diff --git a/toolkit/components/downloads/src/nsDownloadManager.cpp b/toolkit/components/downloads/src/nsDownloadManager.cpp index 4ba5dd6d2e83..9ffc7cd4de90 100644 --- a/toolkit/components/downloads/src/nsDownloadManager.cpp +++ b/toolkit/components/downloads/src/nsDownloadManager.cpp @@ -1367,7 +1367,7 @@ nsDownloadManager::AddDownload(DownloadType aDownloadType, DownloadState startState = nsIDownloadManager::DOWNLOAD_QUEUED; #if defined(XP_WIN) && !defined(__MINGW32__) && !defined(WINCE) if (mScanner) { - AVCheckPolicyState res = mScanner->CheckPolicy(source, target); + AVCheckPolicyState res = mScanner->CheckPolicy(aSource, aTarget); if (res == AVPOLICY_BLOCKED) { // This download will get deleted during a call to IAE's Save, // so go ahead and mark it as blocked and avoid the download. diff --git a/toolkit/components/downloads/src/nsDownloadScanner.cpp b/toolkit/components/downloads/src/nsDownloadScanner.cpp index 41f8c0da9e7f..d9a95f20d165 100644 --- a/toolkit/components/downloads/src/nsDownloadScanner.cpp +++ b/toolkit/components/downloads/src/nsDownloadScanner.cpp @@ -260,16 +260,37 @@ nsDownloadScanner::ListCLSID() } // If IAttachementExecute is available, use the CheckPolicy call to find out -// if this download should be prevented due to Internet Zone Policy settings. +// if this download should be prevented due to Security Zone Policy settings. AVCheckPolicyState -nsDownloadScanner::CheckPolicy(const nsACString &aSource, const nsACString &aTarget) +nsDownloadScanner::CheckPolicy(nsIURI *aSource, nsIURI *aTarget) { - if (aSource.IsEmpty()) + nsresult rv; + + if (!aSource || !aTarget) return AVPOLICY_DOWNLOAD; if (!mHaveAttachmentExecute) return AVPOLICY_DOWNLOAD; + nsCAutoString source, target; + rv = aSource->GetSpec(source); + if (NS_FAILED(rv)) + return AVPOLICY_DOWNLOAD; + + rv = aTarget->GetSpec(target); + if (NS_FAILED(rv)) + return AVPOLICY_DOWNLOAD; + + // IAttachementExecute prohibits src data: schemes by default but we + // support them. If this is a data src, skip off doing a policy check. + // (The file will still be scanned once it lands on the local system.) + PRBool isDataScheme(PR_FALSE); + nsCOMPtr innerURI = NS_GetInnermostURI(aSource); + if (innerURI) + (void)innerURI->SchemeIs("data", &isDataScheme); + if (isDataScheme) + return AVPOLICY_DOWNLOAD; + nsRefPtr ae; HRESULT hr; hr = CoCreateInstance(CLSID_AttachmentServices, NULL, CLSCTX_INPROC, @@ -278,9 +299,8 @@ nsDownloadScanner::CheckPolicy(const nsACString &aSource, const nsACString &aTar return AVPOLICY_DOWNLOAD; (void)ae->SetClientGuid(GUID_MozillaVirusScannerPromptGeneric); - (void)ae->SetSource(NS_ConvertUTF8toUTF16(aSource).get()); - if (!aTarget.IsEmpty()) - (void)ae->SetLocalPath(NS_ConvertUTF8toUTF16(aTarget).get()); + (void)ae->SetSource(NS_ConvertUTF8toUTF16(source).get()); + (void)ae->SetLocalPath(NS_ConvertUTF8toUTF16(target).get()); // Any failure means the file download/exec will be blocked by the system. // S_OK or S_FALSE imply it's ok. @@ -338,7 +358,8 @@ nsresult ReleaseDispatcher::Run() { nsDownloadScanner::Scan::Scan(nsDownloadScanner *scanner, nsDownload *download) : mDLScanner(scanner), mThread(NULL), - mDownload(download), mStatus(AVSCAN_NOTSTARTED) + mDownload(download), mStatus(AVSCAN_NOTSTARTED), + mSkipSource(PR_FALSE) { InitializeCriticalSection(&mStateSync); } @@ -403,6 +424,12 @@ nsDownloadScanner::Scan::Start() (void)innerURI->SchemeIs("https", &isHttps); mIsHttpDownload = isHttp || isFtp || isHttps; + // IAttachementExecute prohibits src data: schemes by default but we + // support them. Mark the download if it's a data scheme, so we + // can skip off supplying the src to IAttachementExecute when we scan + // the resulting file. + (void)innerURI->SchemeIs("data", &mSkipSource); + // ResumeThread returns the previous suspend count if (1 != ::ResumeThread(mThread)) { CloseHandle(mThread); @@ -485,7 +512,9 @@ nsDownloadScanner::Scan::DoScanAES() __try { (void)ae->SetClientGuid(GUID_MozillaVirusScannerPromptGeneric); (void)ae->SetLocalPath(mPath.BeginWriting()); - (void)ae->SetSource(mOrigin.BeginWriting()); + // Provide the src for everything but data: schemes. + if (!mSkipSource) + (void)ae->SetSource(mOrigin.BeginWriting()); // Save() will invoke the scanner hr = ae->Save(); diff --git a/toolkit/components/downloads/src/nsDownloadScanner.h b/toolkit/components/downloads/src/nsDownloadScanner.h index c420633fa0da..26e833f5d16e 100644 --- a/toolkit/components/downloads/src/nsDownloadScanner.h +++ b/toolkit/components/downloads/src/nsDownloadScanner.h @@ -51,7 +51,7 @@ public: ~nsDownloadScanner(); nsresult Init(); nsresult ScanDownload(nsDownload *download); - AVCheckPolicyState CheckPolicy(const nsACString &aSource, const nsACString &aTarget); + AVCheckPolicyState CheckPolicy(nsIURI *aSource, nsIURI *aTarget); private: PRBool mHaveAVScanner; @@ -96,6 +96,7 @@ private: nsString mOrigin; // Also true if it is an ftp download PRBool mIsHttpDownload; + PRBool mSkipSource; PRBool mIsReadOnlyRequest; /* @summary Sets the Scan's state to newState if the current state is diff --git a/toolkit/components/downloads/test/unit/test_bug_420230.js b/toolkit/components/downloads/test/unit/test_bug_420230.js new file mode 100644 index 000000000000..af7c103458f1 --- /dev/null +++ b/toolkit/components/downloads/test/unit/test_bug_420230.js @@ -0,0 +1,107 