Bug 159484 - do not get/set passwords for URLs with no host. r=morse, sr=dveditz.

git-svn-id: svn://10.0.0.236/branches/NETSCAPE_6_2_3_BRANCH@126096 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/build/mac/build_scripts/MozillaCheckoutList.txt

@@ -7,12 +7,12 @@
 #   mozilla/gc, , 10/25/2000 12:00:00
 #
 
-mozilla/nsprpub,        NETSCAPE_6_2_2_BRANCH
-mozilla/security/nss,   NETSCAPE_6_2_2_BRANCH
-mozilla/security/manager, NETSCAPE_6_2_2_BRANCH
-mozilla/accessible, NETSCAPE_6_2_2_BRANCH
-DirectorySDKSourceC,    NETSCAPE_6_2_2_BRANCH
-mozilla/lib/mac/Instrumentation, NETSCAPE_6_2_2_BRANCH
-mozilla/gfx2, NETSCAPE_6_2_2_BRANCH
-mozilla/modules/libpr0n, NETSCAPE_6_2_2_BRANCH
-SeaMonkeyAll, NETSCAPE_6_2_2_BRANCH
+mozilla/nsprpub,        NETSCAPE_6_2_3_BRANCH
+mozilla/security/nss,   NETSCAPE_6_2_3_BRANCH
+mozilla/security/manager, NETSCAPE_6_2_3_BRANCH
+mozilla/accessible, NETSCAPE_6_2_3_BRANCH
+DirectorySDKSourceC,    NETSCAPE_6_2_3_BRANCH
+mozilla/lib/mac/Instrumentation, NETSCAPE_6_2_3_BRANCH
+mozilla/gfx2, NETSCAPE_6_2_3_BRANCH
+mozilla/modules/libpr0n, NETSCAPE_6_2_3_BRANCH
+SeaMonkeyAll, NETSCAPE_6_2_3_BRANCH

mozilla/caps/idl/nsIAggregatePrincipal.idl

@@ -34,7 +34,9 @@ interface nsIAggregatePrincipal : nsISupports {
 
     attribute nsIPrincipal certificate;
     attribute nsIPrincipal codebase;
+    readonly attribute nsIPrincipal originalCodebase;
     readonly attribute nsIPrincipal primaryChild;
 
     void intersect(in nsIPrincipal other);
+    boolean wasCodebaseChanged();
 };

mozilla/caps/idl/nsIScriptSecurityManager.idl

@@ -183,6 +183,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
      */
     [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
                                                in JSObjectPtr obj);
+
+    /**
+     * Returns OK if aJSContext and target have the same "origin"
+     * (scheme, host, and port).
+     */
+    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
+                                    in nsIURI aTargetURI);
 };
 
 %{C++

mozilla/caps/include/nsAggregatePrincipal.h

@@ -94,6 +94,8 @@ public:
 protected:
     nsCOMPtr<nsIPrincipal> mCertificate;
     nsCOMPtr<nsIPrincipal> mCodebase;
+    nsCOMPtr<nsIPrincipal> mOriginalCodebase;
+    PRBool mCodebaseWasChanged;
 };
 
 #endif // _NS_AGGREGATE_PRINCIPAL_H_

mozilla/caps/include/nsScriptSecurityManager.h

@@ -126,8 +126,9 @@ private:
                             const char* aProperty, void** aPolicy);
 
     nsresult
-    CheckSameOrigin(JSContext* aCx, nsIPrincipal* aSubject, 
-                    nsIPrincipal* aObject, PRUint32 aAction);
+    CheckSameOriginInternal(nsIPrincipal* aSubject, 
+                            nsIPrincipal* aObject, PRUint32 aAction,
+                            PRBool checkForPrivileges);
     
     PRInt32 
     GetSecurityLevel(nsIPrincipal *principal,

mozilla/caps/src/nsAggregatePrincipal.cpp

@@ -170,27 +170,44 @@ NS_IMETHODIMP
 nsAggregatePrincipal::SetCodebase(nsIPrincipal* aCodebase)
 {
     nsresult rv;
-    //-- Make sure this really is a codebase principal
-    if (aCodebase)
+    nsCOMPtr<nsIPrincipal> newCodebase(aCodebase);
+
+    //-- If newCodebase is an aggregate, get its underlying codebase
+    nsCOMPtr<nsIAggregatePrincipal> agg = 
+        do_QueryInterface(newCodebase, &rv);
+    if (NS_SUCCEEDED(rv))
     {
+        rv = agg->GetCodebase(getter_AddRefs(newCodebase));
+        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
+    }
+    else
+    { //-- Make sure this really is a codebase principal
         nsCOMPtr<nsICodebasePrincipal> tempCodebase = 
-            do_QueryInterface(aCodebase, &rv);
+            do_QueryInterface(newCodebase, &rv);
         if (NS_FAILED(rv))
             return NS_ERROR_FAILURE;
     }
 
-    //-- If aCodebase is an aggregate, get its underlying codebase
-    nsCOMPtr<nsIAggregatePrincipal> agg = 
-        do_QueryInterface(aCodebase, &rv);
-    if (NS_SUCCEEDED(rv))
-    {
-        nsCOMPtr<nsIPrincipal> underlying;
-        rv = agg->GetCodebase(getter_AddRefs(underlying));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        mCodebase = underlying.get();
-    }
+    mCodebase = newCodebase;
+
+    //-- If this is the first codebase set, remember it.
+    //   If not, remember that the codebase was explicitly set
+    if (!mOriginalCodebase)
+        mOriginalCodebase = newCodebase;
     else
-        mCodebase = aCodebase;
+        mCodebaseWasChanged = PR_TRUE;
+
+    return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsAggregatePrincipal::GetOriginalCodebase(nsIPrincipal** aOriginalCodebase)
+{
+    NS_ENSURE_ARG_POINTER(aOriginalCodebase);
+
+    *aOriginalCodebase = mOriginalCodebase;
+    NS_IF_ADDREF(*aOriginalCodebase);
+
     return NS_OK;
 }
 
@@ -229,6 +246,13 @@ nsAggregatePrincipal::Intersect(nsIPrincipal* other)
     return NS_OK;
 }
 
+NS_IMETHODIMP 
+nsAggregatePrincipal::WasCodebaseChanged(PRBool* changed)
+{
+    *changed = mCodebaseWasChanged;
+    return NS_OK;
+}
+
 ///////////////////////////////////////
 // Methods implementing nsIPrincipal //
 ///////////////////////////////////////
@@ -403,7 +427,7 @@ nsAggregatePrincipal::Write(nsIObjectOutputStream* aStream)
 // Constructor, Destructor, initialization //
 /////////////////////////////////////////////
 
-nsAggregatePrincipal::nsAggregatePrincipal() 
+nsAggregatePrincipal::nsAggregatePrincipal() : mCodebaseWasChanged(PR_FALSE)
 {
     NS_INIT_ISUPPORTS();
 }

mozilla/caps/src/nsScriptSecurityManager.cpp

@@ -204,6 +204,55 @@ nsScriptSecurityManager::CheckConnect(JSContext* aJSContext,
                                    nsnull, nsnull, aClassName, aPropertyName, nsnull);
 }
 
