From ebec529f3b8affc85f0aaf35d8b1aa4a98466fa3 Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Thu, 28 Jun 2012 23:47:55 +0200 Subject: [PATCH] Bug 754202 - Disallow calling EvaluateString{,WithValue} with a principal that doesn't match the global. r=mrbkap --- dom/base/nsJSEnvironment.cpp | 70 ++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/dom/base/nsJSEnvironment.cpp b/dom/base/nsJSEnvironment.cpp index d2663c4d43cc..acdced806e57 100644 --- a/dom/base/nsJSEnvironment.cpp +++ b/dom/base/nsJSEnvironment.cpp @@ -1199,27 +1199,29 @@ nsJSContext::EvaluateStringWithValue(const nsAString& aScript, xpc_UnmarkGrayObject(aScopeObject); nsAutoMicroTask mt; - // Safety first: get an object representing the script's principals, i.e., - // the entities who signed this script, or the fully-qualified-domain-name - // or "codebase" from which it was loaded. - nsCOMPtr principal = aPrincipal; - nsresult rv; - if (!aPrincipal) { - nsIScriptGlobalObject *global = GetGlobalObject(); - if (!global) - return NS_ERROR_FAILURE; - nsCOMPtr objPrincipal = - do_QueryInterface(global, &rv); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - principal = objPrincipal->GetPrincipal(); - if (!principal) - return NS_ERROR_FAILURE; - } + // Ignore the principal that was passed in, and just assert that it matches + // the one we pull off the global. + nsCOMPtr principal; + nsCOMPtr objPrincipal = do_QueryInterface(GetGlobalObject()); + if (!objPrincipal) + return NS_ERROR_FAILURE; + principal = objPrincipal->GetPrincipal(); + if (!principal) + return NS_ERROR_FAILURE; +#ifdef DEBUG + bool equal = false; + principal->Equals(aPrincipal, &equal); + MOZ_ASSERT(equal); + nsIPrincipal *scopeObjectPrincipal = + nsJSPrincipals::get(JS_GetCompartmentPrincipals(js::GetObjectCompartment(aScopeObject))); + equal = false; + principal->Equals(scopeObjectPrincipal, &equal); + MOZ_ASSERT(equal); +#endif bool ok = false; - rv = sSecurityManager->CanExecuteScripts(mContext, principal, &ok); + nsresult rv = sSecurityManager->CanExecuteScripts(mContext, principal, &ok); if (NS_FAILED(rv)) { return NS_ERROR_FAILURE; } @@ -1401,19 +1403,25 @@ nsJSContext::EvaluateString(const nsAString& aScript, xpc_UnmarkGrayObject(aScopeObject); - // Safety first: get an object representing the script's principals, i.e., - // the entities who signed this script, or the fully-qualified-domain-name - // or "codebase" from which it was loaded. - nsCOMPtr principal = aPrincipal; - if (!aPrincipal) { - nsCOMPtr objPrincipal = - do_QueryInterface(GetGlobalObject()); - if (!objPrincipal) - return NS_ERROR_FAILURE; - principal = objPrincipal->GetPrincipal(); - if (!principal) - return NS_ERROR_FAILURE; - } + // Ignore the principal that was passed in, and just assert that it matches + // the one we pull off the global. + nsCOMPtr principal; + nsCOMPtr objPrincipal = do_QueryInterface(GetGlobalObject()); + if (!objPrincipal) + return NS_ERROR_FAILURE; + principal = objPrincipal->GetPrincipal(); + if (!principal) + return NS_ERROR_FAILURE; +#ifdef DEBUG + bool equal = false; + principal->Equals(aPrincipal, &equal); + MOZ_ASSERT(equal); + nsIPrincipal *scopeObjectPrincipal = + nsJSPrincipals::get(JS_GetCompartmentPrincipals(js::GetObjectCompartment(aScopeObject))); + equal = false; + principal->Equals(scopeObjectPrincipal, &equal); + MOZ_ASSERT(equal); +#endif bool ok = false;