branch-heads/3282@{#171}
Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840}
[modify] https://crrev.com/3451cc9b66864022eedf3a15fd613aee6c9da4bd/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
[modify] https://crrev.com/3451cc9b66864022eedf3a15fd613aee6c9da4bd/net/android/javatests/src/org/chromium/net/AndroidNetworkLibraryTestUtil.java
[modify] https://crrev.com/3451cc9b66864022eedf3a15fd613aee6c9da4bd/net/url_request/url_request_http_job_unittest.cc

Comment 7 by tobiasjs@chromium.org, Dec 12 2017

Status: Fixed (was: Assigned)

Sign in to add a comment