diff options
author | Wez <wez@chromium.org> | 2022-06-23 18:56:12 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-08-08 15:24:48 +0000 |
commit | 2e3686e72481396fa8b75187c87d386cf6151be4 (patch) | |
tree | c2a72ca6fdedb0918a5e9d8ce549658a171b5fbe | |
parent | 916ffc811be5c59186abe7550e3b3959ec186985 (diff) | |
download | qtwebengine-chromium-2e3686e72481396fa8b75187c87d386cf6151be4.tar.gz |
[Backport] CVE-2022-2612: Side-channel information leakage in Keyboard input
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3707218:
DOM Code conversion cleanups
Improvements to the DOM Code conversion APIs:
- All APIs now accept strings via StringPiece, and return them
as std::strings, since almost all callers store returned
values in std::strings anyway.
- Common contiguous DomCodes (e.g. US_A->US_Z) have their names
dynamically generated, rather than requiring a lookup through
the table.
Some incidental cleanups:
- Removed unused code-string to USB & native conversions.
- Tidied up comments to group conversions better.
(cherry picked from commit 31103fab10169feb448d4d0c18bc73ed946c6628)
Bug: 1321350
Change-Id: I67f2603c281fa11d1b4d8dce86f3455a1f7c75c2
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Michael Spang <spang@chromium.org>
Reviewed-by: Kevin Marshall <kmarshall@chromium.org>
Auto-Submit: Wez <wez@chromium.org>
Reviewed-by: Michael Spang <spang@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#1013780}
Commit-Queue: Avi Drissman <avi@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Cr-Commit-Position: refs/branch-heads/5112@{#236}
Cr-Branched-From: b13d3fe7b3c47a56354ef54b221008afa754412e-refs/heads/main@{#1012729}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/ui/events/keycodes/dom/keycode_converter.cc | 55 | ||||
-rw-r--r-- | chromium/ui/events/keycodes/dom/keycode_converter.h | 33 |
2 files changed, 43 insertions, 45 deletions
diff --git a/chromium/ui/events/keycodes/dom/keycode_converter.cc b/chromium/ui/events/keycodes/dom/keycode_converter.cc index 99bc1a1c625..fcd39d413bc 100644 --- a/chromium/ui/events/keycodes/dom/keycode_converter.cc +++ b/chromium/ui/events/keycodes/dom/keycode_converter.cc @@ -6,6 +6,7 @@ #include "base/cxx17_backports.h" #include "base/logging.h" +#include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversion_utils.h" #include "build/build_config.h" #include "ui/events/keycodes/dom/dom_code.h" @@ -233,7 +234,7 @@ KeyboardCode KeycodeConverter::MapPositionalDomCodeToUSShortcutKey( #endif // static -DomCode KeycodeConverter::CodeStringToDomCode(const std::string& code) { +DomCode KeycodeConverter::CodeStringToDomCode(base::StringPiece code) { if (code.empty()) return DomCode::NONE; for (auto& mapping : kDomCodeMappings) { @@ -246,9 +247,29 @@ DomCode KeycodeConverter::CodeStringToDomCode(const std::string& code) { } // static -const char* KeycodeConverter::DomCodeToCodeString(DomCode dom_code) { +std::string KeycodeConverter::DomCodeToCodeString(DomCode dom_code) { + const auto usb_keycode = static_cast<uint32_t>(dom_code); + + // Generate some continuous runs of codes, rather than looking them up. + if (dom_code >= DomCode::US_A && dom_code <= DomCode::US_Z) { + const int index = usb_keycode - static_cast<uint32_t>(DomCode::US_A); + return base::StringPrintf("Key%c", 'A' + index); + } else if (dom_code >= DomCode::DIGIT1 && dom_code <= DomCode::DIGIT0) { + const int index = usb_keycode - static_cast<uint32_t>(DomCode::DIGIT1); + return base::StringPrintf("Digit%d", (index + 1) % 10); + } else if (dom_code >= DomCode::NUMPAD1 && dom_code <= DomCode::NUMPAD0) { + const int index = usb_keycode - static_cast<uint32_t>(DomCode::NUMPAD1); + return base::StringPrintf("Numpad%d", (index + 1) % 10); + } else if (dom_code >= DomCode::F1 && dom_code <= DomCode::F12) { + const int index = usb_keycode - static_cast<uint32_t>(DomCode::F1); + return base::StringPrintf("F%d", index + 1); + } else if (dom_code >= DomCode::F13 && dom_code <= DomCode::F24) { + const int index = usb_keycode - static_cast<uint32_t>(DomCode::F13); + return base::StringPrintf("F%d", index + 13); + } + for (auto& mapping : kDomCodeMappings) { - if (mapping.usb_keycode == static_cast<uint32_t>(dom_code)) { + if (mapping.usb_keycode == usb_keycode) { if (mapping.code) return mapping.code; break; @@ -307,7 +328,7 @@ DomKeyLocation KeycodeConverter::DomCodeToLocation(DomCode dom_code) { } // static -DomKey KeycodeConverter::KeyStringToDomKey(const std::string& key) { +DomKey