+NS_IMETHODIMP
+nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
+                                         nsIURI* aTargetURI)
+{
+    nsresult rv;
+
+    // Get a context if necessary
+    if (!cx)
+    {
+        cx = GetCurrentContextQuick();
+        if (!cx)
+            return NS_OK; // No JS context, so allow access
+    }
+
+    // Get a principal from the context
+    nsCOMPtr<nsIPrincipal> sourcePrincipal;
+    rv = GetSubjectPrincipal(cx, getter_AddRefs(sourcePrincipal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    PRBool equals;
+    if (!sourcePrincipal ||
+        NS_SUCCEEDED(sourcePrincipal->Equals(mSystemPrincipal, &equals))
+                     && equals)
+        // We have native code or the system principal, so allow access
+        return NS_OK;
+
+    // Get the original URI from the source principal.
+    // This has the effect of ignoring any change to document.domain
+    // which must be done to avoid DNS spoofing (bug 154930)
+    nsCOMPtr<nsIAggregatePrincipal> sourceAgg(do_QueryInterface(sourcePrincipal, &rv));
+    NS_ENSURE_SUCCESS(rv, rv); // If it's not a system principal, it must be an aggregate
+    nsCOMPtr<nsIPrincipal> sourceOriginal;
+    rv = sourceAgg->GetOriginalCodebase(getter_AddRefs(sourceOriginal));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // Create a principal from the target URI
+    // XXX factor out the Equals function so this isn't necessary
+    nsCOMPtr<nsIPrincipal> targetPrincipal;
+    rv = GetCodebasePrincipal(aTargetURI, getter_AddRefs(targetPrincipal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    // Compare origins
+    return CheckSameOriginInternal(sourceOriginal, targetPrincipal,
+                                   0, PR_FALSE /* do not check for privileges */);
+}
+
+
 nsresult
 nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                                                  nsIXPCNativeCallContext* aCallContext,
@@ -316,8 +365,8 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
                 rv = NS_ERROR_DOM_SECURITY_ERR;
                 break;
             }
-            rv = CheckSameOrigin(aJSContext, subjectPrincipal, objectPrincipal,
-                                 aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
+            rv = CheckSameOriginInternal(subjectPrincipal, objectPrincipal,
+                                         aAction, PR_TRUE /* check for privileges */);
 
             break;
         }
@@ -449,9 +498,12 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
 }
 
 nsresult
-nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
-                                         nsIPrincipal* aObject, PRUint32 aAction)
+nsScriptSecurityManager::CheckSameOriginInternal(nsIPrincipal* aSubject,
+                                                 nsIPrincipal* aObject,
+                                                 PRUint32 aAction,
+                                                 PRBool checkForPrivileges)
 {
+    nsresult rv;
     /*
     ** Get origin of subject and object and compare.
     */
@@ -463,7 +515,25 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
         return NS_ERROR_FAILURE;
 
     if (isSameOrigin)
-        return NS_OK;
+    {   // If either the subject or the object has changed its principal by
+        // explicitly setting document.domain then the other must also have
+        // done so in order to be considered the same origin. This prevents
+        // DNS spoofing based on document.domain (154930)
+        nsCOMPtr<nsIAggregatePrincipal> subjectAgg(do_QueryInterface(aSubject, &rv));
+        NS_ENSURE_SUCCESS(rv, rv);
+        PRBool subjectSetDomain = PR_FALSE;
+        subjectAgg->WasCodebaseChanged(&subjectSetDomain);
+
+        nsCOMPtr<nsIAggregatePrincipal> objectAgg(do_QueryInterface(aObject, &rv));
+        NS_ENSURE_SUCCESS(rv, rv);
+        PRBool objectSetDomain = PR_FALSE;
+        objectAgg->WasCodebaseChanged(&objectSetDomain);
+
+        // If both or neither explicitly set their domain, allow the access
+        if (!(subjectSetDomain || objectSetDomain) ||
+            (subjectSetDomain && objectSetDomain))
+            return NS_OK;
+    }
 
     // Allow access to about:blank
     nsCOMPtr<nsICodebasePrincipal> objectCodebase(do_QueryInterface(aObject));
@@ -476,19 +546,21 @@ nsScriptSecurityManager::CheckSameOrigin(JSContext *aCx, nsIPrincipal* aSubject,
             return NS_OK;
     }
 
-    /*
-    ** If we failed the origin tests it still might be the case that we
-    ** are a signed script and have permissions to do this operation.
-    ** Check for that here
-    */
-    PRBool capabilityEnabled = PR_FALSE;
-    const char* cap = aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY ?
-                      "UniversalBrowserWrite" : "UniversalBrowserRead";
-    if (NS_FAILED(IsCapabilityEnabled(cap, &capabilityEnabled)))
-        return NS_ERROR_FAILURE;
-    if (capabilityEnabled)
-        return NS_OK;
-
+    if (checkForPrivileges)
+    {
+        /*
+        ** If we failed the origin tests it still might be the case that we
+        ** are a signed script and have permissions to do this operation.
+        ** Check for that here
+        */
+        PRBool capabilityEnabled = PR_FALSE;
+        const char* cap = aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY ?
+                          "UniversalBrowserWrite" : "UniversalBrowserRead";
+        if (NS_FAILED(IsCapabilityEnabled(cap, &capabilityEnabled)))
+            return NS_ERROR_FAILURE;
+        if (capabilityEnabled)
+            return NS_OK;
+        }
     /*
     ** Access tests failed, so now report error.
     */

mozilla/client.mak

@@ -40,14 +40,14 @@ MOZ_OBJDIR = WIN32_O.OBJ
 #// Figure out how to do the pull.
 #//------------------------------------------------------------------------
 # uncomment these, modify branch tag, and check in to branch for milestones
-MOZ_BRANCH=NETSCAPE_6_2_2_BRANCH
-NSPR_CO_TAG=NETSCAPE_6_2_2_BRANCH
-PSM_CO_TAG=NETSCAPE_6_2_2_BRANCH
-NSS_CO_TAG=NETSCAPE_6_2_2_BRANCH
-LDAPCSDK_CO_TAG=NETSCAPE_6_2_2_BRANCH
-ACCESSIBLE_CO_TAG=NETSCAPE_6_2_2_BRANCH
-IMGLIB2_CO_TAG=NETSCAPE_6_2_2_BRANCH
-GFX2_CO_TAG=NETSCAPE_6_2_2_BRANCH
+MOZ_BRANCH=NETSCAPE_6_2_3_BRANCH
+NSPR_CO_TAG=NETSCAPE_6_2_3_BRANCH
+PSM_CO_TAG=NETSCAPE_6_2_3_BRANCH
+NSS_CO_TAG=NETSCAPE_6_2_3_BRANCH
+LDAPCSDK_CO_TAG=NETSCAPE_6_2_3_BRANCH
+ACCESSIBLE_CO_TAG=NETSCAPE_6_2_3_BRANCH
+IMGLIB2_CO_TAG=NETSCAPE_6_2_3_BRANCH
+GFX2_CO_TAG=NETSCAPE_6_2_3_BRANCH
 
