Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing 40159 and 44822, both [nsbeta2+] regressions on signed scripts. r=sgehani

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@74078 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
mstoltz%netscape.com 2000-07-12 03:10:33 +00:00
parent eb460aaa2a
commit 9e2ab39e7d
13 changed files with 215 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
mozilla/caps/src/nsScriptSecurityManager.cpp
View File

@ -552,9 +552,7 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI,
case PrefAccess:
// Allow access if pref is set
NS_ASSERTION(mPrefs,"nsScriptSecurityManager::mPrefs not initialized");
mIsAccessingPrefs = PR_TRUE;
mPrefs->GetBoolPref("security.checkloaduri", &doCheck);
mIsAccessingPrefs = PR_FALSE;
mPrefs->GetSecBoolPref("security.checkloaduri", &doCheck);
if (!doCheck)
return NS_OK;
// Otherwise fall through to Deny.
@ -862,14 +860,7 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
*result = PR_TRUE;
return NS_OK;
}
// If this capability check is being called as a result of the security
// manager accessing a security preference, allow execution.
if (mIsAccessingPrefs &&
(PL_strcmp(capability, "SecurityPreferencesAccess") == 0))
{
*result = PR_TRUE;
return NS_OK;
}
do {
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(GetFramePrincipal(cx, fp, getter_AddRefs(principal)))) {
@ -1565,13 +1556,11 @@ nsScriptSecurityManager::GetSecurityLevel(nsIPrincipal *principal,
PRInt32 secLevel;
char *secLevelString;
nsresult rv;
mIsAccessingPrefs = PR_TRUE;
rv = mPrefs->CopyCharPref(prefName, &secLevelString);
rv = mPrefs->CopySecCharPref(prefName, &secLevelString);
if (NS_FAILED(rv)) {
prefName += (isWrite ? ".write" : ".read");
rv = mPrefs->CopyCharPref(prefName, &secLevelString);
rv = mPrefs->CopySecCharPref(prefName, &secLevelString);
}
mIsAccessingPrefs = PR_FALSE;
if (NS_SUCCEEDED(rv) && secLevelString) {
if (PL_strcmp(secLevelString, "sameOrigin") == 0)
secLevel = SCRIPT_SECURITY_SAME_DOMAIN_ACCESS;
@ -1610,11 +1599,9 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext *aJSContext,
if (NS_SUCCEEDED(rv))
{
PRBool allow = PR_FALSE;
mIsAccessingPrefs = PR_TRUE;
//XXX May want to store the value of the pref in a local,
// this will help performance when dealing with plugins.
rv = mPrefs->GetBoolPref("security.xpconnect.plugin.unrestricted", &allow);
mIsAccessingPrefs = PR_FALSE;
rv = mPrefs->GetSecBoolPref("security.xpconnect.plugin.unrestricted", &allow);
if (NS_SUCCEEDED(rv) && allow)
return NS_OK;
}
@ -1747,19 +1734,19 @@ nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
mIsAccessingPrefs = PR_TRUE;
if (grantedList)
mPrefs->SetCharPref(grantedPrefName, grantedList);
mPrefs->SetSecCharPref(grantedPrefName, grantedList);
else
mPrefs->ClearUserPref(grantedPrefName);
