guix/gnu/packages/patches/icecat-CVE-2014-1590.patch
Mark H Weaver 9f8552fab5 gnu: icecat: Apply security updates for CVE-2014-{1587,1590,1592,1593,1594}.
* gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch,
  gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch,
  gnu/packages/patches/icecat-CVE-2014-1590.patch,
  gnu/packages/patches/icecat-CVE-2014-1592.patch,
  gnu/packages/patches/icecat-CVE-2014-1593.patch,
  gnu/packages/patches/icecat-CVE-2014-1594.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat): Add them.
2014-12-15 20:42:53 -05:00

33 lines
1.1 KiB
Diff

commit 50c5ca4bacf7cda77c3a7ab1b8d82ded18fb3355
Author: Olli Pettay <Olli.Pettay@helsinki.fi>
Date: Sun Nov 2 22:01:55 2014 +0200
Bug 1087633 - Filter out XPConnect wrapped input streams. r=bz, a=lmandel
Modified content/base/src/nsXMLHttpRequest.h
diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h
index b1fc4e3..4ab4f29 100644
--- a/content/base/src/nsXMLHttpRequest.h
+++ b/content/base/src/nsXMLHttpRequest.h
@@ -28,7 +28,8 @@
#include "nsIPrincipal.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsISizeOfEventTarget.h"
-
+#include "nsIXPConnect.h"
+#include "nsIInputStream.h"
#include "mozilla/Assertions.h"
#include "mozilla/DOMEventTargetHelper.h"
#include "mozilla/MemoryReporting.h"
@@ -446,6 +447,11 @@ public:
void Send(nsIInputStream* aStream, ErrorResult& aRv)
{
NS_ASSERTION(aStream, "Null should go to string version");
+ nsCOMPtr<nsIXPConnectWrappedJS> wjs = do_QueryInterface(aStream);
+ if (wjs) {
+ aRv.Throw(NS_ERROR_DOM_TYPE_ERR);
+ return;
+ }
aRv = Send(RequestBody(aStream));
}
void SendAsBinary(const nsAString& aBody, ErrorResult& aRv);