 
 !ifdef MOZ_BRANCH

mozilla/client.mk

@@ -52,14 +52,14 @@
 #
 # For branches, uncomment the MOZ_CO_TAG line with the proper tag,
 # and commit this file on that tag.
-MOZ_CO_TAG = NETSCAPE_6_2_2_BRANCH
-NSPR_CO_TAG = NETSCAPE_6_2_2_BRANCH
-PSM_CO_TAG = NETSCAPE_6_2_2_BRANCH
-NSS_CO_TAG = NETSCAPE_6_2_2_BRANCH
-LDAPCSDK_CO_TAG = NETSCAPE_6_2_2_BRANCH
-ACCESSIBLE_CO_TAG = NETSCAPE_6_2_2_BRANCH
-GFX2_CO_TAG = NETSCAPE_6_2_2_BRANCH
-IMGLIB2_CO_TAG = NETSCAPE_6_2_2_BRANCH
+MOZ_CO_TAG = NETSCAPE_6_2_3_BRANCH
+NSPR_CO_TAG = NETSCAPE_6_2_3_BRANCH
+PSM_CO_TAG = NETSCAPE_6_2_3_BRANCH
+NSS_CO_TAG = NETSCAPE_6_2_3_BRANCH
+LDAPCSDK_CO_TAG = NETSCAPE_6_2_3_BRANCH
+ACCESSIBLE_CO_TAG = NETSCAPE_6_2_3_BRANCH
+GFX2_CO_TAG = NETSCAPE_6_2_3_BRANCH
+IMGLIB2_CO_TAG = NETSCAPE_6_2_3_BRANCH
 BUILD_MODULES = all
 
 #######################################################################

mozilla/content/xml/document/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= layout
 LIBRARY_NAME	= gkconxmldoc_s
-REQUIRES	= xpcom string js dom widget caps htmlparser necko view docshell webshell uriloader pref xpconnect uconv chardet lwbrk exthandler mimetype
+REQUIRES	= xpcom string js dom widget caps htmlparser necko view docshell webshell uriloader pref xpconnect uconv chardet lwbrk exthandler mimetype windowwatcher
 
 CPPSRCS		= \
 		nsXMLContentSink.cpp \

mozilla/content/xml/document/src/nsXMLDocument.cpp

@@ -75,6 +75,8 @@
 #include "nsContentCID.h"
 #include "nsDOMAttribute.h"
 #include "nsGUIEvent.h"
+#include "nsIWindowWatcher.h"
+#include "nsIAuthPrompt.h"
 
 #include "nsCExternalHandlerService.h"
 #include "nsIMIMEService.h"
@@ -183,7 +185,7 @@ NS_NewXMLDocument(nsIDocument** aInstancePtrResult)
 
 nsXMLDocument::nsXMLDocument() 
   : mAttrStyleSheet(nsnull), mInlineStyleSheet(nsnull), 
-    mParser(nsnull)
+    mParser(nsnull), mCrossSiteAccessEnabled(PR_FALSE)
 {
 }
 
@@ -256,35 +258,72 @@ nsXMLDocument::GetContentType(nsAWritableString& aContentType) const
 NS_IMETHODIMP
 nsXMLDocument::GetInterface(const nsIID& aIID, void** aSink)
 {
-  // Since we implement all the interfaces that you can get with
-  // GetInterface() we can simply call QueryInterface() here and let
-  // it do all the work.
+  if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
+    NS_ENSURE_ARG_POINTER(aSink);
+    *aSink = nsnull;
+
+    nsresult rv;
+    nsCOMPtr<nsIWindowWatcher> ww(do_GetService("@mozilla.org/embedcomp/window-watcher;1", &rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIAuthPrompt> prompt;
+    rv = ww->GetNewAuthPrompter(nsnull, getter_AddRefs(prompt));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsIAuthPrompt *p = prompt.get();
+    NS_ADDREF(p);
+    *aSink = p;
+    return NS_OK;
+  }
+
 
   return QueryInterface(aIID, aSink);
 }
 
-
 // nsIHttpEventSink
 NS_IMETHODIMP
 nsXMLDocument::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
 {
+  NS_ENSURE_ARG_POINTER(aNewChannel);
+
   nsresult rv;
 
-  nsCOMPtr<nsIScriptSecurityManager> securityManager = 
+  nsCOMPtr<nsIScriptSecurityManager> secMan = 
            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
 
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
-  nsCOMPtr<nsIURI> newLocation;
+  nsCOMPtr<nsIURI> newLocation; // The redirected URI
   rv = aNewChannel->GetURI(getter_AddRefs(newLocation));
 
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
+  if (mScriptContext && !mCrossSiteAccessEnabled) {
+    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    JSContext *cx = (JSContext *)mScriptContext->GetNativeContext();
+    if (!cx)
+      return NS_ERROR_UNEXPECTED;
+
+    stack->Push(cx);
+
+    rv = secMan->CheckSameOrigin(nsnull, newLocation);
+
+    stack->Pop(&cx);
+  
+    if (NS_FAILED(rv))
+      return rv;
+  }
+
   nsCOMPtr<nsIPrincipal> newCodebase;
-  rv = securityManager->GetCodebasePrincipal(newLocation,
-                                             getter_AddRefs(newCodebase));
+  rv = secMan->GetCodebasePrincipal(newLocation,
+                                    getter_AddRefs(newCodebase));
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
@@ -322,6 +361,25 @@ nsXMLDocument::Load(const nsAReadableString& aUrl)
   SetBaseURL(uri);
   mBaseTarget.Truncate();
 
+
+  // Store script context, if any, in case we encounter redirect (because we need it there)
+  nsCOMPtr<nsIJSContextStack> stack =
+    do_GetService("@mozilla.org/js/xpc/ContextStack;1");
+  if (stack) {
+    JSContext *cx;
+    if (NS_SUCCEEDED(stack->Peek(&cx)) && cx) {
+      nsISupports *priv = (nsISupports *)::JS_GetContextPrivate(cx);
+      if (priv) {
+        priv->QueryInterface(NS_GET_IID(nsIScriptContext), getter_AddRefs(mScriptContext));        
+      }
+    }
+  }
+
+  // Find out if UniversalBrowserRead privileges are enabled - we will need this
+  // in case of a redirect
+  rv = secMan->IsCapabilityEnabled("UniversalBrowserRead", &mCrossSiteAccessEnabled);
+  if (NS_FAILED(rv)) return rv;
+
   // Create a channel
   rv = NS_OpenURI(getter_AddRefs(channel), uri, nsnull, nsnull, this);
   if (NS_FAILED(rv)) return rv;

mozilla/content/xml/document/src/nsXMLDocument.h

@@ -28,6 +28,7 @@
 #include "nsIHTMLContentContainer.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIHttpEventSink.h"
+#include "nsIScriptContext.h"
 
 class nsIParser;
 class nsIDOMNode;
@@ -114,6 +115,9 @@ protected:
   nsString mBaseTarget;
 
   nsIParser *mParser;
+
+  nsCOMPtr<nsIScriptContext> mScriptContext;
+  PRBool mCrossSiteAccessEnabled;
 };
 
