Bug 1263496 - Part 3: fix for nsNullPrincipal::Create

This fixed the locations listed by http://searchfox.org/mozilla-central/search?q=nsNullPrincipal::Create(&redirect=true that needs to inherit origin attributes.
2024-11-23 21:01:08 +00:00 · 2016-04-21 16:51:25 +08:00 · 2016-04-21 16:51:25 +08:00 · ba1bb72568
commit ba1bb72568
parent 7ae2e09f40
23 changed files with 34 additions and 47 deletions
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@ -553,7 +553,7 @@ BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttrib
                                    &inheritsPrincipal);
  nsCOMPtr<nsIPrincipal> principal;
  if (NS_FAILED(rv) || inheritsPrincipal) {
-    return nsNullPrincipal::Create();
+    return nsNullPrincipal::Create(aAttrs);
  }

  // Check whether the URI knows what its principal is supposed to be.
@ -562,7 +562,7 @@ BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttrib
    nsCOMPtr<nsIPrincipal> principal;
    uriPrinc->GetPrincipal(getter_AddRefs(principal));
    if (!principal) {
-      return nsNullPrincipal::Create();
+      return nsNullPrincipal::Create(aAttrs);
    }
    RefPtr<BasePrincipal> concrete = Cast(principal);
    return concrete.forget();
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@ -12,6 +12,7 @@

 #include "mozilla/ArrayUtils.h"

+#include "nsDocShell.h"
 #include "nsNullPrincipal.h"
 #include "nsNullPrincipalURI.h"
 #include "nsMemory.h"
@ -44,6 +45,18 @@ nsNullPrincipal::CreateWithInheritedAttributes(nsIPrincipal* aInheritFrom)
  return nullPrin.forget();
 }

+/* static */ already_AddRefed<nsNullPrincipal>
+nsNullPrincipal::CreateWithInheritedAttributes(nsIDocShell* aDocShell)
+{
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(nsDocShell::Cast(aDocShell)->GetOriginAttributes(), nullptr);
+
+  RefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
+  nsresult rv = nullPrin->Init(attrs);
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+  return nullPrin.forget();
+}
+
 /* static */ already_AddRefed<nsNullPrincipal>
 nsNullPrincipal::Create(const PrincipalOriginAttributes& aOriginAttributes)
 {
--- a/caps/nsNullPrincipal.h
+++ b/caps/nsNullPrincipal.h
@ -20,6 +20,7 @@

 #include "mozilla/BasePrincipal.h"

+class nsIDocShell;
 class nsIURI;

 #define NS_NULLPRINCIPAL_CID \
@ -47,7 +48,9 @@ public:
  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
  nsresult GetOriginInternal(nsACString& aOrigin) override;

-  static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal *aInheritFrom);
+  static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal* aInheritFrom);
+
+  static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIDocShell* aDocShell);

  static already_AddRefed<nsNullPrincipal>
  Create(const mozilla::PrincipalOriginAttributes& aOriginAttributes = mozilla::PrincipalOriginAttributes());
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -348,14 +348,12 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
            if (loadInfo->LoadingPrincipal()) {
              prin =
                nsNullPrincipal::CreateWithInheritedAttributes(loadInfo->LoadingPrincipal());
-              NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
            } else {
              NeckoOriginAttributes nAttrs;
              loadInfo->GetOriginAttributes(&nAttrs);
              PrincipalOriginAttributes pAttrs;
              pAttrs.InheritFromNecko(nAttrs);
              prin = nsNullPrincipal::Create(pAttrs);
-              NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
            }
            prin.forget(aPrincipal);
            return NS_OK;
@ -1174,7 +1172,6 @@ nsScriptSecurityManager::CreateNullPrincipal(JS::Handle<JS::Value> aOriginAttrib
      return NS_ERROR_INVALID_ARG;
  }
  nsCOMPtr<nsIPrincipal> prin = nsNullPrincipal::Create(attrs);
-  NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
  prin.forget(aPrincipal);
  return NS_OK;
 }
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -1475,8 +1475,8 @@ nsDocShell::LoadURI(nsIURI* aURI,
  //       for in InternalLoad is data:, javascript:, and about:blank
  //       URIs.  For other URIs this would all be dead wrong!

