Bug 1196371 - Add a runtime assertion against illegal string characters in OriginAttributes suffix creation. r=janv,r=mystor

2024-11-24 21:31:04 +00:00 · 2015-08-19 11:13:15 -07:00 · 2015-08-19 11:13:15 -07:00 · ce93138568
commit ce93138568
parent c953f0aca1
3 changed files with 26 additions and 7 deletions
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@ -19,6 +19,7 @@
 #include "nsServiceManagerUtils.h"

 #include "mozilla/dom/CSPDictionariesBinding.h"
+#include "mozilla/dom/quota/QuotaManager.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/URLSearchParams.h"

@ -34,6 +35,13 @@ OriginAttributes::CreateSuffix(nsACString& aStr) const
  UniquePtr<URLParams> params(new URLParams());
  nsAutoString value;

+  //
+  // Important: While serializing any string-valued attributes, perform a
+  // release-mode assertion to make sure that they don't contain characters that
+  // will break the quota manager when it uses the serialization for file
+  // naming (see addonId below).
+  //
+
  if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
    value.AppendInt(mAppId);
    params->Set(NS_LITERAL_STRING("appId"), value);
@ -44,6 +52,7 @@ OriginAttributes::CreateSuffix(nsACString& aStr) const
  }

  if (!mAddonId.IsEmpty()) {
+    MOZ_RELEASE_ASSERT(mAddonId.FindCharInSet(dom::quota::QuotaManager::kReplaceChars) == kNotFound);
    params->Set(NS_LITERAL_STRING("addonId"), mAddonId);
  }

@ -60,6 +69,13 @@ OriginAttributes::CreateSuffix(nsACString& aStr) const
    aStr.AppendLiteral("^");
    aStr.Append(NS_ConvertUTF16toUTF8(value));
  }
+
+// In debug builds, check the whole string for illegal characters too (just in case).
+#ifdef DEBUG
+  nsAutoCString str;
+  str.Assign(aStr);
+  MOZ_ASSERT(str.FindCharInSet(dom::quota::QuotaManager::kReplaceChars) == kNotFound);
+#endif
 }

 namespace {
--- a/dom/quota/QuotaManager.cpp
+++ b/dom/quota/QuotaManager.cpp
@ -92,6 +92,12 @@ namespace mozilla {
 namespace dom {
 namespace quota {

+// We want profiles to be platform-independent so we always need to replace
+// the same characters on every platform. Windows has the most extensive set
+// of illegal characters so we use its FILE_ILLEGAL_CHARACTERS and
+// FILE_PATH_SEPARATOR.
+const char QuotaManager::kReplaceChars[] = CONTROL_CHARACTERS "/:*?\"<>|\\";
+
 namespace {

 /*******************************************************************************
@ -1075,19 +1081,14 @@ public:
 void
 SanitizeOriginString(nsCString& aOrigin)
 {
-  // We want profiles to be platform-independent so we always need to replace
-  // the same characters on every platform. Windows has the most extensive set
-  // of illegal characters so we use its FILE_ILLEGAL_CHARACTERS and
-  // FILE_PATH_SEPARATOR.
-  static const char kReplaceChars[] = CONTROL_CHARACTERS "/:*?\"<>|\\";

 #ifdef XP_WIN
-  NS_ASSERTION(!strcmp(kReplaceChars,
+  NS_ASSERTION(!strcmp(QuotaManager::kReplaceChars,
                       FILE_ILLEGAL_CHARACTERS FILE_PATH_SEPARATOR),
               "Illegal file characters have changed!");
 #endif

-  aOrigin.ReplaceChar(kReplaceChars, '+');
+  aOrigin.ReplaceChar(QuotaManager::kReplaceChars, '+');
 }

 bool
--- a/dom/quota/QuotaManager.h
+++ b/dom/quota/QuotaManager.h
@ -124,6 +124,8 @@ public:
  NS_DECL_NSIQUOTAMANAGER
  NS_DECL_NSIOBSERVER

+  static const char kReplaceChars[];
+
  // Returns a non-owning reference.
  static QuotaManager*
  GetOrCreate();