Bug 1688452 - Part 2: Retrofit nsExpatDriver to use RLBoxed libexpat r=tjr,peterv

Depends on D117102 Differential Revision: https://phabricator.services.mozilla.com/D104658
2024-11-29 07:42:04 +00:00 · 2021-09-29 14:31:44 +00:00 · 2021-09-29 14:31:44 +00:00 · 7d9f1d992f
commit 7d9f1d992f
parent 4bb477c01b
2 changed files with 723 additions and 221 deletions
--- a/parser/htmlparser/nsExpatDriver.cpp
+++ b/parser/htmlparser/nsExpatDriver.cpp
--- a/parser/htmlparser/nsExpatDriver.h
+++ b/parser/htmlparser/nsExpatDriver.h
@ -15,9 +15,12 @@
 #include "nsIInputStream.h"
 #include "nsIParser.h"
 #include "nsCycleCollectionParticipant.h"
+#include "rlbox_expat.h"
+#include "mozilla/Mutex.h"

 class nsIExpatSink;
 struct nsCatalogData;
+class RLBoxExpatData;

 class nsExpatDriver : public nsIDTD, public nsITokenizer {
  virtual ~nsExpatDriver();
@ -33,14 +36,20 @@ class nsExpatDriver : public nsIDTD, public nsITokenizer {
  int HandleExternalEntityRef(const char16_t* aOpenEntityNames,
                              const char16_t* aBase, const char16_t* aSystemId,
                              const char16_t* aPublicId);
-  static void HandleStartElement(void* aUserData, const char16_t* aName,
-                                 const char16_t** aAtts);
-  static void HandleStartElementForSystemPrincipal(void* aUserData,
-                                                   const char16_t* aName,
-                                                   const char16_t** aAtts);
-  static void HandleEndElement(void* aUserData, const char16_t* aName);
-  static void HandleEndElementForSystemPrincipal(void* aUserData,
-                                                 const char16_t* aName);
+  static void HandleStartElement(rlbox_sandbox_expat& aSandbox,
+                                 tainted_expat<void*> t_aUserData,
+                                 tainted_expat<const char16_t*> t_aName,
+                                 tainted_expat<const char16_t**> t_aAtts);
+  static void HandleStartElementForSystemPrincipal(
+      rlbox_sandbox_expat& aSandbox, tainted_expat<void*> t_aUserData,
+      tainted_expat<const char16_t*> t_aName,
+      tainted_expat<const char16_t**> t_aAtts);
+  static void HandleEndElement(rlbox_sandbox_expat& aSandbox,
+                               tainted_expat<void*> t_aUserData,
+                               tainted_expat<const char16_t*> t_aName);
+  static void HandleEndElementForSystemPrincipal(
+      rlbox_sandbox_expat& aSandbox, tainted_expat<void*> t_aUserData,
+      tainted_expat<const char16_t*> t_aName);
  nsresult HandleCharacterData(const char16_t* aCData, const uint32_t aLength);
  nsresult HandleComment(const char16_t* aName);
  nsresult HandleProcessingInstruction(const char16_t* aTarget,
@ -91,7 +100,11 @@ class nsExpatDriver : public nsIDTD, public nsITokenizer {
           mInternalState == NS_ERROR_HTMLPARSER_INTERRUPTED;
  }

-  XML_Parser mExpatParser;
+  std::shared_ptr<RLBoxExpatData> mSandboxData;
+  rlbox_sandbox_expat* mSandbox;     // alias to mSandboxData->mSandbox
+  app_pointer_expat<void*> mAppPtr;  // app pointer to this driver
+  tainted_expat<XML_Parser> mExpatParser;
+
  nsString mLastLine;
  nsString mCDataText;
  // Various parts of a doctype
@ -128,4 +141,34 @@ class nsExpatDriver : public nsIDTD, public nsITokenizer {
  uint64_t mInnerWindowID;
 };

+class RLBoxExpatData {
+  friend class nsExpatDriver;
+
+ public:
+  explicit RLBoxExpatData(bool isSystemPrincipal);
+  static std::shared_ptr<RLBoxExpatData> GetRLBoxExpatData(
+      bool isSystemPrincipal);
+
+  RLBoxExpatData() = delete;
+  ~RLBoxExpatData();
+
+ private:
+  // Pointer to sandbox
+  rlbox_sandbox_expat* mSandbox;
+  // RLBox expat callbacks
+  sandbox_callback_expat<XML_XmlDeclHandler> mHandleXMLDeclaration;
+  sandbox_callback_expat<XML_StartElementHandler> mHandleStartElement;
+  sandbox_callback_expat<XML_EndElementHandler> mHandleEndElement;
+  sandbox_callback_expat<XML_CharacterDataHandler> mHandleCharacterData;
+  sandbox_callback_expat<XML_ProcessingInstructionHandler>
+      mHandleProcessingInstruction;
+  sandbox_callback_expat<XML_DefaultHandler> mHandleDefault;
+  sandbox_callback_expat<XML_ExternalEntityRefHandler> mHandleExternalEntityRef;
+  sandbox_callback_expat<XML_CommentHandler> mHandleComment;
+  sandbox_callback_expat<XML_StartCdataSectionHandler> mHandleStartCdataSection;
+  sandbox_callback_expat<XML_EndCdataSectionHandler> mHandleEndCdataSection;
+  sandbox_callback_expat<XML_StartDoctypeDeclHandler> mHandleStartDoctypeDecl;
+  sandbox_callback_expat<XML_EndDoctypeDeclHandler> mHandleEndDoctypeDecl;
+};
+
 #endif