mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 08:15:31 +00:00
bug 324694: Reparameterize js_CheckPrincipalsAccess to avoid eager calls to js_AtomToPrintableString. r=brendan
This commit is contained in:
parent
8eeb91b3fc
commit
dc17d38af4
@ -1765,8 +1765,10 @@ Function(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
}
|
||||
|
||||
/* Belt-and-braces: check that the caller has access to parent. */
|
||||
if (!js_CheckPrincipalsAccess(cx, parent, principals, js_Function_str))
|
||||
if (!js_CheckPrincipalsAccess(cx, parent, principals,
|
||||
cx->runtime->atomState.FunctionAtom)) {
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
n = argc ? argc - 1 : 0;
|
||||
if (n > 0) {
|
||||
@ -2145,14 +2147,10 @@ js_ValueToFunctionObject(JSContext *cx, jsval *vp, uintN flags)
|
||||
principals = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* FIXME: Reparameterize so we don't call js_AtomToPrintableString unless
|
||||
* there is an error (bug 324694).
|
||||
*/
|
||||
if (!js_CheckPrincipalsAccess(cx, funobj, principals,
|
||||
fun->atom
|
||||
? js_AtomToPrintableString(cx, fun->atom)
|
||||
: js_anonymous_str)) {
|
||||
? fun->atom
|
||||
: cx->runtime->atomState.anonymousAtom)) {
|
||||
return NULL;
|
||||
}
|
||||
return funobj;
|
||||
|
@ -1054,18 +1054,22 @@ obj_valueOf(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
*/
|
||||
JSBool
|
||||
js_CheckPrincipalsAccess(JSContext *cx, JSObject *scopeobj,
|
||||
JSPrincipals *principals, const char *caller)
|
||||
JSPrincipals *principals, JSAtom *caller)
|
||||
{
|
||||
JSRuntime *rt;
|
||||
JSPrincipals *scopePrincipals;
|
||||
const char *callerstr;
|
||||
|
||||
rt = cx->runtime;
|
||||
if (rt->findObjectPrincipals) {
|
||||
scopePrincipals = rt->findObjectPrincipals(cx, scopeobj);
|
||||
if (!principals || !scopePrincipals ||
|
||||
!principals->subsume(principals, scopePrincipals)) {
|
||||
callerstr = js_AtomToPrintableString(cx, caller);
|
||||
if (!callerstr)
|
||||
return JS_FALSE;
|
||||
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL,
|
||||
JSMSG_BAD_INDIRECT_CALL, caller);
|
||||
JSMSG_BAD_INDIRECT_CALL, callerstr);
|
||||
return JS_FALSE;
|
||||
}
|
||||
}
|
||||
@ -1175,7 +1179,7 @@ obj_eval(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
if (obj != callerScopeChain) {
|
||||
if (!js_CheckPrincipalsAccess(cx, obj,
|
||||
caller->script->principals,
|
||||
js_eval_str)) {
|
||||
cx->runtime->atomState.evalAtom)) {
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
@ -1261,7 +1265,8 @@ obj_eval(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
* Belt-and-braces: check that the lesser of eval's principals and the
|
||||
* caller's principals has access to scopeobj.
|
||||
*/
|
||||
ok = js_CheckPrincipalsAccess(cx, scopeobj, principals, js_eval_str);
|
||||
ok = js_CheckPrincipalsAccess(cx, scopeobj, principals,
|
||||
cx->runtime->atomState.evalAtom);
|
||||
if (!ok)
|
||||
goto out;
|
||||
|
||||
|
@ -493,7 +493,7 @@ js_CheckScopeChainValidity(JSContext *cx, JSObject *scopeobj, const char *caller
|
||||
|
||||
extern JSBool
|
||||
js_CheckPrincipalsAccess(JSContext *cx, JSObject *scopeobj,
|
||||
JSPrincipals *principals, const char *caller);
|
||||
JSPrincipals *principals, JSAtom *caller);
|
||||
JS_END_EXTERN_C
|
||||
|
||||
#endif /* jsobj_h___ */
|
||||
|
@ -315,8 +315,10 @@ script_exec(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
|
||||
|
||||
/* Belt-and-braces: check that this script object has access to scopeobj. */
|
||||
principals = script->principals;
|
||||
if (!js_CheckPrincipalsAccess(cx, scopeobj, principals, js_script_exec))
|
||||
if (!js_CheckPrincipalsAccess(cx, scopeobj, principals,
|
||||
cx->runtime->atomState.ScriptAtom)) {
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
return js_Execute(cx, scopeobj, script, caller, JSFRAME_EVAL, rval);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user