 

mozilla/extensions/cookie/nsCookies.cpp

@@ -34,6 +34,7 @@
 #include "nsIPref.h"
 #include "nsTextFormatter.h"
 #include "nsAppDirectoryServiceDefs.h"
+#include "nsNetUtil.h"
 
 #define MAX_NUMBER_OF_COOKIES 300
 #define MAX_COOKIES_PER_SERVER 20
@@ -455,6 +456,20 @@ COOKIE_GetCookie(char * address) {
      isSecure = PR_TRUE;
   }
 
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to get a cookie for,
+     so we must not attempt to get cookies (bug 152725)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult secResult = NS_NewURI(getter_AddRefs(uri),
+                                 address, nsnull);
+  if (NS_FAILED(secResult))
+      return nsnull;
+  nsXPIDLCString tempHost;
+  secResult = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(secResult))
+      return nsnull;
+
   /* search for all cookies */
   if (cookie_list == nsnull) {
     return NULL;
@@ -710,6 +725,20 @@ cookie_SetCookieString(char * curURL, nsIPrompt *aPrompter, const char * setCook
     return;
   }
 
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to set a cookie on,
+     so we must not attempt to set cookies (bug 152725)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult secResult = NS_NewURI(getter_AddRefs(uri),
+                                 curURL, nsnull);
+  if (NS_FAILED(secResult))
+      return;
+  nsXPIDLCString tempHost;
+  secResult = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(secResult))
+      return;
+
 //printf("\nSetCookieString(URL '%s', header '%s') time %d == %s\n",curURL,setCookieHeader,timeToExpire,asctime(gmtime(&timeToExpire)));
   if(cookie_GetLifetimePref() == COOKIE_Discard) {
     if(cookie_GetLifetimeTime() < timeToExpire) {

mozilla/extensions/wallet/src/singsign.cpp

@@ -2041,6 +2041,24 @@ SINGSIGN_RememberSignonData
   nsXPIDLCString strippedRealm;
   nsCOMPtr<nsIIOService> ioService = do_GetService(NS_IOSERVICE_CONTRACTID);
   if (!ioService) return;
+
+
+  /* Hacky security check: If address is of a scheme that
+     doesn't support hostnames, we have no host to get the signon data from,
+     so we must not attempt to restore the signon data (bug 159484)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult result = ioService->NewURI(passwordRealm,
+                                      nsnull, getter_AddRefs(uri));
+  if (NS_FAILED(result)) {
+      return;
+  }
+  nsXPIDLCString tempHost;
+  result = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(result)) {
+      return;
+  }
+
   ioService->ExtractUrlPart(passwordRealm, nsIIOService::url_Host, 0, 0, getter_Copies(strippedRealm));
   if (strippedRealm) {
     si_RememberSignonData(dialog, strippedRealm, signonData, window);
@@ -2156,6 +2174,24 @@ SINGSIGN_RestoreSignonData(nsIPrompt* dialog, const char* passwordRealm, const P
   nsXPIDLCString strippedRealm;
   nsCOMPtr<nsIIOService> ioService = do_GetService(NS_IOSERVICE_CONTRACTID);
   if (!ioService) return;
+
+
+  /* Hacky security check: If address is of a scheme that
+      doesn't support hostnames, we have no host to get the signon data from,
+      so we must not attempt to restore the signon data (bug 159484)
+  */
+  nsCOMPtr<nsIURI> uri;
+  nsresult result = ioService->NewURI(passwordRealm,
+                                      nsnull, getter_AddRefs(uri));
+  if (NS_FAILED(result)) {
+      return;
+  }
+  nsXPIDLCString tempHost;
+  result = uri->GetHost(getter_Copies(tempHost));
+  if (NS_FAILED(result)) {
+      return;
+  }
+
   ioService->ExtractUrlPart(passwordRealm, nsIIOService::url_Host, 0, 0, getter_Copies(strippedRealm));
   si_RestoreSignonData(dialog, strippedRealm, name, value, elementNumber);
 }

mozilla/extensions/xmlextras/base/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= xmlextras
 LIBRARY_NAME	= xmlextrasbase_s
-REQUIRES	= xpcom string dom js layout widget caps uconv necko docshell xpconnect webbrwsr
+REQUIRES	= xpcom string dom js layout widget caps uconv necko docshell xpconnect webbrwsr windowwatcher
 
 CPPSRCS	= 				\
 		nsDOMSerializer.cpp	\

mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp

@@ -60,6 +60,8 @@
 #include "nsIDOMElement.h"
 #include "nsIParser.h"
 #include "nsLoadListenerProxy.h"
+#include "nsIWindowWatcher.h"
+#include "nsIAuthPrompt.h"
 
 static const char* kLoadAsData = "loadAsData";
 #define LOADSTR NS_LITERAL_STRING("load")
@@ -117,6 +119,7 @@ nsXMLHttpRequest::nsXMLHttpRequest()
   NS_INIT_ISUPPORTS();
   ChangeState(XML_HTTP_REQUEST_UNINITIALIZED,PR_FALSE);
   mAsync = PR_TRUE;
+  mCrossSiteAccessEnabled = PR_FALSE;
 }
 
 nsXMLHttpRequest::~nsXMLHttpRequest()
@@ -141,6 +144,8 @@ NS_INTERFACE_MAP_BEGIN(nsXMLHttpRequest)
   NS_INTERFACE_MAP_ENTRY(nsIDOMEventTarget)
   NS_INTERFACE_MAP_ENTRY(nsIRequestObserver)
   NS_INTERFACE_MAP_ENTRY(nsIStreamListener)
+  NS_INTERFACE_MAP_ENTRY(nsIHttpEventSink)
+  NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
   NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
   NS_INTERFACE_MAP_ENTRY_DOM_CLASSINFO(XMLHttpRequest)
 NS_INTERFACE_MAP_END
@@ -641,6 +646,12 @@ nsXMLHttpRequest::Open(const char *method, const char *url)
       return NS_OK;
     }
 
+    // Find out if UniversalBrowserRead privileges are enabled
+    // we will need this in case of a redirect
+    rv = secMan->IsCapabilityEnabled("UniversalBrowserRead",
+                                     &mCrossSiteAccessEnabled);
+    if (NS_FAILED(rv)) return rv;
+
     if (argc > 2) {
       JSBool asyncBool;
       JS_ValueToBoolean(cx, argv[2], &asyncBool);
@@ -1113,6 +1124,11 @@ nsXMLHttpRequest::Send(nsISupports *body)
   }
 #endif
 
