From 623db8c5f5ecd11064003ed417b1c6072286340e Mon Sep 17 00:00:00 2001 From: "bzbarsky@mit.edu" Date: Mon, 24 Mar 2008 16:58:42 -0700 Subject: [PATCH] Just drop loads of scripts that are not signed if the loading page is. Bug 424426, r+sr=jst, a=beltzner --- content/base/src/nsScriptLoader.cpp | 59 ++++++++-------------- content/base/src/nsScriptLoader.h | 8 +-- content/xul/document/src/nsXULDocument.cpp | 16 +++--- 3 files changed, 30 insertions(+), 53 deletions(-) diff --git a/content/base/src/nsScriptLoader.cpp b/content/base/src/nsScriptLoader.cpp index 78da4b6bf9a0..bc4970bf51b2 100644 --- a/content/base/src/nsScriptLoader.cpp +++ b/content/base/src/nsScriptLoader.cpp @@ -850,11 +850,9 @@ nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest, "Could not convert external JavaScript to Unicode!"); NS_ENSURE_SUCCESS(rv, rv); - // -- Merge the principal of the script file with that of the document; if - // the script has a non-cert principal, the document's principal should be - // downgraded. - rv = DowngradePrincipalIfNeeded(mDocument, channel); - NS_ENSURE_SUCCESS(rv, rv); + if (!ShouldExecuteScript(mDocument, channel)) { + return NS_ERROR_NOT_AVAILABLE; + } } // This assertion could fire errorously if we ran out of memory when @@ -871,48 +869,31 @@ nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest, } /* static */ -nsresult -nsScriptLoader::DowngradePrincipalIfNeeded(nsIDocument* aDocument, - nsIChannel* aChannel) +PRBool +nsScriptLoader::ShouldExecuteScript(nsIDocument* aDocument, + nsIChannel* aChannel) { if (!aChannel) { - return NS_ERROR_UNEXPECTED; + return PR_FALSE; + } + + PRBool hasCert; + nsIPrincipal* docPrincipal = aDocument->NodePrincipal(); + docPrincipal->GetHasCertificate(&hasCert); + if (!hasCert) { + return PR_TRUE; } nsCOMPtr channelPrincipal; nsresult rv = nsContentUtils::GetSecurityManager()-> GetChannelPrincipal(aChannel, getter_AddRefs(channelPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); + NS_ENSURE_SUCCESS(rv, PR_FALSE); NS_ASSERTION(channelPrincipal, "Gotta have a principal here!"); - // If the document principal is a cert principal and aNewPrincipal - // is not the same as the channel principal, downgrade the document - // principal to a codebase principal. - - PRBool hasCert; - nsIPrincipal* docPrincipal = aDocument->NodePrincipal(); - docPrincipal->GetHasCertificate(&hasCert); - if (hasCert) { - PRBool equal; - docPrincipal->Equals(channelPrincipal, &equal); - if (!equal) { - nsCOMPtr uri, domain; - docPrincipal->GetURI(getter_AddRefs(uri)); - docPrincipal->GetDomain(getter_AddRefs(domain)); - - nsCOMPtr newPrincipal; - rv = nsContentUtils::GetSecurityManager()-> - GetCodebasePrincipal(uri, getter_AddRefs(newPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); - - NS_ASSERTION(newPrincipal, "Gotta have a new principal"); - if (domain) { - newPrincipal->SetDomain(domain); - } - aDocument->SetPrincipal(newPrincipal); - } - } - - return NS_OK; + // If the document principal is a cert principal and is not the same + // as the channel principal, then we don't execute the script. + PRBool equal; + rv = docPrincipal->Equals(channelPrincipal, &equal); + return NS_SUCCEEDED(rv) && equal; } diff --git a/content/base/src/nsScriptLoader.h b/content/base/src/nsScriptLoader.h index 72073312cf3b..04e76cfe8ea9 100644 --- a/content/base/src/nsScriptLoader.h +++ b/content/base/src/nsScriptLoader.h @@ -181,11 +181,11 @@ public: void ProcessPendingRequests(); /** - * If needed, downgrade the principal of aDocument based on the - * principal of aChannel. + * Check whether it's OK to execute a script loaded via aChannel in + * aDocument. */ - static nsresult DowngradePrincipalIfNeeded(nsIDocument* aDocument, - nsIChannel* aChannel); + static PRBool ShouldExecuteScript(nsIDocument* aDocument, + nsIChannel* aChannel); protected: /** diff --git a/content/xul/document/src/nsXULDocument.cpp b/content/xul/document/src/nsXULDocument.cpp index f88030a494a7..cb30756630f9 100644 --- a/content/xul/document/src/nsXULDocument.cpp +++ b/content/xul/document/src/nsXULDocument.cpp @@ -3336,18 +3336,15 @@ nsXULDocument::OnStreamComplete(nsIStreamLoader* aLoader, rv = nsScriptLoader::ConvertToUTF16(channel, string, stringLen, EmptyString(), this, stringStr); if (NS_SUCCEEDED(rv)) { - // Downgrade _before_ compiling, since that's when the - // script saves its principal. - rv = nsScriptLoader::DowngradePrincipalIfNeeded(this, channel); - if (NS_SUCCEEDED(rv)) { - rv = scriptProto->Compile(stringStr.get(), stringStr.Length(), - uri, 1, this, mCurrentPrototype); - } + rv = scriptProto->Compile(stringStr.get(), stringStr.Length(), + uri, 1, this, mCurrentPrototype); } aStatus = rv; if (NS_SUCCEEDED(rv)) { - rv = ExecuteScript(scriptProto); + if (nsScriptLoader::ShouldExecuteScript(this, channel)) { + rv = ExecuteScript(scriptProto); + } // If the XUL cache is enabled, save the script object there in // case different XUL documents source the same script. @@ -3429,8 +3426,7 @@ nsXULDocument::OnStreamComplete(nsIStreamLoader* aLoader, // Execute only if we loaded and compiled successfully, then resume if (NS_SUCCEEDED(aStatus) && scriptProto->mScriptObject.mObject && - NS_SUCCEEDED(nsScriptLoader::DowngradePrincipalIfNeeded(doc, - channel))) { + nsScriptLoader::ShouldExecuteScript(doc, channel)) { doc->ExecuteScript(scriptProto); } doc->ResumeWalk();