mPrefs->ClearSecUserPref(grantedPrefName);
if (deniedList)
mPrefs->SetCharPref(deniedPrefName, deniedList);
mPrefs->SetSecCharPref(deniedPrefName, deniedList);
else
mPrefs->ClearUserPref(deniedPrefName);
mPrefs->ClearSecUserPref(deniedPrefName);
if (grantedList || deniedList)
mPrefs->SetCharPref(idPrefName, id);
mPrefs->SetSecCharPref(idPrefName, id);
else
mPrefs->ClearUserPref(idPrefName);
mPrefs->ClearSecUserPref(idPrefName);
mIsAccessingPrefs = PR_FALSE;
return mPrefs->SavePrefFile();
@ -1840,7 +1827,7 @@ nsScriptSecurityManager::EnumeratePolicyCallback(const char *prefName,
return;
}
char *s;
if (NS_FAILED(mgr->mPrefs->CopyCharPref(prefName, &s)))
if (NS_FAILED(mgr->mPrefs->CopySecCharPref(prefName, &s)))
return;
char *q=s;
char *r=s;
@ -1959,7 +1946,7 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName,
return;
char* id;
if (NS_FAILED(info->prefs->CopyCharPref(prefName, &id)))
if (NS_FAILED(info->prefs->CopySecCharPref(prefName, &id)))
return;
nsXPIDLCString grantedPrefName;
@ -1970,9 +1957,9 @@ nsScriptSecurityManager::EnumeratePrincipalsCallback(const char *prefName,
return;
char* grantedList = nsnull;
info->prefs->CopyCharPref(grantedPrefName, &grantedList);
info->prefs->CopySecCharPref(grantedPrefName, &grantedList);
char* deniedList = nsnull;
info->prefs->CopyCharPref(deniedPrefName, &deniedList);
info->prefs->CopySecCharPref(deniedPrefName, &deniedList);
static const char certificateName[] = "security.principal.certificate";
static const char codebaseName[] = "security.principal.codebase";
@ -2017,14 +2004,14 @@ nsScriptSecurityManager::JSEnabledPrefChanged(const char *pref, void *data)
{
nsScriptSecurityManager *secMgr = (nsScriptSecurityManager *) data;
if (NS_FAILED(secMgr->mPrefs->GetBoolPref(jsEnabledPrefName,
if (NS_FAILED(secMgr->mPrefs->GetSecBoolPref(jsEnabledPrefName,
&secMgr->mIsJavaScriptEnabled)))
{
// Default to enabled.
secMgr->mIsJavaScriptEnabled = PR_TRUE;
}
if (NS_FAILED(secMgr->mPrefs->GetBoolPref(jsMailEnabledPrefName,
if (NS_FAILED(secMgr->mPrefs->GetSecBoolPref(jsMailEnabledPrefName,
&secMgr->mIsMailJavaScriptEnabled)))
{
// Default to enabled.
@ -2089,7 +2076,7 @@ nsScriptSecurityManager::InitFromPrefs()
// set callbacks in case the value of the pref changes
prefs->RegisterCallback(jsEnabledPrefName, JSEnabledPrefChanged, this);
prefs->RegisterCallback(jsMailEnabledPrefName, JSEnabledPrefChanged, this);
prefs->EnumerateChildren("security.policy",
prefs->EnumerateChildren("security.policy",
nsScriptSecurityManager::EnumeratePolicyCallback,
(void *) this);
@ -2101,6 +2088,7 @@ nsScriptSecurityManager::InitFromPrefs()
EnumeratePrincipalsInfo info;
info.ht = mPrincipals;
info.prefs = mPrefs;
prefs->EnumerateChildren("security.principal",
nsScriptSecurityManager::EnumeratePrincipalsCallback,
(void *) &info);