+  if (!mScriptContext) {
+    // We need a context to check if redirect (if any) is allowed
+    GetCurrentContext(getter_AddRefs(mScriptContext));
+  }
+
   rv = document->StartDocumentLoad(kLoadAsData, mChannel, 
                                    nsnull, nsnull, 
                                    getter_AddRefs(listener),
@@ -1129,6 +1145,9 @@ nsXMLHttpRequest::Send(nsISupports *body)
   if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
 #endif
 
+  // Hook us up to listen to redirects and the like
+  mChannel->SetNotificationCallbacks(this);
+
   // Start reading from the channel
   ChangeState(XML_HTTP_REQUEST_SENT);
   mXMLParserStreamListener = listener;
@@ -1332,6 +1351,79 @@ nsXMLHttpRequest::ChangeState(nsXMLHttpRequestState aState, PRBool aBroadcast)
   return rv;
 }
 
+/////////////////////////////////////////////////////
+// nsIHttpEventSink methods:
+//
+NS_IMETHODIMP
+nsXMLHttpRequest::OnRedirect(nsIHttpChannel *aHttpChannel, nsIChannel *aNewChannel)
+{
+  NS_ENSURE_ARG_POINTER(aNewChannel);
+
+  if (mScriptContext && !mCrossSiteAccessEnabled) {
+    nsresult rv = NS_ERROR_FAILURE;
+
+    nsCOMPtr<nsIJSContextStack> stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", & rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    JSContext *cx = (JSContext *)mScriptContext->GetNativeContext();
+    if (!cx)
+      return NS_ERROR_UNEXPECTED;
+
+    nsCOMPtr<nsIScriptSecurityManager> secMan = 
+             do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIURI> newURI;
+    rv = aNewChannel->GetURI(getter_AddRefs(newURI)); // The redirected URI
+    if (NS_FAILED(rv)) 
+      return rv;
+
+    stack->Push(cx);
+
+    rv = secMan->CheckSameOrigin(cx, newURI);
+
+    stack->Pop(&cx);
+    
+    if (NS_FAILED(rv))
+      return rv;
+  }
+
+  mChannel = aNewChannel;
+
+  return NS_OK;
+}
+
+/////////////////////////////////////////////////////
+// nsIInterfaceRequestor methods:
+//
+NS_IMETHODIMP
+nsXMLHttpRequest::GetInterface(const nsIID & aIID, void **aResult)
+{
+  if (aIID.Equals(NS_GET_IID(nsIAuthPrompt))) {
+    NS_ENSURE_ARG_POINTER(aResult);
+    *aResult = nsnull;
+
+    nsresult rv;
+    nsCOMPtr<nsIWindowWatcher> ww(do_GetService("@mozilla.org/embedcomp/window-watcher;1", &rv));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIAuthPrompt> prompt;
+    rv = ww->GetNewAuthPrompter(nsnull, getter_AddRefs(prompt));
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsIAuthPrompt *p = prompt.get();
+    NS_ADDREF(p);
+    *aResult = p;
+    return NS_OK;
+  }
+
+  return QueryInterface(aIID, aResult);
+}
+
 NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
 
 NS_IMETHODIMP nsXMLHttpRequest::

mozilla/extensions/xmlextras/base/src/nsXMLHttpRequest.h

@@ -43,6 +43,8 @@
 #include "nsISupportsArray.h"
 #include "jsapi.h"
 #include "nsIScriptContext.h"
+#include "nsIHttpEventSink.h"
+#include "nsIInterfaceRequestor.h"
 
 
 enum nsXMLHttpRequestState {
@@ -60,6 +62,8 @@ class nsXMLHttpRequest : public nsIXMLHttpRequest,
                          public nsIDOMLoadListener,
                          public nsIDOMEventTarget,
                          public nsIStreamListener,
+                         public nsIHttpEventSink, 
+                         public nsIInterfaceRequestor,
                          public nsSupportsWeakReference
 {
 public:
@@ -92,6 +96,12 @@ public:
   // nsIRequestObserver
   NS_DECL_NSIREQUESTOBSERVER
 
+  // nsIHttpEventSink
+  NS_DECL_NSIHTTPEVENTSINK
+ 
+  // nsIInterfaceRequestor
+  NS_DECL_NSIINTERFACEREQUESTOR
+
 protected:
   nsresult GetStreamForWString(const PRUnichar* aStr,
                                PRInt32 aLength,
@@ -145,6 +155,7 @@ protected:
 
   PRInt32 mStatus;
   PRBool mAsync;
+  PRBool mCrossSiteAccessEnabled;
 };
 
 #endif

mozilla/layout/xul/base/public/nsIMenuParent.h

@@ -1,73 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is Mozilla Communicator client code.
- *
- * The Initial Developer of the Original Code is Netscape Communications
- * Corporation.  Portions created by Netscape are
- * Copyright (C) 1998 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- *   Dean Tessman <dean_tessman@hotmail.com>
- */
-
-#ifndef nsIMenuParent_h___
-#define nsIMenuParent_h___
-
-
-// {D407BF61-3EFA-11d3-97FA-00400553EEF0}
-#define NS_IMENUPARENT_IID \
-{ 0xd407bf61, 0x3efa, 0x11d3, { 0x97, 0xfa, 0x0, 0x40, 0x5, 0x53, 0xee, 0xf0 } }
-
-class nsIMenuFrame;
-
-class nsIMenuParent : public nsISupports {
-
-public:
-  static const nsIID& GetIID() { static nsIID iid = NS_IMENUPARENT_IID; return iid; }
-
-  NS_IMETHOD GetCurrentMenuItem(nsIMenuFrame** aMenuItem) = 0;
-  NS_IMETHOD SetCurrentMenuItem(nsIMenuFrame* aMenuItem) = 0;
-  NS_IMETHOD GetNextMenuItem(nsIMenuFrame* aStart, nsIMenuFrame** aResult) = 0;
-  NS_IMETHOD GetPreviousMenuItem(nsIMenuFrame* aStart, nsIMenuFrame** aResult) = 0;
-
-  NS_IMETHOD SetActive(PRBool aActiveFlag) = 0;
-  NS_IMETHOD GetIsActive(PRBool& isActive) = 0;
-  NS_IMETHOD GetWidget(nsIWidget **aWidget) = 0;
-  
-  NS_IMETHOD IsMenuBar(PRBool& isMenuBar) = 0;
-
-  NS_IMETHOD DismissChain() = 0;
-  NS_IMETHOD HideChain() = 0;
-  NS_IMETHOD KillPendingTimers() = 0;
-
-  NS_IMETHOD CreateDismissalListener() = 0;
-
-  NS_IMETHOD InstallKeyboardNavigator() = 0;
-  NS_IMETHOD RemoveKeyboardNavigator() = 0;
-
-  // Used to move up, down, left, and right in menus.
-  NS_IMETHOD KeyboardNavigation(PRUint32 aDirection, PRBool& aHandledFlag) = 0;
-  NS_IMETHOD ShortcutNavigation(PRUint32 aLetter, PRBool& aHandledFlag) = 0;
-  // Called when the ESC key is held down to close levels of menus.
-  NS_IMETHOD Escape(PRBool& aHandledFlag) = 0;
-  // Called to execute a menu item.
-  NS_IMETHOD Enter() = 0;
-
-  NS_IMETHOD SetIsContextMenu(PRBool aIsContextMenu) = 0;
-  NS_IMETHOD GetIsContextMenu(PRBool& aIsContextMenu) = 0;
-  
-};
-
-#endif
-