+  nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
  if (owner && mItemType != typeChrome) {
-    nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
    if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
      if (ownerIsExplicit) {
        return NS_ERROR_DOM_SECURITY_ERR;
@ -1489,7 +1489,10 @@ nsDocShell::LoadURI(nsIURI* aURI,
      }
      // Don't inherit from the current page.  Just do the safe thing
      // and pretend that we were loaded by a nullprincipal.
-      owner = nsNullPrincipal::Create();
+      //
+      // We didn't inherit OriginAttributes here as ExpandedPrincipal doesn't
+      // have origin attributes.
+      owner = nsNullPrincipal::CreateWithInheritedAttributes(this);
      inheritOwner = false;
    }
  }
@ -1500,7 +1503,9 @@ nsDocShell::LoadURI(nsIURI* aURI,

  if (aLoadFlags & LOAD_FLAGS_DISALLOW_INHERIT_OWNER) {
    inheritOwner = false;
-    owner = nsNullPrincipal::Create();
+    owner = ownerPrincipal ?
+              nsNullPrincipal::CreateWithInheritedAttributes(ownerPrincipal) :
+              nsNullPrincipal::CreateWithInheritedAttributes(this);
  }

  uint32_t flags = 0;
@ -7948,7 +7953,6 @@ nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal* aPrincipal,
    nsCOMPtr<nsIPrincipal> principal;
    if (mSandboxFlags & SANDBOXED_ORIGIN) {
      principal = nsNullPrincipal::CreateWithInheritedAttributes(aPrincipal);
-      NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
    } else {
      principal = aPrincipal;
    }
@ -12070,7 +12074,6 @@ nsDocShell::AddToSessionHistory(nsIURI* aURI, nsIChannel* aChannel,
          if (loadInfo->LoadingPrincipal()) {
            owner = nsNullPrincipal::CreateWithInheritedAttributes(
              loadInfo->LoadingPrincipal());
-            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
          } else {
            // get the OriginAttributes
            NeckoOriginAttributes nAttrs;
@ -12079,7 +12082,6 @@ nsDocShell::AddToSessionHistory(nsIURI* aURI, nsIChannel* aChannel,
            pAttrs.InheritFromNecko(nAttrs);

            owner = nsNullPrincipal::Create(pAttrs);
-            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
          }
        } else if (loadInfo->GetForceInheritPrincipal()) {
          owner = loadInfo->TriggeringPrincipal();
@ -12252,8 +12254,7 @@ nsDocShell::LoadHistoryEntry(nsISHEntry* aEntry, uint32_t aLoadType)
      // Ensure that we have an owner.  Otherwise javascript: URIs will
      // pick it up from the about:blank page we just loaded, and we
      // don't really want even that in this case.
-      owner = nsNullPrincipal::Create();
-      NS_ENSURE_TRUE(owner, NS_ERROR_OUT_OF_MEMORY);
+      owner = nsNullPrincipal::CreateWithInheritedAttributes(this);
    }
  }

@ -13934,8 +13935,7 @@ nsDocShell::GetPrintPreview(nsIWebBrowserPrint** aPrintPreview)
  nsCOMPtr<nsIDocumentViewerPrint> print = do_QueryInterface(mContentViewer);
  if (!print || !print->IsInitializedForPrintPreview()) {
    Stop(nsIWebNavigation::STOP_ALL);
-    nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::Create();
-    NS_ENSURE_STATE(principal);
+    nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::CreateWithInheritedAttributes(this);
    nsresult rv = CreateAboutBlankContentViewer(principal, nullptr);
    NS_ENSURE_SUCCESS(rv, rv);
    print = do_QueryInterface(mContentViewer);
--- a/dom/base/DOMParser.cpp
+++ b/dom/base/DOMParser.cpp
@ -352,7 +352,6 @@ DOMParser::Init(nsIPrincipal* principal, nsIURI* documentURI,
      // Don't give DOMParsers the system principal.  Use a null
      // principal instead.
      mPrincipal = nsNullPrincipal::Create();
-      NS_ENSURE_TRUE(mPrincipal, NS_ERROR_FAILURE);