7
mozilla/modules/libjar/nsIZipReader.idl
View File

@ -52,6 +52,7 @@ interface nsIZipReader : nsISupports
const short INVALID_UNKNOWN_CA = 3;
const short INVALID_MANIFEST = 4;
const short INVALID_ENTRY = 5;
const short NO_MANIFEST = 6;
/**
* Initializes a zip reader after construction.
@ -101,12 +102,6 @@ interface nsIZipReader : nsISupports
*/
void getCertificatePrincipal(in string aEntryName, out nsIPrincipal aPrincipal);
/**
* Verifies aData against a digital signature stored in the archive. Returns
* a principal if verification succeeds, null otherwise.
*/
nsIPrincipal verifyExternalData(in string aEntryName, in string aData,
in unsigned long aLength);
};
////////////////////////////////////////////////////////////////////////////////

199
mozilla/modules/libjar/nsJAR.cpp
View File

@ -103,7 +103,7 @@ public:
// True if the second step of verification (VerifyEntry)
// has taken place:
PRBool step2Complete;
PRBool entryVerified;
// Not signed, valid, or failure code
PRInt16 status;
@ -120,7 +120,7 @@ public:
// nsJARManifestItem constructors and destructor
//-------------------------------------------------
nsJARManifestItem::nsJARManifestItem(): mType(JAR_INTERNAL),
step2Complete(PR_FALSE),
entryVerified(PR_FALSE),
status(nsIZipReader::NOT_SIGNED),
calculatedSectionDigest(nsnull),
storedEntryDigest(nsnull)
@ -285,11 +285,19 @@ nsJAR::FindEntries(const char *aPattern, nsISimpleEnumerator **result)
}
NS_IMETHODIMP
nsJAR::GetInputStream(const char *aFilename, nsIInputStream **result)
nsJAR::GetInputStream(const char* aFilename, nsIInputStream** result)
{
if (!result)
return NS_OK;
return CreateInputStream(aFilename, PR_TRUE, result);
NS_ENSURE_ARG_POINTER(result);
nsresult rv;
nsJARInputStream* jis = nsnull;
rv = nsJARInputStream::Create(nsnull, NS_GET_IID(nsIInputStream), (void**)&jis);
if (!jis) return NS_ERROR_FAILURE;
rv = jis->Init(this, aFilename);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
*result = (nsIInputStream*)jis;
return NS_OK;
}
NS_IMETHODIMP
@ -300,6 +308,18 @@ nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal)
return NS_ERROR_NULL_POINTER;
*aPrincipal = nsnull;
//-- Get the signature verifier service
nsresult rv;
NS_WITH_SERVICE(nsISignatureVerifier, verifier, SIGNATURE_VERIFIER_PROGID, &rv);
if (NS_FAILED(rv)) // No signature verifier available
return NS_OK;
//-- Parse the manifest
rv = ParseManifest(verifier);
if (NS_FAILED(rv)) return rv;
if (mGlobalStatus == nsIZipReader::NO_MANIFEST)
return NS_OK;
PRInt16 requestedStatus;
if (aFilename)
{
@ -308,26 +328,20 @@ nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal)
nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key);
if (!manItem)
return NS_OK;
if (!manItem->step2Complete)
//-- Verify the item against the manifest
if (!manItem->entryVerified)
{
NS_ASSERTION(manItem->step2Complete,
"nsJAR: Attempt to get principal before verification.");
return NS_ERROR_FAILURE;
nsXPIDLCString entryData;
PRUint32 entryDataLen;
rv = LoadEntry(aFilename, getter_Copies(entryData), &entryDataLen);
if (NS_FAILED(rv)) return rv;
rv = VerifyEntry(verifier, manItem, entryData, entryDataLen);
if (NS_FAILED(rv)) return rv;
}
requestedStatus = manItem->status;
}
else // User wants identity of signer w/o verifying any entries
{
if (!mParsedManifest)
{
nsresult rv;
NS_WITH_SERVICE(nsISignatureVerifier, verifier, SIGNATURE_VERIFIER_PROGID, &rv);
if (NS_FAILED(rv)) // No signature verifier available
return NS_ERROR_FAILURE;
ParseManifest(verifier);
}
requestedStatus = mGlobalStatus;
}
if (requestedStatus != nsIZipReader::VALID)
ReportError(aFilename, requestedStatus);
@ -339,40 +353,16 @@ nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal)