mozilla/netwerk/base/src/nsSocketTransport.cpp

@@ -203,7 +203,7 @@ nsSocketTransport::~nsSocketTransport()
     }
     
     if (mService) {
-        PR_AtomicDecrement(&mService->mTotalTransports);
+        mService->OnTransportDestroyed();
         NS_RELEASE(mService);
     }
     
@@ -340,7 +340,7 @@ nsresult nsSocketTransport::Init(nsSocketTransportService* aService,
     
     // Update the active time for timeout purposes...
     mLastActiveTime = PR_IntervalNow();
-    PR_AtomicIncrement(&mService->mTotalTransports);
+    mService->OnTransportCreated();
     
     LOG(("nsSocketTransport: Initializing [%s:%d %x].  rv = %x",
         mHostName, mPort, this, rv));
@@ -422,8 +422,11 @@ nsresult nsSocketTransport::Process(PRInt16 aSelectFlags)
             //
             // A connection has been established with the server
             //
-            PR_AtomicIncrement(&mService->mConnectedTransports);
-            mWasConnected = PR_TRUE;
+            if (!mWasConnected) {
+                const char *host = (mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName;
+                mService->OnTransportConnected(host, &mNetAddress);
+                mWasConnected = PR_TRUE;
+            }
 
             // Send status message
             OnStatus(NS_NET_STATUS_CONNECTED_TO);
@@ -626,46 +629,65 @@ nsresult nsSocketTransport::doResolveHost(void)
     //
     if (PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
         //
-        // Initialize the port used for the connection...
+        // determine the desired host:port
         //
-        // XXX: The list of ports must be restricted - see net_bad_ports_table[] in 
-        //      mozilla/network/main/mkconect.c
-        //
-        mNetAddress.ipv6.port = PR_htons(((mProxyPort != -1 && !mProxyTransparent) ? mProxyPort : mPort));
+        const char *host = (mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName;
+        PRInt32 port = (mProxyPort != -1 && !mProxyTransparent) ? mProxyPort : mPort;
 
-        nsCOMPtr<nsIDNSService> pDNSService(do_GetService(kDNSService, &rv));
-        if (NS_FAILED(rv)) return rv;
+        PRIPv6Addr addr;
+        if (mService->LookupHost(host, &addr)) {
+            // found address!
+            PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &mNetAddress);
+            memcpy(&mNetAddress.ipv6.ip, &addr, sizeof(addr));
+#ifdef PR_LOGGING
+            char buf[128];
+            PR_NetAddrToString(&mNetAddress, buf, sizeof(buf));
+            LOG((" -> using cached ip address [%s]\n", buf));
+#endif
+        }
+        else {
+            //
+            // Initialize the port used for the connection...
+            //
+            // XXX: The list of ports must be restricted - see net_bad_ports_table[] in 
+            //      mozilla/network/main/mkconect.c
+            //
+            mNetAddress.ipv6.port = PR_htons(port);
 
-        //
-        // Give up the SocketTransport lock.  This allows the DNS thread to call the
-        // nsIDNSListener notifications without blocking...
-        //
-        PR_ExitMonitor(mMonitor);
+            nsCOMPtr<nsIDNSService> pDNSService(do_GetService(kDNSService, &rv));
+            if (NS_FAILED(rv)) return rv;
 
-        rv = pDNSService->Lookup((mProxyHost && !mProxyTransparent) ? mProxyHost : mHostName, 
-                                 this, 
-                                 nsnull, 
-                                 getter_AddRefs(mDNSRequest));
-        //
-        // Aquire the SocketTransport lock again...
-        //
-        PR_EnterMonitor(mMonitor);
+            //
+            // Give up the SocketTransport lock.  This allows the DNS thread to call the
+            // nsIDNSListener notifications without blocking...
+            //
+            PR_ExitMonitor(mMonitor);
 
-        if (NS_SUCCEEDED(rv)) {
+            rv = pDNSService->Lookup(host,
+                                     this, 
+                                     nsnull, 
+                                     getter_AddRefs(mDNSRequest));
             //
-            // The DNS lookup has finished...  It has either failed or succeeded.
+            // Aquire the SocketTransport lock again...
             //
-            if (NS_FAILED(mStatus) || !PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
-                mDNSRequest = 0;
-                rv = mStatus;
-            } 
-            //
-            // The DNS lookup is being processed...  Mark the transport as waiting
-            // until the result is available...
-            //
-            else {
-                SetFlag(eSocketDNS_Wait);
-                rv = NS_BASE_STREAM_WOULD_BLOCK;
+            PR_EnterMonitor(mMonitor);
+
+            if (NS_SUCCEEDED(rv)) {
+                //
+                // The DNS lookup has finished...  It has either failed or succeeded.
+                //
+                if (NS_FAILED(mStatus) || !PR_IsNetAddrType(&mNetAddress, PR_IpAddrAny)) {
+                    mDNSRequest = 0;
+                    rv = mStatus;
+                } 
+                //
+                // The DNS lookup is being processed...  Mark the transport as waiting
+                // until the result is available...
+                //
+                else {
+                    SetFlag(eSocketDNS_Wait);
+                    rv = NS_BASE_STREAM_WOULD_BLOCK;
+                }
             }
         }
     }
@@ -1129,7 +1151,7 @@ nsresult nsSocketTransport::CloseConnection()
 
     if (mWasConnected) {
         if (mService)
-            PR_AtomicDecrement(&mService->mConnectedTransports);
+            mService->OnTransportClosed();
         mWasConnected = PR_FALSE;
     }
     

mozilla/netwerk/base/src/nsSocketTransportService.cpp

@@ -31,6 +31,7 @@
 #include "nsString.h"
 #include "nsNetCID.h"
 #include "nsProtocolProxyService.h"
+#include "plstr.h"
 
 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
 static NS_DEFINE_CID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
@@ -165,6 +166,12 @@ nsSocketTransportService::Init(void)
     mThreadRunning = PR_TRUE;
     rv = NS_NewThread(&mThread, this, 0, PR_JOINABLE_THREAD);
   }
+
+  //
+  // Initialize hostname database
+  //
+  PL_DHashTableInit(&mHostDB, &ops, nsnull, sizeof(nsHostEntry), 0);
+
   return rv;
 }
 
