Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).

bustage (const char*) sr=jst git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
2003-06-26 03:27:01 +00:00
parent 1f119e2e86
commit 543383a0e6
2 changed files with 7 additions and 7 deletions
--- a/mozilla/caps/src/nsScriptSecurityManager.cpp
+++ b/mozilla/caps/src/nsScriptSecurityManager.cpp
@@ -154,16 +154,16 @@ public:
        return GetFlags() & nsIClassInfo::CONTENT_NODE;
    }

-    char* GetName()
+    const char* GetName()
    {
        if (!mName)
        {
            if (mClassInfo)
                mClassInfo->GetClassDescription(&mName);
-            if (mName)
-                mMustFreeName = PR_TRUE;
-            else
-                mName = NS_REINTERPRET_CAST(char*,"UnnamedClass");
+            if (!mName)
+                return "UnnamedClass";
+
+            mMustFreeName = PR_TRUE;
        }
        return mName;
    }
@@ -907,7 +907,7 @@ nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,

 nsresult
 nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
-                                     char* aClassName, jsval aProperty,
+                                     const char* aClassName, jsval aProperty,
                                     PRUint32 aAction,
                                     ClassPolicy** aCachedClassPolicy,
                                     SecurityLevel* result)