return NS_OK;
}
NS_IMETHODIMP
nsJAR::VerifyExternalData(const char* aFilename, const char* aData, PRUint32 aLen,
nsIPrincipal** result)
{
if (NS_FAILED(VerifyEntry(aFilename, aData, aLen)))
return NS_ERROR_FAILURE;
return GetCertificatePrincipal(aFilename, result);
}
//----------------------------------------------
// nsJAR private implementation
//----------------------------------------------
nsresult nsJAR::CreateInputStream(const char* aFilename, PRBool verify,
nsIInputStream** result)
{
nsresult rv;
nsJARInputStream* jis = nsnull;
rv = nsJARInputStream::Create(nsnull, NS_GET_IID(nsIInputStream), (void**)&jis);
if (!jis) return NS_ERROR_FAILURE;
rv = jis->Init(this, aFilename, verify);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
*result = (nsIInputStream*)jis;
return NS_OK;
}
nsresult
nsJAR::LoadEntry(const char* aFilename, char** aBuf, PRUint32* aBufLen)
{
//-- Get a stream for reading the manifest file
//-- Get a stream for reading the file
nsresult rv;
nsCOMPtr<nsIInputStream> manifestStream;
rv = CreateInputStream(aFilename, PR_FALSE, getter_AddRefs(manifestStream));
rv = GetInputStream(aFilename, getter_AddRefs(manifestStream));
if (NS_FAILED(rv)) return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
//-- Read the manifest file into memory
@ -437,8 +427,6 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
//-- Verification Step 1
if (mParsedManifest)
return NS_OK;
mParsedManifest = PR_TRUE;
//-- (1)Manifest (MF) file
nsresult rv;
nsCOMPtr<nsISimpleEnumerator> files;
@ -449,11 +437,21 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
//-- Load the file into memory
nsCOMPtr<nsJARItem> file;
rv = files->GetNext(getter_AddRefs(file));
if (NS_FAILED(rv) || !file) return rv;
if (NS_FAILED(rv)) return rv;
if (!file)
{
mGlobalStatus = nsIZipReader::NO_MANIFEST;
mParsedManifest = PR_TRUE;
return NS_OK;
}
PRBool more;
rv = files->HasMoreElements(&more);
if (NS_FAILED(rv)) return rv;
if (more) return NS_ERROR_FILE_CORRUPTED; // More than one MF file
if (NS_FAILED(rv)) return rv;
if (more)
{
mParsedManifest = PR_TRUE;
return NS_ERROR_FILE_CORRUPTED; // More than one MF file
}
nsXPIDLCString manifestFilename;
rv = file->GetName(getter_Copies(manifestFilename));
if (!manifestFilename || NS_FAILED(rv)) return rv;
@ -464,7 +462,6 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
//-- Parse it
rv = ParseOneFile(verifier, manifestBuffer, JAR_MF);
if (NS_FAILED(rv)) return rv;
DumpMetadata("PM Pass 1 End");
//-- (2)Signature (SF) file
// If there are multiple signatures, we select one.
@ -473,7 +470,13 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
if (NS_FAILED(rv)) return rv;
//-- Get an SF file
rv = files->GetNext(getter_AddRefs(file));
if (NS_FAILED(rv) || !file) return rv;
if (NS_FAILED(rv)) return rv;
if (!file)
{
mGlobalStatus = nsIZipReader::NO_MANIFEST;
mParsedManifest = PR_TRUE;
return NS_OK;
}
rv = file->GetName(getter_Copies(manifestFilename));
if (NS_FAILED(rv)) return rv;
@ -497,7 +500,12 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
nsCAutoString tempFilename(sigFilename); tempFilename.Append("RSA", 3);
rv = LoadEntry(tempFilename, getter_Copies(sigBuffer), &sigLen);
}
if (NS_FAILED(rv)) return rv;
if (NS_FAILED(rv))
{
mGlobalStatus = nsIZipReader::NO_MANIFEST;
mParsedManifest = PR_TRUE;
return NS_OK;
}
//-- Verify that the signature file is a valid signature of the SF file
PRInt32 verifyError;
@ -516,7 +524,7 @@ nsJAR::ParseManifest(nsISignatureVerifier* verifier)
// if ParseOneFile fails, then it has no effect, and we can safely
// continue to the next SF file, or return.
ParseOneFile(verifier, manifestBuffer, JAR_SF);
DumpMetadata("PM Pass 2 End");
mParsedManifest = PR_TRUE;
