Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-07 09:54:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1182569 - Skip security check for plugins using newstream attribute. r=smaug

Browse Source
This commit is contained in:
Christoph Kerschbaumer 2017-01-03 20:59:54 +01:00
parent c88d12696d
commit 63fe5cb0bb
5 changed files with 46 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docshell/base/nsDocShell.cpp
View File

@ -13787,7 +13787,8 @@ public:
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
bool aNoOpenerImplied,
bool aIsTrusted);
bool aIsTrusted,
nsIPrincipal* aTriggeringPrincipal);
NS_IMETHOD Run() override
{
@ -13804,7 +13805,7 @@ public:
mTargetSpec.get(), mFileName,
mPostDataStream, mHeadersDataStream,
mNoOpenerImplied,
nullptr, nullptr);
nullptr, nullptr, mTriggeringPrincipal);
}
return NS_OK;
}
@ -13820,6 +13821,7 @@ private:
PopupControlState mPopupState;
bool mNoOpenerImplied;
bool mIsTrusted;
nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
};
OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
@ -13830,7 +13832,8 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
bool aNoOpenerImplied,
bool aIsTrusted)
bool aIsTrusted,
nsIPrincipal* aTriggeringPrincipal)
: mHandler(aHandler)
, mURI(aURI)
, mTargetSpec(aTargetSpec)
@ -13841,6 +13844,7 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
, mPopupState(mHandler->mScriptGlobal->GetPopupControlState())
, mNoOpenerImplied(aNoOpenerImplied)
, mIsTrusted(aIsTrusted)
, mTriggeringPrincipal(aTriggeringPrincipal)
{
}
@ -13851,7 +13855,8 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
const nsAString& aFileName,
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
bool aIsTrusted)
bool aIsTrusted,
nsIPrincipal* aTriggeringPrincipal)
{
NS_ASSERTION(NS_IsMainThread(), "wrong thread");
@ -13895,7 +13900,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
nsCOMPtr<nsIRunnable> ev =
new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName,
aPostDataStream, aHeadersDataStream, noOpenerImplied,
aIsTrusted);
aIsTrusted, aTriggeringPrincipal);
return NS_DispatchToCurrentThread(ev);
}
@ -13908,7 +13913,8 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
nsIInputStream* aHeadersDataStream,
bool aNoOpenerImplied,
nsIDocShell** aDocShell,
nsIRequest** aRequest)
nsIRequest** aRequest,
nsIPrincipal* aTriggeringPrincipal)
{
// Initialize the DocShell / Request
if (aDocShell) {
@ -14034,13 +14040,18 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
return NS_ERROR_OUT_OF_MEMORY;
}
// if the triggeringPrincipal is not passed explicitly, then we
// fall back to using doc->NodePrincipal() as the triggeringPrincipal.
nsCOMPtr<nsIPrincipal> triggeringPrincipal =
aTriggeringPrincipal ? aTriggeringPrincipal
: aContent->NodePrincipal();
nsresult rv = InternalLoad(clonedURI, // New URI
nullptr, // Original URI
false, // LoadReplace
referer, // Referer URI
refererPolicy, // Referer policy
aContent->NodePrincipal(), // Triggering is our node's
// principal
triggeringPrincipal,
aContent->NodePrincipal(),
flags,
target, // Window target

6
docshell/base/nsDocShell.h
View File

@ -200,7 +200,8 @@ public:
const nsAString& aFileName,
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
bool aIsTrusted) override;
bool aIsTrusted,
nsIPrincipal* aTriggeringPrincipal) override;
NS_IMETHOD OnLinkClickSync(nsIContent* aContent,
nsIURI* aURI,
const char16_t* aTargetSpec,
@ -209,7 +210,8 @@ public:
nsIInputStream* aHeadersDataStream = 0,
bool aNoOpenerImplied = false,
nsIDocShell** aDocShell = 0,
nsIRequest** aRequest = 0) override;
nsIRequest** aRequest = 0,
nsIPrincipal* aTriggeringPrincipal = nullptr) override;
NS_IMETHOD OnOverLink(nsIContent* aContent,
nsIURI* aURI,
const char16_t* aTargetSpec) override;

10
docshell/base/nsILinkHandler.h
View File

@ -37,6 +37,8 @@ public:
* @param aFileName non-null when the link should be downloaded as the given file
* @param aHeadersDataStream ???
* @param aIsTrusted false if the triggerer is an untrusted DOM event.
* @param aTriggeringPrincipal, if not passed explicitly we fall back to
* the document's principal.
*/
NS_IMETHOD OnLinkClick(nsIContent* aContent,
nsIURI* aURI,
@ -44,7 +46,8 @@ public:
const nsAString& aFileName,
nsIInputStream* aPostDataStream,
nsIInputStream* aHeadersDataStream,
bool aIsTrusted) = 0;
bool aIsTrusted,
nsIPrincipal* aTriggeringPrincipal) = 0;
/**
* Process a click on a link.
@ -62,6 +65,8 @@ public:
* @param aNoOpenerImplied if the link implies "noopener"
* @param aDocShell (out-param) the DocShell that the request was opened on
* @param aRequest the request that was opened
* @param aTriggeringPrincipal, if not passed explicitly we fall back to
* the document's principal.
*/
NS_IMETHOD OnLinkClickSync(nsIContent* aContent,
nsIURI* aURI,
@ -71,7 +76,8 @@ public:
nsIInputStream* aHeadersDataStream = 0,
bool aNoOpenerImplied = false,
nsIDocShell** aDocShell = 0,
nsIRequest** aRequest = 0) = 0;
nsIRequest** aRequest = 0,
nsIPrincipal* aTriggeringPrincipal = nullptr) = 0;
/**
* Process a mouse-over a link.

2
dom/base/nsContentUtils.cpp
View File

@ -5133,7 +5133,7 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
handler->OnLinkClick(aContent, aLinkURI,
fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
fileName, nullptr, nullptr, aIsTrusted);
fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());
}
}

25
dom/plugins/base/nsPluginInstanceOwner.cpp
View File

@ -535,16 +535,6 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
nsresult rv = NS_NewURI(getter_AddRefs(uri), aURL, baseURI);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
if (aDoCheckLoadURIChecks) {
nsCOMPtr<nsIScriptSecurityManager> secMan(
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
rv = secMan->CheckLoadURIWithPrincipal(content->NodePrincipal(), uri,
nsIScriptSecurityManager::STANDARD);
NS_ENSURE_SUCCESS(rv, rv);
}
nsCOMPtr<nsIInputStream> headersDataStream;
if (aPostStream && aHeadersData) {
if (!aHeadersDataLen)
@ -563,8 +553,21 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
Preferences::GetInt("privacy.popups.disable_from_plugins");
nsAutoPopupStatePusher popupStatePusher((PopupControlState)blockPopups);
// if security checks (in particular CheckLoadURIWithPrincipal) needs
// to be skipped we are creating a codebasePrincipal to make sure
// that security check succeeds. Please note that we do not want to
// fall back to using the systemPrincipal, because that would also
// bypass ContentPolicy checks which should still be enforced.
nsCOMPtr<nsIPrincipal> triggeringPrincipal;
if (!aDoCheckLoadURIChecks) {
mozilla::PrincipalOriginAttributes attrs =
BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef();
triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
}
rv = lh->OnLinkClick(content, uri, unitarget.get(), NullString(),
aPostStream, headersDataStream, true);
aPostStream, headersDataStream, true, triggeringPrincipal);
return rv;
}