KeycodeConverter::KeyStringToDomKey(base::StringPiece key) { if (key.empty()) return DomKey::NONE; // Check for standard key names. @@ -325,12 +346,12 @@ DomKey KeycodeConverter::KeyStringToDomKey(const std::string& key) { } // Otherwise, if the string contains a single Unicode character, // the key value is that character. + const auto key_length = static_cast<int32_t>(key.length()); int32_t char_index = 0; uint32_t character; - if (base::ReadUnicodeCharacter(key.c_str(), - static_cast<int32_t>(key.length()), - &char_index, &character) && - key[++char_index] == 0) { + if (base::ReadUnicodeCharacter(key.data(), key_length, &char_index, + &character) && + ++char_index == key_length) { return DomKey::FromCharacter(character); } return DomKey::NONE; @@ -449,22 +470,4 @@ uint32_t KeycodeConverter::DomCodeToUsbKeycode(DomCode dom_code) { return InvalidUsbKeycode(); } -// static -uint32_t KeycodeConverter::CodeStringToUsbKeycode(const std::string& code) { - if (code.empty()) - return InvalidUsbKeycode(); - - for (auto& mapping : kDomCodeMappings) { - if (mapping.code && code == mapping.code) { - return mapping.usb_keycode; - } - } - return InvalidUsbKeycode(); -} - -// static -int KeycodeConverter::CodeStringToNativeKeycode(const std::string& code) { - return UsbKeycodeToNativeKeycode(CodeStringToUsbKeycode(code)); -} - } // namespace ui diff --git a/chromium/ui/events/keycodes/dom/keycode_converter.h b/chromium/ui/events/keycodes/dom/keycode_converter.h index 852237481ea..5f3474dd968 100644 --- a/chromium/ui/events/keycodes/dom/keycode_converter.h +++ b/chromium/ui/events/keycodes/dom/keycode_converter.h @@ -9,6 +9,7 @@ #include <stdint.h> #include <string> +#include "base/strings/string_piece.h" #include "build/build_config.h" #include "ui/events/keycodes/dom/dom_key.h" @@ -91,11 +92,11 @@ class KeycodeConverter { static KeyboardCode MapPositionalDomCodeToUSShortcutKey(DomCode code); #endif - // Convert a UI Events |code| string value into a DomCode. - static DomCode CodeStringToDomCode(const std::string& code); - - // Convert a DomCode into a UI Events |code| string value. - static const char* DomCodeToCodeString(DomCode dom_code); + // Conversion between DOM Code string and DomCode enum values. + // Returns the invalid value if the supplied code is not recognized, + // or has no mapping. + static DomCode CodeStringToDomCode(base::StringPiece code); + static std::string DomCodeToCodeString(DomCode dom_code); // Return the DomKeyLocation of a DomCode. The DomKeyLocation distinguishes // keys with the same meaning, and therefore the same DomKey or non-located @@ -108,10 +109,10 @@ class KeycodeConverter { // - a key name from http://www.w3.org/TR/DOM-Level-3-Events-key/, or // - a single Unicode character (represented in UTF-8). // Returns DomKey::NONE for other inputs, including |nullptr|. - static DomKey KeyStringToDomKey(const std::string& key); + static DomKey KeyStringToDomKey(base::StringPiece key); // Convert a DomKey into a UI Events |key| string value. - // For an invalid DomKey, returns an empty string. + // Returns an empty string for invalid DomKey values. static std::string DomKeyToKeyString(DomKey dom_key); // Returns true if the DomKey is a modifier. @@ -128,24 +129,18 @@ class KeycodeConverter { // Return the value that identifies an invalid USB keycode. static uint32_t InvalidUsbKeycode(); - // Convert a USB keycode into an equivalent platform native keycode. + // Conversion between USB keycode and native keycode values. + // Returns the invalid value if the supplied code is not recognized, + // or has no mapping. static int UsbKeycodeToNativeKeycode(uint32_t usb_keycode); - - // Convert a platform native keycode into an equivalent USB keycode. static uint32_t NativeKeycodeToUsbKeycode(int native_keycode); - // Convert a USB keycode into a DomCode. + // Conversion between USB keycode and DomCode values. + // Returns the "invalid" value if the supplied key code is not + // recognized. static DomCode UsbKeycodeToDomCode(uint32_t usb_keycode); - - // Convert a DomCode into a USB keycode. static uint32_t DomCodeToUsbKeycode(DomCode dom_code); - // Convert a UI Event |code| string into a USB keycode value. - static uint32_t CodeStringToUsbKeycode(const std::string& code); - - // Convert a UI Event |code| string into a native keycode. - static int CodeStringToNativeKeycode(const std::string& code); - // Static methods to support testing. static size_t NumKeycodeMapEntriesForTest(); static const KeycodeMapEntry* GetKeycodeMapForTest(); |