return NS_OK;
}
@ -701,46 +709,28 @@ nsJAR::ParseOneFile(nsISignatureVerifier* verifier,
} //ParseOneFile()
nsresult
nsJAR::VerifyEntry(const char* aEntryName, const char* aEntryData,
nsJAR::VerifyEntry(nsISignatureVerifier* verifier,
nsJARManifestItem* aManItem, const char* aEntryData,
PRUint32 aLen)
{
nsresult rv;
NS_WITH_SERVICE(nsISignatureVerifier, verifier, SIGNATURE_VERIFIER_PROGID, &rv);
if (NS_FAILED(rv)) return NS_OK; // No verifier available; just continue.
//-- Verification Step 2
// Check that verification is supported and step 1 has been done
if (!mParsedManifest)
ParseManifest(verifier);
NS_ASSERTION(mParsedManifest,
"Verification step 2 called before step 1 complete");
if (!mParsedManifest) return NS_ERROR_FAILURE;
//-- Get the manifest item
nsStringKey key(aEntryName);
nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key);
if (!manItem)
return NS_OK;
if (manItem->status == nsIZipReader::VALID)
if (aManItem->status == nsIZipReader::VALID)
{
if(!manItem->storedEntryDigest)
if(!aManItem->storedEntryDigest)
// No entry digests in manifest file. Entry is unsigned.
manItem->status = nsIZipReader::NOT_SIGNED;
aManItem->status = nsIZipReader::NOT_SIGNED;
else
{ //-- Calculate and compare digests
char* calculatedEntryDigest;
rv = CalculateDigest(verifier, aEntryData, aLen, &calculatedEntryDigest);
nsresult rv = CalculateDigest(verifier, aEntryData, aLen, &calculatedEntryDigest);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
if (PL_strcmp(manItem->storedEntryDigest, calculatedEntryDigest) != 0)
manItem->status = nsIZipReader::INVALID_ENTRY;
if (PL_strcmp(aManItem->storedEntryDigest, calculatedEntryDigest) != 0)
aManItem->status = nsIZipReader::INVALID_ENTRY;
JAR_NULLFREE(calculatedEntryDigest)
JAR_NULLFREE(manItem->storedEntryDigest)
JAR_NULLFREE(aManItem->storedEntryDigest)
}
}
if (NS_SUCCEEDED(rv))
manItem->step2Complete = PR_TRUE;
DumpMetadata("VerifyEntry end");
return rv;
aManItem->entryVerified = PR_TRUE;
return NS_OK;
}
void nsJAR::ReportError(const char* aFilename, PRInt16 errorCode)
@ -864,30 +854,8 @@ PrintManItem(nsHashKey* aKey, void* aData, void* closure)
{
nsStringKey* key2 = (nsStringKey*)aKey;
char* name = key2->GetString().ToNewCString();
if (PL_strcmp(name, "") != 0)
{
printf("------------\nName:%s.\n",name);
if (manItem->mPrincipal)
{
char* toStr;
char* caps;
manItem->mPrincipal->ToString(&toStr);
manItem->mPrincipal->CapabilitiesToString(&caps);
printf("Principal: %s.\n Caps: %s.\n", toStr, caps);
}
else
printf("No Principal.\n");
printf("step2Complete:%i.\n",manItem->step2Complete);
printf("valid:%i.\n",manItem->valid);
/*
for (PRInt32 x=0; x<JAR_DIGEST_COUNT; x++)
printf("calculated section digest:%s.\n",
manItem->calculatedSectionDigests[x]);
for (PRInt32 y=0; y<JAR_DIGEST_COUNT; y++)
printf("stored entry digest:%s.\n",
manItem->storedEntryDigests[y]);
*/
}
if (!(PL_strcmp(name, "") == 0))
printf("%s s=%i\n",name, manItem->status);
}
return PR_TRUE;
}
@ -897,8 +865,17 @@ void nsJAR::DumpMetadata(const char* aMessage)
{
#if 0
printf("### nsJAR::DumpMetadata at %s ###\n", aMessage);
if (mPrincipal)
{
char* toStr;
mPrincipal->ToString(&toStr);
printf("Principal: %s.\n", toStr);
PR_FREEIF(toStr);
}
else
printf("No Principal. \n");
mManifestData.Enumerate(PrintManItem);
printf("######## nsJAR::DumpMetadata End ############\n");
printf("\n");
#endif
}
@ -1120,8 +1097,8 @@ NS_IMPL_THREADSAFE_ISUPPORTS1(nsZipReaderCache, nsIZipReaderCache)
nsZipReaderCache::nsZipReaderCache()
: mLock(nsnull),
mZips((nsHashtableCloneElementFunc)nsZipCacheEntry::Clone, nsnull, nsZipCacheEntry::Delete, nsnull),
mFreeCount(0),
mFreeList(nsnull)
mFreeList(nsnull),
mFreeCount(0)
{
NS_INIT_REFCNT();
}

