From 4e8768c5935b908c7e0dad5f2a59012feb718a40 Mon Sep 17 00:00:00 2001 From: "norris%netscape.com" Date: Tue, 7 Sep 1999 02:54:19 +0000 Subject: [PATCH] * Add checks on urls formed from web scripts * Make nsScriptSecurityManager implement nsXPCSecurityManager * Fix unix warnings git-svn-id: svn://10.0.0.236/trunk@46152 18797224-902f-48f8-a5cc-f745e15eee43 --- .../caps/include/nsScriptSecurityManager.h | 9 +- mozilla/caps/src/nsScriptSecurityManager.cpp | 284 +++++++++--------- mozilla/caps/src/nsSecurityManagerFactory.cpp | 63 +--- .../chrome/src/nsChromeProtocolHandler.cpp | 6 + mozilla/dom/src/base/nsGlobalWindow.cpp | 29 +- mozilla/dom/src/base/nsGlobalWindow.h | 1 + mozilla/dom/src/base/nsJSEnvironment.cpp | 8 +- mozilla/dom/src/base/nsLocation.cpp | 58 ++-- .../protocol/file/src/nsFileChannel.cpp | 4 +- .../chrome/src/nsChromeProtocolHandler.cpp | 6 + 10 files changed, 229 insertions(+), 239 deletions(-) diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index 9ffd693dcce..e4cf544964e 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -24,12 +24,15 @@ #include "jsapi.h" #include "jsdbgapi.h" #include "nsIScriptContext.h" +#include "nsIXPCSecurityManager.h" #define NS_SCRIPTSECURITYMANAGER_CID \ { 0x7ee2a4c0, 0x4b93, 0x17d3, \ { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }} -class nsScriptSecurityManager : public nsIScriptSecurityManager { +class nsScriptSecurityManager : public nsIScriptSecurityManager, + public nsIXPCSecurityManager +{ public: nsScriptSecurityManager(); virtual ~nsScriptSecurityManager(); @@ -38,6 +41,7 @@ public: NS_DECL_ISUPPORTS NS_DECL_NSISCRIPTSECURITYMANAGER + NS_DECL_NSIXPCSECURITYMANAGER static nsScriptSecurityManager * GetScriptSecurityManager(); @@ -61,6 +65,9 @@ private: char * GetSitePolicy(const char *org); + NS_IMETHOD + CheckXPCPermissions(JSContext *cx); + nsIPrincipal *mSystemPrincipal; }; diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 8a925fa3f4c..7edbf8ec474 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -30,17 +30,36 @@ #include "nsSystemPrincipal.h" #include "nsCodebasePrincipal.h" #include "nsCRT.h" +#include "nsXPIDLString.h" static NS_DEFINE_CID(kPrefServiceCID, NS_PREF_CID); static NS_DEFINE_CID(kURLCID, NS_STANDARDURL_CID); static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID); static NS_DEFINE_IID(kIScriptSecurityManagerIID, NS_ISCRIPTSECURITYMANAGER_IID); +static NS_DEFINE_IID(kIXPCSecurityManagerIID, NS_IXPCSECURITYMANAGER_IID); -NS_IMPL_ISUPPORTS(nsScriptSecurityManager, kIScriptSecurityManagerIID); +NS_IMETHODIMP +nsScriptSecurityManager::QueryInterface(REFNSIID aIID, void** aInstancePtr) +{ + if (nsnull == aInstancePtr) + return NS_ERROR_NULL_POINTER; + if (aIID.Equals(kIScriptSecurityManagerIID)) { + *aInstancePtr = (void*)(nsIScriptSecurityManager *)this; + NS_ADDREF_THIS(); + return NS_OK; + } + if (aIID.Equals(kIXPCSecurityManagerIID)) { + *aInstancePtr = (void*)(nsIXPCSecurityManager *)this; + NS_ADDREF_THIS(); + return NS_OK; + } + return NS_NOINTERFACE; +} -static char gFileScheme[] = "file"; +NS_IMPL_ADDREF(nsScriptSecurityManager); +NS_IMPL_RELEASE(nsScriptSecurityManager); -static char accessErrorMessage[] = +static const char accessErrorMessage[] = "access disallowed from scripts at %s to documents at another domain"; nsScriptSecurityManager::nsScriptSecurityManager(void) @@ -94,33 +113,36 @@ nsScriptSecurityManager::CheckURI(nsIScriptContext *aContext, nsIURI *aURI, PRBool *aResult) { -#if 0 nsXPIDLCString scheme; - if (NS_FAILED(aURI->GetScheme(getter_Copies(scheme))) + if (NS_FAILED(aURI->GetScheme(getter_Copies(scheme)))) return NS_ERROR_FAILURE; - if (nsCRT::strcmp(scheme, "http") == 0 || - nsCRT::strcmp(scheme, "https") == 0 || - nsCRT::strcmp(scheme, "ftp") == 0 || - nsCRT::strcmp(scheme, "mailto") == 0 || - nsCRT::strcmp(scheme, "news") == 0) + if (nsCRT::strcmp(scheme, "http") == 0 || + nsCRT::strcmp(scheme, "https") == 0 || + nsCRT::strcmp(scheme, "javascript") == 0 || + nsCRT::strcmp(scheme, "ftp") == 0 || + nsCRT::strcmp(scheme, "mailto") == 0 || + nsCRT::strcmp(scheme, "news") == 0) { *aResult = PR_TRUE; return NS_OK; } if (nsCRT::strcmp(scheme, "file") == 0) { - JSContext *cx = (JSContext*) (*aContext)->GetNativeContext(); + JSContext *cx = (JSContext*) aContext->GetNativeContext(); nsCOMPtr principal; - if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))) + if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))) || + !principal) + { return NS_ERROR_FAILURE; + } nsCOMPtr codebase; if (NS_SUCCEEDED(principal->QueryInterface( NS_GET_IID(nsICodebasePrincipal), (void **) getter_AddRefs(codebase)))) { nsCOMPtr uri; - if (NS_SUCCEEDED(codebase->GetURI(getter_AddRefs(uri))) { + if (NS_SUCCEEDED(codebase->GetURI(getter_AddRefs(uri)))) { nsXPIDLCString scheme2; - if (NS_SUCCEEDED(uri->GetScheme(getter_Copies(scheme2)) && + if (NS_SUCCEEDED(uri->GetScheme(getter_Copies(scheme2))) && nsCRT::strcmp(scheme2, "file") == 0) { *aResult = PR_TRUE; @@ -128,140 +150,33 @@ nsScriptSecurityManager::CheckURI(nsIScriptContext *aContext, } } } - if (NS_FAILED(principal->CanAccess("UniversalFileRead", aResult)) + if (NS_FAILED(principal->CanAccess("UniversalFileRead", aResult))) return NS_ERROR_FAILURE; + + if (!*aResult) { + // Report error. + nsXPIDLCString spec; + if (NS_FAILED(aURI->GetSpec(getter_Copies(spec)))) + return NS_ERROR_FAILURE; + JS_ReportError(cx, "illegal URL method '%s'", (const char *)spec); + } return NS_OK; } + if (nsCRT::strcmp(scheme, "about") == 0) { + nsXPIDLCString spec; + if (NS_FAILED(aURI->GetSpec(getter_Copies(spec)))) + return NS_ERROR_FAILURE; + if (nsCRT::strcmp(spec, "about:blank") == 0) { + *aResult = PR_TRUE; + return NS_OK; + } + } - - -#endif - *aResult = PR_TRUE; + // Otherwise, not allowed. + *aResult = PR_FALSE; return NS_OK; } -#if 0 -// temporary: for reference -const char * -lm_CheckURL(JSContext *cx, const char *url_string, JSBool checkFile) -{ - char *protocol, *absolute; - JSObject *obj; - MochaDecoder *decoder; - - protocol = NET_ParseURL(url_string, GET_PROTOCOL_PART); - if (!protocol || *protocol == '\0' || XP_STRCHR(protocol, '?')) { - lo_TopState *top_state; - - obj = JS_GetGlobalObject(cx); - decoder = JS_GetPrivate(cx, obj); - - LO_LockLayout(); - top_state = lo_GetMochaTopState(decoder->window_context); - if (top_state && top_state->base_url) { - absolute = NET_MakeAbsoluteURL(top_state->base_url, - (char *)url_string); /*XXX*/ - /* - * Temporarily unlock layout so that we don't hold the lock - * across a call (lm_CheckPermissions) that may result in - * synchronous event handling. - */ - LO_UnlockLayout(); - if (!lm_CheckPermissions(cx, obj, - JSTARGET_UNIVERSAL_BROWSER_READ)) - { - /* Don't leak information about the url of this page. */ - XP_FREEIF(absolute); - return