fix: bypass DOM storage quota (#15596)

2018-11-12 11:19:01 -06:00 · 2018-11-12 11:19:01 -06:00 · b21dbdb20d
commit b21dbdb20d
parent c9d0960f47
4 changed files with 113 additions and 24 deletions
--- a/patches/common/chromium/dom_storage_limits.patch
+++ b/patches/common/chromium/dom_storage_limits.patch
@ -0,0 +1,98 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jacob Quant <jacobq@gmail.com>
+Date: Tue, 6 Nov 2018 15:26:00 -0600
+Subject: dom_storage_limits.patch
+
+This patch circumvents the restriction on DOM storage objects,
+namely `localStorage` and `sessionStorage`, which chromium otherwise
+limits to approximately 10MiB.
+
+That restriction originates from a recommendation
+[in the Web Storage API specification](https://html.spec.whatwg.org/multipage/webstorage.html#disk-space-2)
+that is motivated by the concern that hostile code could abuse this
+feature to exhaust available storage capacity.
+However, in the case of  Electron, where the application developers
+have control over all of the code being executed,
+this safety precaution becomes a hindrance that does not add much value.
+For example, if a malicious developer wanted to consume disk space
+on a victim's machine they could do so via Node's native file system API.
+
+By disabling this restriction or increasing the quota,
+electron application developers can use `localStorage`
+as their application's "back end", without being having
+to limit the amount of data stored to 10MiB.
+
+There may still be some benefit to keeping this restriction for applications that load remote content.
+Although all remote data should be from a trusted source and transferred using
+a secure channel, it is nevertheless advisable to include additional layers of protection
+to mitigate risks associated with potential compromise of those other technologies.
+With that in mind, an acceptable alternative to disabling the limit at compile-time
+(as this patch currently does) would be to instead allow it to be disabled at run-time
+for a given `BrowserWindow` via a `webPreferences` option,
+similar to [`nodeIntegration`](https://electronjs.org/docs/tutorial/security#2-disable-nodejs-integration-for-remote-content).
+
+diff --git a/content/common/dom_storage/dom_storage_map.cc b/content/common/dom_storage/dom_storage_map.cc
+index fd088fb170be..b90b6cf9132d 100644
+--- a/content/common/dom_storage/dom_storage_map.cc
+++ b/content/common/dom_storage/dom_storage_map.cc
+@@ -185,10 +185,12 @@ bool DOMStorageMap::SetItemInternal(MapType* map_type,
+   size_t new_item_size = size_in_storage(key, value);
+   size_t new_storage_used = storage_used_ - old_item_size + new_item_size;
+
+#if 0
+   // Only check quota if the size is increasing, this allows
+   // shrinking changes to pre-existing files that are over budget.
+   if (new_item_size > old_item_size && new_storage_used > quota_)
+     return false;
+#endif
+
+   (*map_type)[key] = value;
+   ResetKeyIterator();
+diff --git a/content/common/dom_storage/dom_storage_types.h b/content/common/dom_storage/dom_storage_types.h
+index e87afe5b8ee0..61c9a0dfff60 100644
+--- a/content/common/dom_storage/dom_storage_types.h
+++ b/content/common/dom_storage/dom_storage_types.h
+@@ -21,6 +21,7 @@ typedef std::map<base::string16, base::NullableString16> DOMStorageValuesMap;
+
+ // The quota for each storage area.
+ // This value is enforced in renderer processes and the browser process.
+// However, Electron's dom_storage_limits.patch removes the code that checks this limit.
+ const size_t kPerStorageAreaQuota = 10 * 1024 * 1024;
+
+ // In the browser process we allow some overage to
+diff --git a/content/renderer/dom_storage/dom_storage_cached_area.cc b/content/renderer/dom_storage/dom_storage_cached_area.cc
+index 402c27727ff1..f5908a1c55f9 100644
+--- a/content/renderer/dom_storage/dom_storage_cached_area.cc
+++ b/content/renderer/dom_storage/dom_storage_cached_area.cc
+@@ -53,11 +53,13 @@ bool DOMStorageCachedArea::SetItem(int connection_id,
+                                    const base::string16& key,
+                                    const base::string16& value,
+                                    const GURL& page_url) {
+#if 0
+   // A quick check to reject obviously overbudget items to avoid
+   // the priming the cache.
+   if ((key.length() + value.length()) * sizeof(base::char16) >
+       kPerStorageAreaQuota)
+     return false;
+#endif
+
+   PrimeIfNeeded(connection_id);
+   base::NullableString16 old_value;
+diff --git a/content/renderer/dom_storage/local_storage_cached_area.cc b/content/renderer/dom_storage/local_storage_cached_area.cc
+index ffa21c9200d0..0edbd6152292 100644
+--- a/content/renderer/dom_storage/local_storage_cached_area.cc
+++ b/content/renderer/dom_storage/local_storage_cached_area.cc
+@@ -141,11 +141,13 @@ bool LocalStorageCachedArea::SetItem(const base::string16& key,
+                                      const base::string16& value,
+                                      const GURL& page_url,
+                                      const std::string& storage_area_id) {
+#if 0
+   // A quick check to reject obviously overbudget items to avoid priming the
+   // cache.
+   if ((key.length() + value.length()) * sizeof(base::char16) >
+       kPerStorageAreaQuota)
+     return false;
+#endif
+
+   EnsureLoaded();
+   bool result = false;