Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-03-02 22:37:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

86019 - Change stack-walking code in caps to keep functions from inheriting privileges

Browse Source 
from their caller. r=jesse@netscape.com, sr=jst@netscape.com, a=asa@mozilla.org, PDT+

86982 - Add same-origin security check to XMLDocument::Load(). r,a=blizzard@mozilla.org,
sr=jst@netscape.com

84191 - Fixing regression in Open URL dialog by not calling CheckLoadURI when it isn't
needed. r=cmanske@netscape.com, sr=sfraser@netscape.com, a=asa@mozilla.org
This commit is contained in:
mstoltz%netscape.com 2001-06-22 02:08:10 +00:00
parent 759dade1d7
commit f4de90c798
5 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
caps/src/nsScriptSecurityManager.cpp
View File

@ -151,6 +151,17 @@ nsScriptSecurityManager::CheckConnect(JSContext* aJSContext,
const char* aClassName,
const char* aPropertyName)
{
// Get a context if necessary
if (!aJSContext)
{
aJSContext = GetCurrentContextQuick();
if (!aJSContext)
return NS_OK; // No JS context, so allow the load
}
nsresult rv = CheckLoadURIFromScript(aJSContext, aTargetURI);
if (NS_FAILED(rv)) return rv;
return CheckPropertyAccessImpl(nsIXPCSecurityManager::ACCESS_GET_PROPERTY, nsnull,
aJSContext, nsnull, nsnull, aTargetURI,
nsnull, nsnull, aClassName, aPropertyName, nsnull);
@ -180,12 +191,14 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
printf("### CheckPropertyAccess(%s.%s, %i) ", aClassName, aProperty, aAction);
else
{
nsXPIDLCString classDescription;
nsXPIDLCString classNameStr;
const char* className;
if (aClassInfo)
aClassInfo->GetClassDescription(getter_Copies(classDescription));
if(!classDescription)
classDescription = "UnknownClass";
nsCAutoString propertyStr(classDescription);
aClassInfo->GetClassDescription(getter_Copies(classNameStr));
className = classNameStr.get();
if(!className)
className = "UnknownClass";
nsCAutoString propertyStr(className);
propertyStr += '.';
propertyStr.AppendWithConversion((PRUnichar*)JSValIDToString(aJSContext, aName));
@ -590,14 +603,6 @@ nsScriptSecurityManager::GetPrefName(nsIPrincipal* principal,
NS_IMETHODIMP
nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
{
// Get a context if necessary
if (!cx)
{
cx = GetCurrentContextQuick();
if (!cx)
return NS_OK; // No JS context, so allow the load
}
// Get principal of currently executing script.
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))))
@ -1303,11 +1308,14 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
JSStackFrame *fp = nsnull;
JSContext *cx = GetCurrentContextQuick();
fp = cx ? JS_FrameIterator(cx, &fp) : nsnull;
if (!fp) {
if (!fp)
{
// No script code on stack. Allow execution.
*result = PR_TRUE;
return NS_OK;
}
*result = PR_FALSE;
nsCOMPtr<nsIPrincipal> previousPrincipal;
do
{
nsCOMPtr<nsIPrincipal> principal;
@ -1315,30 +1323,32 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
return NS_ERROR_FAILURE;
if (!principal)
continue;
// If caller has a different principal, stop looking up the stack.
if(previousPrincipal)
{
PRBool isEqual = PR_FALSE;
if(NS_FAILED(previousPrincipal->Equals(principal, &isEqual)) || !isEqual)
break;
}
else
previousPrincipal = principal;
// First check if the principal is even able to enable the
// given capability. If not, don't look any further.
PRInt16 canEnable;
rv = principal->CanEnableCapability(capability, &canEnable);
if (NS_FAILED(rv))
return rv;
if (NS_FAILED(rv)) return rv;
if (canEnable != nsIPrincipal::ENABLE_GRANTED &&
canEnable != nsIPrincipal::ENABLE_WITH_USER_PERMISSION)
{
*result = PR_FALSE;
return NS_OK;
}
// Now see if the capability is enabled.
void *annotation = JS_GetFrameAnnotation(cx, fp);
rv = principal->IsCapabilityEnabled(capability, annotation,
result);
if (NS_FAILED(rv))
return rv;
rv = principal->IsCapabilityEnabled(capability, annotation, result);
if (NS_FAILED(rv)) return rv;
if (*result)
return NS_OK;
} while ((fp = JS_FrameIterator(cx, &fp)) != nsnull);
*result = PR_FALSE;
return NS_OK;
}
@ -1511,7 +1521,7 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
JSContext *cx = GetCurrentContextQuick();
JSStackFrame *fp;
//Error checks for capability string length (200)
//-- Error checks for capability string length (200)
if(PL_strlen(capability)>200)
{
static const char msg[] = "Capability name too long";

2
content/xml/document/src/nsXMLDocument.cpp
View File

@ -326,7 +326,7 @@ nsXMLDocument::Load(const nsAReadableString& aUrl)
// Get security manager, check to see if we're allowed to load this URI
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(secMan->CheckLoadURIFromScript(nsnull, uri)))
if (NS_FAILED(secMan->CheckConnect(nsnull, uri, "XMLDocument", "load")))
return NS_ERROR_FAILURE;
// Partial Reset

21
xpfe/communicator/resources/content/contentAreaUtils.js
View File

@ -37,23 +37,26 @@
return false;
}
function openNewWindowWith(url) {
function urlSecurityCheck(url, doc) {
// URL Loading Security Check
var focusedWindow = document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href;
var focusedWindow = doc.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
try {
QueryInterface(nsIScriptSecurityManager);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Load of " + url + " denied.";
throw "Load of " + url + " denied.";
}
}
function openNewWindowWith(url) {
urlSecurityCheck(url, document);
var newWin;
var wintype = document.firstChild.getAttribute('windowtype');
// if and only if the current window is a browser window and it has a document with a character
// set, then extract the current charset menu setting from the current document and use it to
// initialize the new browser window...

1
xpfe/communicator/resources/content/nsContextMenu.js
View File

@ -427,6 +427,7 @@ nsContextMenu.prototype = {
},
// Edit linked-to URL in a new window.
editLink : function () {
urlSecurityCheck( this.linkURL(), window.document );
editPage( this.linkURL(), window, false );
},
// Reload clicked-in frame.

14
xpfe/communicator/resources/content/utilityOverlay.js
View File

@ -332,20 +332,6 @@ function editPage(url, launchWindow, delay)
}
}
// URL Loading Security Check
var focusedWindow = launchWindow.document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Edit of " + url + " denied.";
}
var windowManager = Components.classes['@mozilla.org/rdf/datasource;1?name=window-mediator'].getService();
if (!windowManager) return;
var windowManagerInterface = windowManager.QueryInterface( Components.interfaces.nsIWindowMediator);