NULL; - } - LO_LockLayout(); - } else { - absolute = NULL; - } - if (absolute) { - if (protocol) XP_FREE(protocol); - protocol = NET_ParseURL(absolute, GET_PROTOCOL_PART); - } - LO_UnlockLayout(); - } else { - absolute = JS_strdup(cx, url_string); - if (!absolute) { - XP_FREE(protocol); - return NULL; - } - decoder = NULL; - } - - if (absolute) { - - /* Make sure it's a safe URL type. */ - switch (NET_URL_Type(protocol)) { - case FILE_TYPE_URL: - if (checkFile) { - const char *subjectOrigin = lm_GetSubjectOriginURL(cx); - if (subjectOrigin == NULL) { - XP_FREE(protocol); - return NULL; - } - if (NET_URL_Type(subjectOrigin) != FILE_TYPE_URL && - !lm_CanAccessTarget(cx, JSTARGET_UNIVERSAL_FILE_READ)) - { - XP_FREE(absolute); - absolute = NULL; - } - } - break; - case FTP_TYPE_URL: - case GOPHER_TYPE_URL: - case HTTP_TYPE_URL: - case MAILTO_TYPE_URL: - case NEWS_TYPE_URL: - case RLOGIN_TYPE_URL: - case TELNET_TYPE_URL: - case TN3270_TYPE_URL: - case WAIS_TYPE_URL: - case SECURE_HTTP_TYPE_URL: - case URN_TYPE_URL: - case NFS_TYPE_URL: - case MOCHA_TYPE_URL: - case VIEW_SOURCE_TYPE_URL: - case NETHELP_TYPE_URL: - case WYSIWYG_TYPE_URL: - case LDAP_TYPE_URL: -#ifdef JAVA -/* DHIREN */ - case MARIMBA_TYPE_URL: -/* ~DHIREN */ -#endif - /* These are "safe". */ - break; - case ABOUT_TYPE_URL: - if (XP_STRCASECMP(absolute, "about:blank") == 0) - break; - if (XP_STRNCASECMP(absolute, "about:pics", 10) == 0) - break; - /* these are OK if we are signed */ - if (lm_CanAccessTarget(cx, JSTARGET_UNIVERSAL_BROWSER_READ)) - break; - /* FALL THROUGH */ - default: - /* All others are naughty. */ - /* XXX signing - should we allow these for signed scripts? */ - XP_FREE(absolute); - absolute = NULL; - break; - } - } - - if (!absolute) { - JS_ReportError(cx, "illegal URL method '%s'", - protocol && *protocol ? protocol : url_string); - } - if (protocol) - XP_FREE(protocol); - return absolute; -} -#endif NS_IMETHODIMP nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result) @@ -348,8 +263,9 @@ nsScriptSecurityManager::GetSubjectPrincipal(JSContext *aCx, */ } #endif - // Couldn't find principals. - return NS_ERROR_FAILURE; + // Couldn't find principals: no mobile code on stack. + *result = nsnull; + return NS_OK; } @@ -385,7 +301,7 @@ nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj, ** Get origin of subject and object and compare. */ nsCOMPtr subject; - if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject)))) + if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject))) || !subject) return NS_ERROR_FAILURE; nsCOMPtr object; @@ -577,3 +493,83 @@ nsScriptSecurityManager::GetSitePolicy(const char *org) PR_FREEIF(sitepol); return retval; } + + +NS_IMETHODIMP +nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext) +{ +#if 0 + nsCOMPtr subject; + if (NS_FAILED(GetSubjectPrincipal(aJSContext, getter_AddRefs(subject)))) + return NS_ERROR_FAILURE; + if (!subject) + return NS_OK; // No mobile code executing. + PRBool ok = PR_FALSE; + if (NS_FAILED(subject->CanAccess("UniversalXPConnect", &ok))) + return NS_ERROR_FAILURE; + if (!ok) { + JS_ReportError(aJSContext, "Access denied to XPConnect service."); + NS_ASSERTION(ok, "Access denied to XPConnect service."); + return NS_ERROR_FAILURE; + } +#endif + return NS_OK; +} + + +NS_IMETHODIMP +nsScriptSecurityManager::CanCreateWrapper(JSContext * aJSContext, + const nsIID & aIID, + nsISupports * aObj) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanCreateInstance(JSContext * aJSContext, + const nsCID & aCID) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanGetService(JSContext * aJSContext, + const nsCID & aCID) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanCallMethod(JSContext * aJSContext, + const nsIID & aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanGetProperty(JSContext * aJSContext, + const nsIID & aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + +NS_IMETHODIMP +nsScriptSecurityManager::CanSetProperty(JSContext * aJSContext, + const nsIID & aIID, + nsISupports *aObj, + nsIInterfaceInfo *aInterfaceInfo, + PRUint16 aMethodIndex, + const jsid aName) +{ + return CheckXPCPermissions(aJSContext); +} + + diff --git a/mozilla/caps/src/nsSecurityManagerFactory.cpp b/mozilla/caps/src/nsSecurityManagerFactory.cpp index 19e703b0d0c..183d00702c8 100644 --- a/mozilla/caps/src/nsSecurityManagerFactory.cpp +++ b/mozilla/caps/src/nsSecurityManagerFactory.cpp @@ -21,20 +21,13 @@ #include "nsIServiceManager.h" #include "nsISupports.h" #include "nsIGenericFactory.h" -//#include "nsICapsManager.h" -//#include "nsCCapsManager.h" -//#include "nsPrincipalManager.h" -//#include "nsIPrivilegeManager.h" -//#include "nsPrivilegeManager.h" #include "nsIScriptSecurityManager.h" #include "nsScriptSecurityManager.h" #include "nsIPrincipal.h" #include "nsCodebasePrincipal.h" -//static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID); static NS_DEFINE_CID(kComponentManagerCID, NS_COMPONENTMANAGER_CID); static NS_DEFINE_CID(kGenericFactoryCID, NS_GENERICFACTORY_CID); -//static NS_DEFINE_CID(kCCapsManagerCID, NS_CCAPSMANAGER_CID); NS_GENERIC_FACTORY_CONSTRUCTOR(nsCodebasePrincipal) @@ -47,7 +40,7 @@ Construct_nsIScriptSecurityManager(nsISupports *aOuter, REFNSIID aIID, *aResult = nsnull; if (aOuter) return NS_ERROR_NO_AGGREGATION; - nsISupports *obj = nsScriptSecurityManager::GetScriptSecurityManager(); + nsScriptSecurityManager *obj = nsScriptSecurityManager::GetScriptSecurityManager(); if (!obj) return NS_ERROR_OUT_OF_MEMORY; if (NS_FAILED(obj->QueryInterface(aIID, aResult))) @@ -112,24 +105,6 @@ done: return rv; } -/* -static NS_IMETHODIMP -Construct_nsIPrincipalManager(nsISupports * aOuter, REFNSIID aIID, void * * aResult) -{ - nsresult rv; - nsPrincipalManager* obj = nsnull; - if(!aResult) return NS_ERROR_NULL_POINTER; - *aResult = NULL; - if(aOuter) return NS_ERROR_NO_AGGREGATION; - rv = nsnull; //nsPrincipalManager::GetPrincipalManager(&obj); - if(!obj) return NS_ERROR_OUT_OF_MEMORY; - if(NS_FAILED(rv)) return rv; - rv = obj->QueryInterface(aIID, aResult); - NS_ASSERTION(NS_SUCCEEDED(rv), "unable to find correct interface"); - return rv; -} -*/ - extern "C" PR_IMPLEMENT(nsresult) NSGetFactory(nsISupports *aServMgr, const nsCID &aClass, const char *aClassName, const char *aProgID, @@ -151,14 +126,6 @@ NSGetFactory(nsISupports *aServMgr, const nsCID &aClass, rv = factory->SetConstructor(Construct_nsIScriptSecurityManager); else if (aClass.Equals(nsCodebasePrincipal::GetCID())) rv = factory->SetConstructor(nsCodebasePrincipalConstructor); - /* - else if (aClass.Equals(kCCapsManagerCID)) - rv = factory->SetConstructor(Construct_nsISecurityManager); - else if (aClass.Equals(nsPrivilegeManager::GetCID())) - rv = factory->SetConstructor(Construct_nsIPrivilegeManager); - else if (aClass.Equals(nsPrincipalManager::GetCID())) - rv = factory->SetConstructor(Construct_nsIPrincipalManager); - */ else { NS_ASSERTION(0, "incorrectly registered"); rv = NS_ERROR_NO_INTERFACE; @@ -202,23 +169,6 @@ NSRegisterSelf(nsISupports *aServMgr, const char *aPath) PR_TRUE, PR_TRUE); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - /* - rv = compMgr->RegisterComponent(kCCapsManagerCID, NS_CCAPSMANAGER_CLASSNAME, - NS_CCAPSMANAGER_PROGID, aPath, PR_TRUE, - PR_TRUE); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - rv = compMgr->RegisterComponent(nsPrivilegeManager::GetCID(), - NS_PRIVILEGEMANAGER_CLASSNAME, - NS_PRIVILEGEMANAGER_PROGID, aPath, - PR_TRUE, PR_TRUE); - if (NS_FAILED(rv)) - return NS_ERROR_FAILURE; - rv = compMgr->RegisterComponent(nsPrincipalManager::GetCID(), - NS_PRINCIPALMANAGER_CLASSNAME, - NS_PRINCIPALMANAGER_PROGID, aPath, - PR_TRUE, PR_TRUE); - */ if (NS_FAILED(rv)) return NS_ERROR_FAILURE; return NS_OK; @@ -240,16 +190,5 @@ NSUnregisterSelf(nsISupports *aServMgr, const char *aPath) rv = compMgr->UnregisterComponent(nsCodebasePrincipal::GetCID(), aPath); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - /* - rv = compMgr->UnregisterComponent(kCCapsManagerCID, aPath); - if (NS_FAILED(rv)) - return NS_ERROR_FALURE; - rv = compMgr->UnregisterComponent(nsPrivilegeManager::GetCID(), aPath); - if (NS_FAILED(rv)) - return NS_ERROR_FALURE; - rv = compMgr->UnregisterComponent(nsPrincipalManager::GetCID(), aPath); - if (NS_FAILED(rv)) - return NS_ERROR_FALURE; - */ return NS_OK; } diff --git a/mozilla/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/chrome/src/nsChromeProtocolHandler.cpp index 4dfcfbd9273..2dae08c86bb 100644 --- a/mozilla/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/chrome/src/nsChromeProtocolHandler.cpp @@ -26,6 +26,7 @@ #include "nsIChannel.h" #include "nsIChromeRegistry.h" #include "nsCOMPtr.h" +#include "nsXPIDLString.h" #include "nsIScriptSecurityManager.h" static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID); @@ -188,6 +189,11 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri, return NS_ERROR_FAILURE; } (*result)->SetPrincipal(principal); +#ifdef DEBUG_norris + nsXPIDLCString spec; + uri->GetSpec(getter_Copies(spec)); + fprintf(stderr, "System principal created for %s\n", (const char *)spec); +#endif } NS_RELEASE(chromeURI); diff --git a/mozilla/dom/src/base/nsGlobalWindow.cpp b/mozilla/dom/src/base/nsGlobalWindow.cpp index d43774b3e55..c64b48c974f 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.cpp +++ b/mozilla/dom/src/base/nsGlobalWindow.cpp @@ -1984,19 +1984,19 @@ GlobalWindowImpl::Open(JSContext *cx, // as a JS property named "arguments" NS_IMETHODIMP GlobalWindowImpl::OpenDialog(JSContext *cx, - jsval *argv, - PRUint32 argc, - nsIDOMWindow** aReturn) + jsval *argv, + PRUint32 argc, + nsIDOMWindow** aReturn) { return OpenInternal(cx, argv, argc, PR_TRUE, aReturn); } nsresult GlobalWindowImpl::OpenInternal(JSContext *cx, - jsval *argv, - PRUint32 argc, - PRBool aDialog, - nsIDOMWindow** aReturn) + jsval *argv, + PRUint32 argc, + PRBool aDialog, + nsIDOMWindow** aReturn) { PRUint32 chromeFlags; nsAutoString mAbsURL, name; @@ -2096,6 +2096,21 @@ GlobalWindowImpl::OpenInternal(JSContext *cx, if (NS_SUCCEEDED(ReadyOpenedWebShell(newOuterShell, aReturn))) { if (aDialog && argc > 3) AttachArguments(*aReturn, argv+3, argc-3); + + // Get security manager, check