@@ -677,6 +684,10 @@ nsSocketTransportService::Shutdown(void)
     
     for (i=0; i<mSelectFDSetCount; i++)
       NS_IF_RELEASE(mActiveTransportList[i]);
+ 
+    // clear the hostname database (NOTE: this runs when the browser
+    // enters the offline state).
+    PL_DHashTableFinish(&mHostDB);
 
   } else {
     rv = NS_ERROR_FAILURE;
@@ -763,3 +774,89 @@ nsSocketTransportService::GetNeckoStringByName (const char *aName, PRUnichar **a
 
 	return res;
 }
+
+//-----------------------------------------------------------------------------
+// hostname database impl
+//-----------------------------------------------------------------------------
+
+PLDHashTableOps nsSocketTransportService::ops =
+{
+    PL_DHashAllocTable,
+    PL_DHashFreeTable,
+    PL_DHashGetKeyStub,
+    PL_DHashStringKey,
+    nsSocketTransportService::MatchEntry,
+    PL_DHashMoveEntryStub,
+    nsSocketTransportService::ClearEntry,
+    PL_DHashFinalizeStub,
+    nsnull
+};
+
+PRBool PR_CALLBACK
+nsSocketTransportService::MatchEntry(PLDHashTable *table,
+                                     const PLDHashEntryHdr *entry,
+                                     const void *key)
+{
+    const nsSocketTransportService::nsHostEntry *he =
+        NS_REINTERPRET_CAST(const nsSocketTransportService::nsHostEntry *, entry);
+
+    return !strcmp(he->host(), (const char *) key);
+}
+
+void PR_CALLBACK
+nsSocketTransportService::ClearEntry(PLDHashTable *table,
+                                     PLDHashEntryHdr *entry)
+{
+    nsSocketTransportService::nsHostEntry *he =
+        NS_REINTERPRET_CAST(nsSocketTransportService::nsHostEntry *, entry);
+
+    PL_strfree((char *) he->key);
+    he->key = nsnull;
+    memset(&he->addr, 0, sizeof(he->addr));
+}
+
+PRBool
+nsSocketTransportService::LookupHost(const char *host, PRIPv6Addr *addr)
+{
+    NS_ASSERTION(host, "null host");
+    NS_ASSERTION(addr, "null addr");
+
+    PLDHashEntryHdr *hdr;
+
+    hdr = PL_DHashTableOperate(&mHostDB, host, PL_DHASH_LOOKUP);
+    if (PL_DHASH_ENTRY_IS_BUSY(hdr)) {
+        // found match
+        nsHostEntry *ent = NS_REINTERPRET_CAST(nsHostEntry *, hdr);
+        memcpy(addr, &ent->addr, sizeof(ent->addr));
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+void
+nsSocketTransportService::OnTransportConnected(const char *host, PRNetAddr *addr)
+{
+    // remember hostname
+
+    PLDHashEntryHdr *hdr;
+
+    hdr = PL_DHashTableOperate(&mHostDB, host, PL_DHASH_ADD);
+    if (!hdr)
+        return;
+
+    NS_ASSERTION(PL_DHASH_ENTRY_IS_BUSY(hdr), "entry not busy");
+
+    nsHostEntry *ent = NS_REINTERPRET_CAST(nsHostEntry *, hdr);
+    if (ent->key == nsnull) {
+        ent->key = (const void *) PL_strdup(host);
+        memcpy(&ent->addr, &addr->ipv6.ip, sizeof(ent->addr));
+    }
+#ifdef DEBUG
+    else {
+        // verify that the existing entry is in fact a perfect match
+        NS_ASSERTION(PL_strcmp(ent->host(), host) == 0, "bad match");
+        NS_ASSERTION(memcmp(&ent->addr, &addr->ipv6.ip, sizeof(ent->addr)) == 0, "bad match");
+    }
+#endif
+}

mozilla/netwerk/base/src/nsSocketTransportService.h

@@ -30,6 +30,8 @@
 #include "nsIInputStream.h"
 #include "nsCOMPtr.h"
 #include "nsIStringBundle.h"
+#include "pldhash.h"
+#include "prio.h"
 
 #if defined(XP_PC) || defined(XP_UNIX) || defined(XP_BEOS) || defined(XP_MAC)
 //
@@ -76,24 +78,54 @@ public:
     
     nsresult AddToSelectList(nsSocketTransport* aTransport);
     nsresult RemoveFromSelectList(nsSocketTransport* aTransport);
-    
-    PRInt32   mConnectedTransports;
-    PRInt32   mTotalTransports;
-    
+   
+    //
+    // LookupHost checks to see if we've previously resolved the hostname
+    // during this session.  We remember all successful connections to prevent
+    // ip-address spoofing.  See bug 149943.
+    //
+    // Returns TRUE if found, and sets |result| to the cached value.
+    //
+    PRBool LookupHost(const char *host, PRIPv6Addr *result);
+
+    void OnTransportCreated()   { PR_AtomicIncrement(&mTotalTransports); }
+    void OnTransportConnected(const char *aHost, PRNetAddr *aAddr);
+    void OnTransportClosed()    { PR_AtomicDecrement(&mConnectedTransports); }
+    void OnTransportDestroyed() { PR_AtomicDecrement(&mTotalTransports); } 
+   
     nsresult  GetNeckoStringByName (const char *aName, PRUnichar **aString);
 
 protected:
-    nsIThread*            mThread;
-    PRFileDesc*           mThreadEvent;
-    PRLock*               mThreadLock;
-    PRBool                mThreadRunning;
+    //
+    // mHostDB maps hostname -> nsHostEntry
+    //
+    struct nsHostEntry : PLDHashEntryStub
+    {
+        PRIPv6Addr  addr;
+        const char *host() const { return (const char *) key; }
+    };
+
+    static PLDHashTableOps ops;
+
+    static PRBool PR_CALLBACK MatchEntry(PLDHashTable *, const PLDHashEntryHdr *, const void *);
+    static void   PR_CALLBACK ClearEntry(PLDHashTable *, PLDHashEntryHdr *);
+
+    nsIThread                     *mThread;
+    PRFileDesc                    *mThreadEvent;
+    PRLock                        *mThreadLock;
+    PRBool                         mThreadRunning;
     
-    PRCList               mWorkQ;
+    PRCList                        mWorkQ;
+
+    PRInt32                        mConnectedTransports;
+    PRInt32                        mTotalTransports;
     
-    PRInt32               mSelectFDSetCount;
-    PRPollDesc*           mSelectFDSet;
-    nsSocketTransport**   mActiveTransportList;
-	nsCOMPtr<nsIStringBundle>   m_stringBundle;
+    PRInt32                        mSelectFDSetCount;
+    PRPollDesc                    *mSelectFDSet;
+    nsSocketTransport            **mActiveTransportList;
+    nsCOMPtr<nsIStringBundle>      m_stringBundle;
+
+    PLDHashTable                   mHostDB;
 };
 
