guix/gnu/packages/patches/icecat-CVE-2015-2743.patch
Mark H Weaver 4463c0d216 gnu: icecat: Fix CVE-2015-{2722,2724,2728,2733,2735,2736,2738,2739,2740,2743}.
* gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch,
  gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch,
  gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch,
  gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch,
  gnu/packages/patches/icecat-CVE-2015-2735.patch,
  gnu/packages/patches/icecat-CVE-2015-2736.patch,
  gnu/packages/patches/icecat-CVE-2015-2738.patch,
  gnu/packages/patches/icecat-CVE-2015-2739.patch,
  gnu/packages/patches/icecat-CVE-2015-2740.patch,
  gnu/packages/patches/icecat-CVE-2015-2743.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2015-07-04 05:44:10 -04:00

73 lines
3 KiB
Diff

From 9ed97d606aaaf79776b0e19a73ba30d8ad0685b5 Mon Sep 17 00:00:00 2001
From: Ben Turner <bent.mozilla@gmail.com>
Date: Tue, 26 May 2015 17:27:01 -0400
Subject: [PATCH] Bug 1163109 - Restrict the resource:// weirdness in workers
to loads from a system principal. r=bzbarsky, a=lizzard
--HG--
extra : transplant_source : sQUdu%7C%ED%84%CA%5B%91%89/%1B2%25%CFY%B0%C3
---
dom/workers/ScriptLoader.cpp | 37 ++++++++++++++++---------------------
1 file changed, 16 insertions(+), 21 deletions(-)
diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp
index 0dfe625..3335c3e 100644
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -509,22 +509,6 @@ private:
rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal));
NS_ENSURE_SUCCESS(rv, rv);
- // See if this is a resource URI. Since JSMs usually come from resource://
- // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE
- // flag as valid for creating privileged workers.
- if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
- bool isResource;
- rv = NS_URIChainHasFlags(finalURI,
- nsIProtocolHandler::URI_IS_UI_RESOURCE,
- &isResource);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (isResource) {
- rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal));
- NS_ENSURE_SUCCESS(rv, rv);
- }
- }
-
// If the load principal is the system principal then the channel
// principal must also be the system principal (we do not allow chrome
// code to create workers with non-chrome scripts). Otherwise this channel
@@ -532,14 +516,25 @@ private:
// here in case redirects changed the location of the script).
if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) {
if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
- return NS_ERROR_DOM_BAD_URI;
+ // See if this is a resource URI. Since JSMs usually come from
+ // resource:// URIs we're currently considering all URIs with the
+ // URI_IS_UI_RESOURCE flag as valid for creating privileged workers.
+ bool isResource;
+ rv = NS_URIChainHasFlags(finalURI,
+ nsIProtocolHandler::URI_IS_UI_RESOURCE,
+ &isResource);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (isResource) {
+ // Assign the system principal to the resource:// worker only if it
+ // was loaded from code using the system principal.
+ channelPrincipal = loadPrincipal;
+ } else {
+ return NS_ERROR_DOM_BAD_URI;
+ }
}
}
else {
- nsCString scheme;
- rv = finalURI->GetScheme(scheme);
- NS_ENSURE_SUCCESS(rv, rv);
-
// We exempt data urls and other URI's that inherit their
// principal again.
if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) {
--
2.4.3