to see if URI is allowed. + nsIScriptContext *scriptCX = (nsIScriptContext *)JS_GetContextPrivate(cx); + nsCOMPtr newUrl; + nsCOMPtr secMan; + PRBool ok = PR_FALSE; + if (NS_FAILED(scriptCX->GetSecurityManager(getter_AddRefs(secMan))) || + NS_FAILED(NS_NewURI(getter_AddRefs(newUrl), mAbsURL)) || + NS_FAILED(secMan->CheckURI(scriptCX, newUrl, &ok)) || !ok) + { + NS_RELEASE(newOuterShell); + NS_RELEASE(webShellContainer); + return NS_ERROR_FAILURE; + } + newOuterShell->SetName(name.GetUnicode()); newOuterShell->LoadURL(mAbsURL.GetUnicode()); SizeAndShowOpenedWebShell(newOuterShell, options, windowIsNew, aDialog); diff --git a/mozilla/dom/src/base/nsGlobalWindow.h b/mozilla/dom/src/base/nsGlobalWindow.h index 2f4d33eac50..2e4c1a9ee44 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.h +++ b/mozilla/dom/src/base/nsGlobalWindow.h @@ -399,6 +399,7 @@ protected: PRBool aReplace); nsresult GetSourceURL(JSContext* cx, nsIURI** sourceURL); + nsresult CheckURL(nsIURI *url); nsIWebShell *mWebShell; void *mScriptObject; diff --git a/mozilla/dom/src/base/nsJSEnvironment.cpp b/mozilla/dom/src/base/nsJSEnvironment.cpp index 8575cf170f2..eae859b983a 100644 --- a/mozilla/dom/src/base/nsJSEnvironment.cpp +++ b/mozilla/dom/src/base/nsJSEnvironment.cpp @@ -326,8 +326,6 @@ nsJSContext::AddNamedReference(void *aSlot, void *aScriptObject, const char *aNa NS_IMETHODIMP nsJSContext::RemoveReference(void *aSlot, void *aScriptObject) { - JSObject *obj = (JSObject *)aScriptObject; - return (::JS_RemoveRoot(mContext, aSlot)) ? NS_OK : NS_ERROR_FAILURE; } @@ -476,6 +474,10 @@ nsIScriptContext* nsJSEnvironment::GetNewContext() return context; } +#define XPC_HOOK_VALUE (nsIXPCSecurityManager::HOOK_CREATE_WRAPPER | \ + nsIXPCSecurityManager::HOOK_CREATE_INSTANCE | \ + nsIXPCSecurityManager::HOOK_GET_SERVICE) + extern "C" NS_DOM nsresult NS_CreateScriptContext(nsIScriptGlobalObject *aGlobal, nsIScriptContext **aContext) { @@ -507,7 +509,7 @@ extern "C" NS_DOM nsresult NS_CreateScriptContext(nsIScriptGlobalObject *aGlobal (*aContext)->InitContext(aGlobal); aGlobal->SetContext(*aContext); if (NS_SUCCEEDED(rv)) - xpc->SetSecurityManagerForJSContext(cx, xpcSecurityManager, nsIXPCSecurityManager::HOOK_ALL); + xpc->SetSecurityManagerForJSContext(cx, xpcSecurityManager, XPC_HOOK_VALUE); } NS_RELEASE(owner); } diff --git a/mozilla/dom/src/base/nsLocation.cpp b/mozilla/dom/src/base/nsLocation.cpp index ae14b82eb83..4954ff088a9 100644 --- a/mozilla/dom/src/base/nsLocation.cpp +++ b/mozilla/dom/src/base/nsLocation.cpp @@ -31,6 +31,7 @@ static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID); #include "nsCOMPtr.h" #include "nsJSUtils.h" #include "nsIScriptSecurityManager.h" +#include "nsIJSContextStack.h" static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID); static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID); @@ -118,6 +119,34 @@ LocationImpl::SetWebShell(nsIWebShell *aWebShell) mWebShell = aWebShell; } +nsresult +LocationImpl::CheckURL(nsIURI* aURL) +{ + nsresult result; + // Get JSContext from stack. + NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", + &result); + if (NS_FAILED(result)) + return NS_ERROR_FAILURE; + JSContext *cx; + if (NS_FAILED(stack->Peek(&cx))) + return NS_ERROR_FAILURE; + + // Get security manager. + nsIScriptContext *scriptCX = (nsIScriptContext *)JS_GetContextPrivate(cx); + nsCOMPtr secMan; + if (NS_FAILED(scriptCX->GetSecurityManager(getter_AddRefs(secMan)))) + return NS_ERROR_FAILURE; + + // Check to see if URI is allowed. + PRBool ok = PR_FALSE; + if (NS_FAILED(secMan->CheckURI(scriptCX, aURL, &ok)) || !ok) + return NS_ERROR_FAILURE; + + return NS_OK; +} + + nsresult LocationImpl::SetURL(nsIURI* aURL) { @@ -132,6 +161,10 @@ LocationImpl::SetURL(nsIURI* aURL) aURL->GetSpec(&spec); nsAutoString s = spec; #endif + + if (NS_FAILED(CheckURL(aURL))) + return NS_ERROR_FAILURE; + return mWebShell->LoadURL(s.GetUnicode(), nsnull, PR_TRUE); } else { @@ -399,13 +432,13 @@ LocationImpl::SetHrefWithBase(const nsString& aHref, PRBool aReplace) { nsresult result; - nsIURI* newUrl; + nsCOMPtr newUrl; nsAutoString newHref; #ifndef NECKO - result = NS_NewURL(&newUrl, aHref, aBase); + result = NS_NewURL(getter_AddRefs(newUrl), aHref, aBase); #else - result = NS_NewURI(&newUrl, aHref, aBase); + result = NS_NewURI(getter_AddRefs(newUrl), aHref, aBase); #endif // NECKO if (NS_OK == result) { #ifdef NECKO @@ -420,29 +453,14 @@ LocationImpl::SetHrefWithBase(const nsString& aHref, nsCRT::free(spec); #endif } - NS_RELEASE(newUrl); } if ((NS_OK == result) && (nsnull != mWebShell)) { -#if 0 - // Get JSContext from stack - NS_WITH_SERVICE(nsIJSContextStack, stack, "nsThreadJSContextStack", - &result); - if (NS_FAILED(result)) - return NS_ERROR_FAILURE; - JSContext *cx = stack.Peek(); - // Get security manager - nsIScriptContext *scriptCX = (nsIScriptContext *)JS_GetContextPrivate(cx); - nsCOMPtr secMan; - if (NS_FAILED(scriptCX->GetSecurityManager(getter_AddRefs(secMan)))) + if (NS_FAILED(CheckURL(newUrl))) return NS_ERROR_FAILURE; - // Check to see if URI is legal. - PRBool ok = PR_FALSE; - if (NS_FAILED(secMan->CheckURI(scriptCX, newUrl, &ok) || !ok)) - return NS_ERROR_FAILURE; -#endif + // Load new URI. result = mWebShell->LoadURL(newHref.GetUnicode(), nsnull, aReplace); } diff --git a/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp b/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp index 244a87afab2..459c5064377 100644 --- a/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp +++ b/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp @@ -79,8 +79,8 @@ nsFileChannel::nsFileChannel() mBufferInputStream(nsnull), mBufferOutputStream(nsnull), mStatus(NS_OK), mHandler(nsnull), mSourceOffset(0), mLoadAttributes(LOAD_NORMAL), - mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mRealListener(nsnull), - mPrincipal(nsnull) + mReadFixedAmount(PR_FALSE), mLoadGroup(nsnull), mPrincipal(nsnull), + mRealListener(nsnull) { NS_INIT_REFCNT(); #if defined(PR_LOGGING) diff --git a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp index 4dfcfbd9273..2dae08c86bb 100644 --- a/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp +++ b/mozilla/rdf/chrome/src/nsChromeProtocolHandler.cpp @@ -26,6 +26,7 @@ #include "nsIChannel.h" #include "nsIChromeRegistry.h" #include "nsCOMPtr.h" +#include "nsXPIDLString.h" #include "nsIScriptSecurityManager.h" static NS_DEFINE_CID(kStandardURLCID, NS_STANDARDURL_CID); @@ -188,6 +189,11 @@ nsChromeProtocolHandler::NewChannel(const char* verb, nsIURI* uri, return NS_ERROR_FAILURE; } (*result)->SetPrincipal(principal); +#ifdef DEBUG_norris + nsXPIDLCString spec; + uri->GetSpec(getter_Copies(spec)); + fprintf(stderr, "System principal created for %s\n", (const char *)spec); +#endif } NS_RELEASE(chromeURI);