Bug 809652 - Have SecurityWrapper::enter default to deny, and override SecurityWrapper::objectClassIs. r=jorendorff

2024-10-10 11:55:49 +00:00 · 2012-12-20 22:33:26 -08:00 · 2012-12-20 22:33:26 -08:00 · ee5cb1d935
commit ee5cb1d935
parent 2177e96cef
4 changed files with 15 additions and 6 deletions
--- a/js/src/js.msg
+++ b/js/src/js.msg
@ -376,3 +376,4 @@ MSG_DEF(JSMSG_CANT_SET_NW_NC,         322, 0, JSEXN_TYPEERR, "proxy can't succes
 MSG_DEF(JSMSG_CANT_SET_WO_SETTER,     323, 0, JSEXN_TYPEERR, "proxy can't succesfully set an accessor property without a setter")
 MSG_DEF(JSMSG_DEBUG_BAD_REFERENT,     324, 2, JSEXN_TYPEERR, "{0} does not refer to {1}")
 MSG_DEF(JSMSG_DEBUG_WRAPPER_IN_WAY,   325, 2, JSEXN_TYPEERR, "{0} is a wrapper around {1}, but a direct reference is required")
+MSG_DEF(JSMSG_UNWRAP_DENIED,          326, 0, JSEXN_ERR, "permission denied to unwrap object")
--- a/js/src/jswrapper.cpp
+++ b/js/src/jswrapper.cpp
@ -782,6 +782,16 @@ SecurityWrapper<Base>::SecurityWrapper(unsigned flags)

 template <class Base>
 bool
+SecurityWrapper<Base>::enter(JSContext *cx, JSObject *wrapper, jsid id,
+                             Wrapper::Action act, bool *bp)
+{
+    JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_UNWRAP_DENIED);
+    *bp = false;
+    return false;
+}
+
+ template <class Base>
+ bool
 SecurityWrapper<Base>::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
                                  CallArgs args)
 {
@ -796,11 +806,7 @@ template <class Base>
 bool
 SecurityWrapper<Base>::objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx)
 {
-    /*
-     * Let this through until compartment-per-global lets us have stronger
-     * invariants wrt document.domain (bug 714547).
-     */
-    return Base::objectClassIs(obj, classValue, cx);
+    return false;
 }

 template <class Base>
--- a/js/src/jswrapper.h
+++ b/js/src/jswrapper.h
@ -181,6 +181,8 @@ class JS_FRIEND_API(SecurityWrapper) : public Base
  public:
    SecurityWrapper(unsigned flags);

+    virtual bool enter(JSContext *cx, JSObject *wrapper, jsid id, Wrapper::Action act,
+                       bool *bp) MOZ_OVERRIDE;
    virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
                            CallArgs args) MOZ_OVERRIDE;
    virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx) MOZ_OVERRIDE;
--- a/js/xpconnect/wrappers/FilteringWrapper.cpp
+++ b/js/xpconnect/wrappers/FilteringWrapper.cpp
@ -128,7 +128,7 @@ FilteringWrapper<Base, Policy>::enter(JSContext *cx, JSObject *wrapper, jsid id,
        return false;
    }
    *bp = true;
-    return Base::enter(cx, wrapper, id, act, bp);
+    return true;
 }

 #define SOW FilteringWrapper<CrossCompartmentSecurityWrapper, OnlyIfSubjectIsSystem>