6
mozilla/modules/libjar/nsJAR.h
View File

@ -55,6 +55,7 @@
#include "nsISignatureVerifier.h"
class nsIInputStream;
class nsJARManifestItem;
/*-------------------------------------------------------------------------
* Class nsJAR declaration.
@ -92,14 +93,13 @@ class nsJAR : public nsIZipReader
//-- Private functions
nsresult ParseManifest(nsISignatureVerifier* verifier);
void ReportError(const char* aFilename, PRInt16 errorCode);
nsresult CreateInputStream(const char* aFilename, PRBool verify,
nsIInputStream** result);
nsresult LoadEntry(const char* aFilename, char** aBuf,
PRUint32* aBufLen = nsnull);
PRInt32 ReadLine(const char** src);
nsresult ParseOneFile(nsISignatureVerifier* verifier,
const char* filebuf, PRInt16 aFileType);
nsresult VerifyEntry(const char* aEntryName, const char* aEntryData,
nsresult VerifyEntry(nsISignatureVerifier* verifier,
nsJARManifestItem* aEntry, const char* aEntryData,
PRUint32 aLen);
nsresult RestoreModTime(nsZipItem *aItem, nsIFile *aExtractedFile);

56
mozilla/modules/libjar/nsJARChannel.cpp
View File

@ -820,33 +820,6 @@ nsJARChannel::SetLoadGroup(nsILoadGroup* aLoadGroup)
NS_IMETHODIMP
nsJARChannel::GetOwner(nsISupports* *aOwner)
{
if (!mOwner)
{
nsCOMPtr<nsIPrincipal> certificate;
nsresult rv = mJAR->GetCertificatePrincipal(mJAREntry,
getter_AddRefs(certificate));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
if (certificate)
{ // Get the codebase principal
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
kScriptSecurityManagerCID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJARBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg;
agg = do_QueryInterface(certificate, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv),
"Certificate principal is not an aggregate");
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
if (NS_FAILED(rv)) return rv;
}
}
*aOwner = mOwner;
NS_IF_ADDREF(*aOwner);
return NS_OK;
@ -968,6 +941,31 @@ nsJARChannel::Open(char* *contentType, PRInt32 *contentLength)
rv = GetContentType(contentType);
if (NS_FAILED(rv)) return rv;
}
//-- Verify signature, if one is present, and set owner accordingly
nsCOMPtr<nsIPrincipal> certificate;
rv = mJAR->GetCertificatePrincipal(mJAREntry,
getter_AddRefs(certificate));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
if (certificate)
{ // Get the codebase principal
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
kScriptSecurityManagerCID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJARBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg;
agg = do_QueryInterface(certificate, &rv);
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
if (NS_FAILED(rv)) return rv;
}
return rv;
}
@ -980,7 +978,6 @@ nsJARChannel::Close(nsresult status)
nsCOMPtr<nsIZipReaderCache> jarCache;
rv = mJARProtocolHandler->GetJARCache(getter_AddRefs(jarCache));
if (NS_FAILED(rv)) return rv;
rv = jarCache->ReleaseZip(mJAR);
if (NS_FAILED(rv)) return rv;
@ -997,7 +994,8 @@ nsJARChannel::GetInputStream(nsIInputStream* *aInputStream)
PR_LOG(gJarProtocolLog, PR_LOG_DEBUG,
("nsJarProtocol: GetInputStream jar entry %s", (const char*)jarURLStr));
#endif
return mJAR->GetInputStream(mJAREntry, aInputStream);
NS_ENSURE_TRUE(mJAR, NS_ERROR_NULL_POINTER);
return mJAR->GetInputStream(mJAREntry, aInputStream);
}
NS_IMETHODIMP