      if (!mDocumentURI) {
        rv = mPrincipal->GetURI(getter_AddRefs(mDocumentURI));
@ -468,8 +467,6 @@ DOMParser::SetUpDocument(DocumentFlavor aFlavor, nsIDOMDocument** aResult)
    AttemptedInitMarker marker(&mAttemptedInit);

    nsCOMPtr<nsIPrincipal> prin = nsNullPrincipal::Create();
-    NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
-
    rv = Init(prin, nullptr, nullptr, scriptHandlingObject);
    NS_ENSURE_SUCCESS(rv, rv);
  }
--- a/dom/base/nsNodeInfoManager.cpp
+++ b/dom/base/nsNodeInfoManager.cpp
@ -182,7 +182,6 @@ nsNodeInfoManager::Init(nsIDocument *aDocument)
                  "Being inited when we already have a principal?");

  mPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(mPrincipal, NS_ERROR_FAILURE);

  if (aDocument) {
    mBindingManager = new nsBindingManager(aDocument);
--- a/dom/bindings/SimpleGlobalObject.cpp
+++ b/dom/bindings/SimpleGlobalObject.cpp
@ -99,9 +99,6 @@ SimpleGlobalObject::Create(GlobalType globalType, JS::Handle<JS::Value> proto)
  nsCOMPtr<nsIPrincipal> principal;
  if (NS_IsMainThread()) {
    principal = nsNullPrincipal::Create();
-    if (!principal) {
-      return nullptr;
-    }
  }

  JS::Rooted<JSObject*> global(cx,
--- a/dom/datastore/DataStoreDB.cpp
+++ b/dom/datastore/DataStoreDB.cpp
@ -105,9 +105,6 @@ DataStoreDB::CreateFactoryIfNeeded()
  if (!mFactory) {
    nsresult rv;
    nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::Create();
-    if (!principal) {
-      return NS_ERROR_FAILURE;
-    }

    nsIXPConnect* xpc = nsContentUtils::XPConnect();
    MOZ_ASSERT(xpc);
--- a/dom/json/nsJSON.cpp
+++ b/dom/json/nsJSON.cpp
@ -412,7 +412,6 @@ nsJSON::DecodeInternal(JSContext* cx,

  nsresult rv;
  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

  // The ::Decode function is deprecated [Bug 675797] and the following
  // channel is never openend, so it does not matter what securityFlags
--- a/dom/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/jsurl/nsJSProtocolHandler.cpp
@ -418,7 +418,6 @@ nsresult nsJSChannel::Init(nsIURI *aURI)
    nsCOMPtr<nsIChannel> channel;

    nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-    NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

    // If the resultant script evaluation actually does return a value, we
    // treat it as html.
--- a/dom/media/MediaManager.cpp
+++ b/dom/media/MediaManager.cpp
@ -910,7 +910,7 @@ public:

      nsCOMPtr<nsIPrincipal> principal;
      if (mPeerIdentity) {
-        principal = nsNullPrincipal::Create();
+        principal = nsNullPrincipal::CreateWithInheritedAttributes(window->GetExtantDoc()->NodePrincipal());
      } else {
        principal = window->GetExtantDoc()->NodePrincipal();
      }
--- a/dom/plugins/base/nsPluginHost.cpp
+++ b/dom/plugins/base/nsPluginHost.cpp
@ -646,7 +646,6 @@ nsresult nsPluginHost::FindProxyForURL(const char* url, char* *result)
  NS_ENSURE_SUCCESS(res, res);

  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);
  // The following channel is never openend, so it does not matter what
  // securityFlags we pass; let's follow the principle of least privilege.
  nsCOMPtr<nsIChannel> tempChannel;
--- a/gfx/thebes/gfxSVGGlyphs.cpp
+++ b/gfx/thebes/gfxSVGGlyphs.cpp
@ -344,7 +344,6 @@ gfxSVGGlyphsDocument::ParseDocument(const uint8_t *aBuffer, uint32_t aBufLen)
    NS_ENSURE_SUCCESS(rv, rv);

    nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::Create();
-    NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);

    nsCOMPtr<nsIDOMDocument> domDoc;
    rv = NS_NewDOMDocument(getter_AddRefs(domDoc),
--- a/image/decoders/icon/android/nsIconChannel.cpp
+++ b/image/decoders/icon/android/nsIconChannel.cpp
@ -113,7 +113,6 @@ moz_icon_to_channel(nsIURI* aURI, const nsACString& aFileExt,
  NS_ENSURE_SUCCESS(rv, rv);