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Download Manager UI Test Code. + * + * The Initial Developer of the Original Code is + * Mozilla Corporation. + * Portions created by the Initial Developer are Copyright (C) 2008 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Jim Mathies + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +// This tests data uri downloading of the DM in relation to the new security policy +// checks put in place on windows. (bug 416683) + +const nsIDownloadManager = Ci.nsIDownloadManager; +const dm = Cc["@mozilla.org/download-manager;1"].getService(nsIDownloadManager); + +function run_test() +{ + // Don't finish until the download is finished + do_test_pending(); + + function addDownload() { + const nsIWBP = Ci.nsIWebBrowserPersist; + var persist = Cc["@mozilla.org/embedding/browser/nsWebBrowserPersist;1"] + .createInstance(Ci.nsIWebBrowserPersist); + persist.persistFlags = nsIWBP.PERSIST_FLAGS_REPLACE_EXISTING_FILES | + nsIWBP.PERSIST_FLAGS_BYPASS_CACHE | + nsIWBP.PERSIST_FLAGS_AUTODETECT_APPLY_CONVERSION; + + // Download to a temp local file + let file = dirSvc.get("ProfD", Ci.nsIFile); + file.append("policychecktest.png"); + if (file.exists()) + file.remove(false); + file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0666); + + var dl = dm.addDownload(Ci.nsIDownloadManager.DOWNLOAD_TYPE_DOWNLOAD, + createURI("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACGFjVEwAAAAEAAAAAHzNZtAAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAAAPoD6AEBim0EngAAAfVJREFUOI2tke9LEwEYx/0vwwgpRKLoTRC+iAhXSFJYYEERbZjd1N1+5I+dW+laeh1rmkKzbbftpuvWvN020aSs5t0+vVgO5hy98QvfNw/P9/N94OnpOUvp1UO8sSrCSpmX0RL+mMHCeoUP6V0S29/JlX6g6vt0BQTiVRLf6qimTdq0SZdtFiIKzukgvvlFBHGWKWm1E3Cy2bVU5Pmbr4iSwtjrT8jqDr+A1S0TlxiiVqvx3+ZU2WbcM8dUvERuD5ImpHYhlDAIhRfbARPvd1BNm0yladW0SRoWLsHHhgnZGpQPoPoT0nvgFPztAOdSkYxpoZoWXwyLzZJFomQxLnhYzu5hHsJvCw5siCQN3O7JdsCzcIFMpRmKbdWRtTqK9gePL4gwG0XVKxwBa7kST168wjCMdsDjeY1Nw0LJH7GSa9o7JyOKPgZvDuH1z+CenMI14WFsWu78wsOAymrBaoVFKY5e0Bm4eh1Zs5A1i8ujEeR8g77hcCdgxJNEyTcXRX8IfVvn4sA13qUOkTUbWbPpv7+InG/Q65A6AXeFz63Fj8tLDDpGcc6s/Zs1Ws2TcoX+e6dccGt8vQU4Dpx0r0PigiOIkih2AoYm1gms7Z8alPON7s3H2sia3HiqcOVRlIEHES6NvKVvOMz5OxLnbs93bz4L/QVUgSoBF8urgQAAABpmY1RMAAAAAQAAAA8AAAAQAAAAAQAAAAAA+gPoAQGATZxOAAAB82ZkQVQAAAACKJGt0OFLE3Ecx3H/yzBCChlR9CQIH0SEKyQpTLCgiDbWum3u3Eydc6u5ll6HqU1otu3cbmpn5+22iSa1Su/27sFyYzJ8Ul/4PPnxefGBX0/P/zqtWmdiqYqwWOZFSie8ZDCXrvA+v0dm6xtF/TuKdkBXPLlcJfP1CMW0yZs2+bLNXFLGNT5LKJJAEKcJRFc4c9E9v8Oz118QozJjrz4iKbv8BFY2TdxijFqtxpmLubKNJzhDYFmnuA9ZE3J7EMsYxOKJNva+20UxbTYqzSimTdawcAsh1kwo1KB8CNUfkN8HlxBuY9f8DhumhWJafDYs1nWLjG7hEYIsFPYx6/DLgkMbklkDn8/fxk/j22xUmmBp8whJPUJWfxMMzSJMp1C0CsfAalHn8fOXGIbRxo8iKuuGhVw6ZrHYzMSMhCiGGLg5yER4Cp8/gNsbZGxc6vzth5MKK9tWC4rRZbRtDcfV60iqhaRaXB5JIpUa9A3FO/FwMItcapbEcAxtS+Oi4xpvc3Uk1UZSbfrvJ5BKDXqd0U58V/jUKn1YmGfAOYJravXvW6O16Jcq9N87tXzLk27hk/Lp9DqjXHDOImd2OvGgN83k6kFXJJUa3RdPbq1gcuOJzJXRFI4HSS4Nv6FvKM75O1HO3Y50X/zX+wPZgSoB2RWdYAAAABpmY1RMAAAAAwAAAA8AAAAPAAAAAQAAAAEA+gPoAQHbRhjBAAAB9GZkQVQAAAAEKJGt0P9LE3Ecx/H9l2GEFDKi6Jcg/CEiXCFJYYEFRbSx1vll52bqNrdyy/TTYbomNNt2upva2Xm7baJJWendnv2w3JgMf+oNr18+vB684ONy/a/Tq4eML1aRFsq8nDMIL5rMZCp8KOyS3fxO0fiBqu/TEU8sVcl+O0K1HAqWQ6HsMJNS8I5FCUVmkeQpRmPLnLnoS27z/M1X5JjC0OtPCHWHX8DyhoVPjlOr1ThzMV928AenGV0yKO5BzoL8LsSzJvHEbAsH3u+gWg5rlUZUyyFn2vikECsWrNegfADVn1DYA68UbmFvcps1y0a1bL6YNquGTdaw8UtB5tf3sA7htw0HDqRyJsPDIy38LLHFWqUBFjeOENoRivaHYCiKNDWHqlc4BtJFgycvXmGaZgs/jmismjZK6ZiFYiPj0wJZDtF7s4/x8CTDI6P4AkGGxkT7bz+cUFnesptQji2hb+m4r15HaDZCs7k8mEKU6nT3J9rxQDCHUmqU5HAcfVPnovsa7/KHCM1BaA4992cRpTpdnlg7vit9bpY+zifp9QzinUz/e6s3F0dEhZ57p5Zv+TNNfFI+nS5PjAueKEp2ux33BTJMpPc7IlGqd148uZV1ixtPFa48msP9IMWlgbd09yc4fyfGuduRzosul+sv1q4qAfNb7esAAAAaZmNUTAAAAAUAAAAQAAAADwAAAAAAAAABAPoD6AEBp98YvwAAAflmZEFUAAAABiiRrZHhSxNxGMf3X4YRUohE0ZsgfBERrpCkMMGCItqwdZvu3Ezdzq3cWnodpqbQbNvN3dTOztttE01qld7t04vlYM7Rmx74vvnxfD+fB34u1/8cvVJjYrGCsFDiRcogvGgyu1rmfW6P9NY3CsZ3VP2AjoDJpQrpr0eolkPOcsiVHGaTCp7xKKHIHII4zZi03A44bfYmdnj2+guipDDy6iOyustPYHnTwivGqFar/NOcLTmMBmcYWzIo7EPGguwexNImsfhcK8D3bhfVcsiXG1Eth4xp4xVCrFmwUYXSIVR+QG4fPEK4FeBJ7JC3bFTL5rNps27YpA2bUSHI/MY+Vg1+2XDoQDJj4vcHWgFP49vky43S4uYRsnaEov0mGIoiTKdQ9TLHwErB4PHzl5im2Qp4FNFYN22U4jELhUYmZmREMUTfzX4mwlP4A2N4fUFGxuX2X3g4qbK8bTfLorSEvq3Te/U6smYjazaXh5LIxTrdA/F2wGAwg1JsLIrhGPqWzsXea7zN1pA1B1lz6Lk/h1ys0+WW2gF3hU/NxQ/zCfrcQ3imVv6+1ZvmgFym594ZF9waXW0CTgqn0+WWuOCOoqR32gH9vlUmVw7OLMrFemfzyaxtWNx4onBlOEXvgySXBt/QPRDn/B2Jc7cjnc0ul+sPqZsqAeXgvCsAAAAASUVORK5CYII="), + createURI(file), null, null, + Math.round(Date.now() * 1000), null, persist); + + persist.progressListener = dl.QueryInterface(Ci.nsIWebProgressListener); + persist.saveURI(dl.source, null, null, null, null, dl.targetFile); + + return dl; + } + + let listener = { + onDownloadStateChange: function(aState, aDownload) + { + switch (aDownload.state) { + case dm.DOWNLOAD_FAILED: + case dm.DOWNLOAD_CANCELED: + case dm.DOWNLOAD_FAILED: + case dm.DOWNLOAD_DIRTY: + case dm.DOWNLOAD_BLOCKED_POLICY: + // Fail! + if (aDownload.targetFile.exists()) + aDownload.targetFile.remove(false); + dm.removeListener(this); + do_throw("data: uri failed to download successfully"); + do_test_finished(); + break; + + case dm.DOWNLOAD_FINISHED: + do_check_true(aDownload.targetFile.exists()); + aDownload.targetFile.remove(false); + dm.removeListener(this); + do_test_finished(); + break; + } + } + }; + + dm.addListener(listener); + + addDownload(); + + cleanup(); +}