7
mozilla/modules/libjar/nsJARInputStream.cpp
View File

@ -70,7 +70,7 @@ nsJARInputStream::Close()
}
nsresult
nsJARInputStream::Init(nsJAR* aJAR, const char* aFilename, PRBool verify)
nsJARInputStream::Init(nsJAR* aJAR, const char* aFilename)
{
if (!aFilename)
return NS_ERROR_NULL_POINTER;
@ -82,11 +82,6 @@ nsJARInputStream::Init(nsJAR* aJAR, const char* aFilename, PRBool verify)
result = Zip()->ReadInit(mEntryName, &mReadInfo);
if (result != ZIP_OK)
return NS_ERROR_FAILURE;
// Pass the file (already in memory) on to the signature verifier
if (verify)
return aJAR->VerifyEntry(mEntryName, mReadInfo->mFileBuffer,
mReadInfo->mItem->realsize);
return NS_OK;
}

2
mozilla/modules/libjar/nsJARInputStream.h
View File

@ -56,7 +56,7 @@ class nsJARInputStream : public nsIInputStream
Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult);
nsresult
Init(nsJAR* jar, const char* aFilename, PRBool verify);
Init(nsJAR* jar, const char* aFilename);
protected:
nsZipArchive* Zip() { return &mJAR->mZip; }

2
mozilla/modules/libjar/nsJARURI.cpp
View File

@ -132,6 +132,8 @@ nsJARURI::SetSpec(const char * aSpec)
nsCAutoString entry(aSpec);
entry.Cut(0, pos + 2); // 2 == strlen(NS_JAR_DELIMITER)
while (entry.CharAt(0) == '/')
entry.Cut(0,1); // Strip any additional leading slashes from entry path
rv = serv->ResolveRelativePath(entry, nsnull, &mJAREntry);
return rv;

11
mozilla/modules/libpref/public/nsIPref.idl
View File

@ -123,7 +123,16 @@ interface nsIPref : nsISupports {
nsIFileSpec GetFilePref(in string pref);
void SetFilePref(in string pref, in nsIFileSpec value, in boolean setDefault);
/* Security Prefs Access
These are here to support nsScriptSecurityManager and are insecure if used elsewhere.
Please do not call these functions from elsewhere.
*/
[noscript] boolean GetSecBoolPref(in string pref);
[noscript] string CopySecCharPref(in string pref);
[noscript] void SetSecCharPref(in string pref, in string value);
[noscript] void ClearSecUserPref(in string pref_name);
/* pref attributes */
boolean PrefIsLocked(in string pref);

27
mozilla/modules/libpref/src/nsPref.cpp
View File

@ -1042,6 +1042,33 @@ NS_IMETHODIMP nsPref::SetFilePref(const char *pref_name,
return _convertRes(rv);
}
/*
* Pref access without security check - these are here to support nsScriptSecurityManager.
* Please don't call them from elsewhere.
*/
NS_IMETHODIMP nsPref::GetSecBoolPref(const char *pref, PRBool * return_val)
{
return _convertRes(PREF_GetBoolPref(pref, return_val, PR_FALSE));
}
NS_IMETHODIMP nsPref::CopySecCharPref(const char *pref, char ** return_buf)
{
#if defined(DEBUG_tao_)
checkPref("CopyCharPref", pref);
#endif
return _convertRes(PREF_CopyCharPref(pref, return_buf, PR_FALSE));
}
NS_IMETHODIMP nsPref::SetSecCharPref(const char *pref,const char* value)
{
return _convertRes(PREF_SetCharPref(pref, value));
}
NS_IMETHODIMP nsPref::ClearSecUserPref(const char *pref_name)
{
return _convertRes(PREF_ClearUserPref(pref_name));
}
/*
* Pref info
*/