  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

  return NS_NewInputStreamChannel(aChannel,
                                  aURI,
--- a/image/decoders/icon/gtk/nsIconChannel.cpp
+++ b/image/decoders/icon/gtk/nsIconChannel.cpp
@ -107,7 +107,6 @@ moz_gdk_pixbuf_to_channel(GdkPixbuf* aPixbuf, nsIURI* aURI,
  NS_ENSURE_SUCCESS(rv, rv);

  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

  return NS_NewInputStreamChannel(aChannel,
                                  aURI,
--- a/image/decoders/icon/qt/nsIconChannel.cpp
+++ b/image/decoders/icon/qt/nsIconChannel.cpp
@ -85,7 +85,6 @@ moz_qicon_to_channel(QImage* image, nsIURI* aURI,
  NS_ENSURE_SUCCESS(rv, rv);

  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

  return NS_NewInputStreamChannel(aChannel,
                                  aURI,
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@ -1033,7 +1033,6 @@ xpc::CreateSandboxObject(JSContext* cx, MutableHandleValue vp, nsISupports* prin
            principal = sop->GetPrincipal();
        } else {
            RefPtr<nsNullPrincipal> nullPrin = nsNullPrincipal::Create();
-            NS_ENSURE_TRUE(nullPrin, NS_ERROR_FAILURE);
            principal = nullPrin;
        }
    }
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@ -695,14 +695,10 @@ nsCORSListenerProxy::AsyncOnChannelRedirect(nsIChannel *aOldChannel,
      if (NS_SUCCEEDED(rv)) {
        bool equal;
        rv = oldChannelPrincipal->Equals(newChannelPrincipal, &equal);
-        if (NS_SUCCEEDED(rv)) {
-          if (!equal) {
-            // Spec says to set our source origin to a unique origin.
-            mOriginHeaderPrincipal = nsNullPrincipal::Create();
-            if (!mOriginHeaderPrincipal) {
-              rv = NS_ERROR_OUT_OF_MEMORY;
-            }
-          }
+        if (NS_SUCCEEDED(rv) && !equal) {
+          // Spec says to set our source origin to a unique origin.
+          mOriginHeaderPrincipal =
+            nsNullPrincipal::CreateWithInheritedAttributes(oldChannelPrincipal);
        }
      }

--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
@ -68,7 +68,6 @@ nsViewSourceChannel::Init(nsIURI* uri)
    // nullPrincipal as the loadingPrincipal and the least permissive
    // securityflag.
    nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-    NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

    rv = pService->NewChannel2(path,
                               nullptr, // aOriginCharset
--- a/parser/htmlparser/nsExpatDriver.cpp
+++ b/parser/htmlparser/nsExpatDriver.cpp
@ -794,7 +794,6 @@ nsExpatDriver::OpenInputStreamFromExternalDTD(const char16_t* aFPIStr,
    }
    if (!loadingPrincipal) {
      loadingPrincipal = nsNullPrincipal::Create();
-      NS_ENSURE_TRUE(loadingPrincipal, NS_ERROR_FAILURE);
    }
    rv = NS_NewChannel(getter_AddRefs(channel),
                       uri,
--- a/parser/xml/nsSAXXMLReader.cpp
+++ b/parser/xml/nsSAXXMLReader.cpp
@ -497,7 +497,6 @@ nsSAXXMLReader::ParseFromStream(nsIInputStream *aStream,
  NS_ENSURE_SUCCESS(rv, rv);

  nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-  NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

  // The following channel is never openend, so it does not matter what
  // securityFlags we pass; let's follow the principle of least privilege.
--- a/rdf/base/nsRDFXMLParser.cpp
+++ b/rdf/base/nsRDFXMLParser.cpp
@ -116,7 +116,6 @@ nsRDFXMLParser::ParseString(nsIRDFDataSource* aSink, nsIURI* aBaseURI, const nsA
    if (NS_FAILED(rv)) return rv;

    nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create();
-    NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE);

    // The following channel is never openend, so it does not matter what
    // securityFlags we pass; let's follow the principle of least privilege.