10
mozilla/netwerk/base/src/nsIOService.cpp
View File

@ -330,9 +330,13 @@ nsIOService::ResolveRelativePath(const char *relativePath, const char* basePath,
{
nsCAutoString name;
nsCAutoString path(basePath);
PRUnichar last = path.Last();
PRBool needsDelim = !(last == '/' || last == '\\' || last == '\0');
PRBool needsDelim = PR_FALSE;
if (path.Length() > 0)
{
PRUnichar last = path.Last();
needsDelim = !(last == '/' || last == '\\' || last == '\0');
}
PRBool end = PR_FALSE;
char c;

56
mozilla/netwerk/protocol/jar/src/nsJARChannel.cpp
View File

@ -820,33 +820,6 @@ nsJARChannel::SetLoadGroup(nsILoadGroup* aLoadGroup)
NS_IMETHODIMP
nsJARChannel::GetOwner(nsISupports* *aOwner)
{
if (!mOwner)
{
nsCOMPtr<nsIPrincipal> certificate;
nsresult rv = mJAR->GetCertificatePrincipal(mJAREntry,
getter_AddRefs(certificate));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
if (certificate)
{ // Get the codebase principal
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
kScriptSecurityManagerCID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJARBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg;
agg = do_QueryInterface(certificate, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv),
"Certificate principal is not an aggregate");
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
if (NS_FAILED(rv)) return rv;
}
}
*aOwner = mOwner;
NS_IF_ADDREF(*aOwner);
return NS_OK;
@ -968,6 +941,31 @@ nsJARChannel::Open(char* *contentType, PRInt32 *contentLength)
rv = GetContentType(contentType);
if (NS_FAILED(rv)) return rv;
}
//-- Verify signature, if one is present, and set owner accordingly
nsCOMPtr<nsIPrincipal> certificate;
rv = mJAR->GetCertificatePrincipal(mJAREntry,
getter_AddRefs(certificate));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
if (certificate)
{ // Get the codebase principal
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
kScriptSecurityManagerCID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> codebase;
rv = secMan->GetCodebasePrincipal(mJARBaseURI,
getter_AddRefs(codebase));
if (NS_FAILED(rv)) return rv;
// Join the certificate and the codebase
nsCOMPtr<nsIAggregatePrincipal> agg;
agg = do_QueryInterface(certificate, &rv);
rv = agg->SetCodebase(codebase);
if (NS_FAILED(rv)) return rv;
mOwner = do_QueryInterface(agg, &rv);
if (NS_FAILED(rv)) return rv;
}
return rv;
}
@ -980,7 +978,6 @@ nsJARChannel::Close(nsresult status)
nsCOMPtr<nsIZipReaderCache> jarCache;
rv = mJARProtocolHandler->GetJARCache(getter_AddRefs(jarCache));
if (NS_FAILED(rv)) return rv;
rv = jarCache->ReleaseZip(mJAR);
if (NS_FAILED(rv)) return rv;
@ -997,7 +994,8 @@ nsJARChannel::GetInputStream(nsIInputStream* *aInputStream)
PR_LOG(gJarProtocolLog, PR_LOG_DEBUG,
("nsJarProtocol: GetInputStream jar entry %s", (const char*)jarURLStr));
#endif
return mJAR->GetInputStream(mJAREntry, aInputStream);
NS_ENSURE_TRUE(mJAR, NS_ERROR_NULL_POINTER);
return mJAR->GetInputStream(mJAREntry, aInputStream);
}
NS_IMETHODIMP

2
mozilla/netwerk/protocol/jar/src/nsJARURI.cpp
View File

@ -132,6 +132,8 @@ nsJARURI::SetSpec(const char * aSpec)
nsCAutoString entry(aSpec);
entry.Cut(0, pos + 2); // 2 == strlen(NS_JAR_DELIMITER)
while (entry.CharAt(0) == '/')
entry.Cut(0,1); // Strip any additional leading slashes from entry path
rv = serv->ResolveRelativePath(entry, nsnull, &mJAREntry);
return rv;