 

mozilla/netwerk/protocol/http/src/Makefile.in

@@ -28,7 +28,7 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE		= necko
 LIBRARY_NAME = nkhttp_s
-REQUIRES	= xpcom string pref nkcache mimetype intl
+REQUIRES	= xpcom string pref nkcache mimetype intl xpconnect js
 
 CPPSRCS		= \
 		nsHttp.cpp \

mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp

@@ -33,6 +33,7 @@
 #include "nsIStringBundle.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIFileStream.h"
+#include "nsIScriptSecurityManager.h"
 #include "nsMimeTypes.h"
 #include "nsNetUtil.h"
 #include "nsString2.h"
@@ -1063,6 +1064,15 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType)
         rv = ioService->NewURI(location, mURI, getter_AddRefs(newURI));
         if (NS_FAILED(rv)) return rv;
 
+        // verify that this is a legal redirect
+        nsCOMPtr<nsIScriptSecurityManager> securityManager = 
+                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+        if (securityManager) {
+            rv = securityManager->CheckLoadURI(mURI, newURI,
+                                               nsIScriptSecurityManager::DISALLOW_FROM_MAIL);
+            if (NS_FAILED(rv)) return rv;
+        }
+
         // move the reference of the old location to the new one if the new
         // one has none.
         nsCOMPtr<nsIURL> newURL = do_QueryInterface(newURI, &rv);

mozilla/uriloader/base/nsDocLoader.cpp

@@ -1253,6 +1253,7 @@ NS_IMETHODIMP nsDocLoaderImpl::OnRedirect(nsIHttpChannel *aOldChannel, nsIChanne
     rv = aNewChannel->GetURI(getter_AddRefs(newURI));
     if (NS_FAILED(rv)) return rv;
 
+#ifdef HTTP_DOESNT_CALL_CHECKLOADURI
     // verify that this is a legal redirect
     nsCOMPtr<nsIScriptSecurityManager> securityManager = 
              do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
@@ -1260,6 +1261,7 @@ NS_IMETHODIMP nsDocLoaderImpl::OnRedirect(nsIHttpChannel *aOldChannel, nsIChanne
     rv = securityManager->CheckLoadURI(oldURI, newURI,
                                        nsIScriptSecurityManager::DISALLOW_FROM_MAIL);
     if (NS_FAILED(rv)) return rv;
+#endif
 
     nsLoadFlags loadFlags = 0;
     PRInt32 stateFlags = nsIWebProgressListener::STATE_REDIRECTING |

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_asm_ipf32.s

@@ -1,145 +0,0 @@
-
-// Select C numeric constant
-        .radix  C
-// for 64 bit mode, use .psr abi64
-        .psr    abi32
-// big endian
-        .psr    msb
-// Section has executable code
-        .section .text, "ax","progbits"
-// procedure named 'XPTC_InvokeByIndex'
-        .proc   XPTC_InvokeByIndex
-// manual bundling
-        .explicit
-
-// extern "C" PRUint32
-// invoke_copy_to_stack(uint64_t* d,
-//   const PRUint32 paramCount, nsXPTCVariant* s)
-        .global invoke_copy_to_stack
-//      .exclass  invoke_copy_to_stack, @fullyvisible
-        .type   invoke_copy_to_stack,@function
-
-//      .exclass  XPTC_InvokeByIndex, @fullyvisible
-        .type   XPTC_InvokeByIndex,@function
-
-// XPTC_InvokeByIndex(nsISupports* that, PRUint32 methodIndex,
-//   PRUint32 paramCount, nsXPTCVariant* params);
-XPTC_InvokeByIndex::
-        .prologue
-        .save ar.pfs, r37
-// allocate 4 input args, 6 local args, and 8 output args
-        alloc           r37 = ar.pfs, 4, 6, 8, 0   // M
-        nop.i           0                       ;; // I
-
-// unwind table already knows gp, no need to specify anything
-        add             r39 = 0, gp                // A
-        .save rp, r36
-        mov             r36 = rp                   // I
-        .vframe r38
-        add             r38 = 0, sp             ;; // A
-
-// We first calculate the amount of extra memory stack space required
-// for the arguments, and register storage.
-// We then call invoke_copy_to_stack() to write the argument contents
-// to the specified memory regions.
-// We then copy the integer arguments to integer registers, and floating
-// arguments to float registers.
-// Lastly we load the virtual table jump pointer, and call the target
-// subroutine.
-
-// in0 : that
-// in1 : methodIndex
-// in2 : paramCount
-// in3 : params
-
-// stack frame size is 16 + (8 * even(paramCount)) + 64 + 64
-// 16 byte frame header
-// 8 * even(paramCount) memory argument area
-// 64 bytes integer register area
-// 64 bytes float register area
-// This scheme makes sure stack fram size is a multiple of 16
-
-        .body
-        add             r10 = 8, r0          // A
-// r41 points to float register area
-        add             r41 = -64, sp        // A
-// r40 points to int register area
-        add             r40 = -128, sp    ;; // A
-
-        add             out1 = 0, r40        // A
-        add             out2 = 0, r41        // A
-        tbit.z          p14,p15 = in2,0   ;; // I
-
-// compute 8 * even(paramCount)
-(p14)   shladd          r11 = in2, 3, r0  ;; // A
-(p15)   shladd          r11 = in2, 3, r10 ;; // A
-        sub             out0 = r40, r11   ;; // A
-
-// advance the stack frame
-        add             sp = -16, out0       // A
-        add             out3 = 0, in2        // A
-        add             out4 = 0, in3        // A
-
-// branch to invoke_copy_to_stack
-        br.call.sptk.few rp = invoke_copy_to_stack ;; // B
-
-// restore gp
-        add             gp = 0, r39          // A
-        add             out0 = 0, in0        // A
-
-// load the integer and float registers
-        ld8             out1 = [r40], 8      // M
-        ldfd            f8 = [r41], 8       ;; // M
-
-        ld8             out2 = [r40], 8      // M
-        ldfd            f9 = [r41], 8       ;; // M
-
-        ld8             out3 = [r40], 8      // M
-        ldfd            f10 = [r41], 8      ;; // M
-
-        ld8             out4 = [r40], 8      // M
-        ldfd            f11 = [r41], 8      ;; // M
-
-        ld8             out5 = [r40], 8      // M
-        ldfd            f12 = [r41], 8      ;; // M
-// 16 * methodIndex
-        shladd          r11 = in1, 4, r0     // A
-
-        ld8             out6 = [r40], 8      // M
-        ldfd            f13 = [r41], 8      ;; // M
-
-        ld8             out7 = [r40], 8      // M
-        ldfd            f14 = [r41], 8       // M
-        addp4           r8 = 0, in0       ;; // A
-
-// look up virtual base table and dispatch to target subroutine
-// This section assumes 32 bit pointer mode, and virtual base table
-// layout from the ABI http://www.codesourcery.com/cxx-abi/abi.html
-
-// load base table
-        ld4             r8 = [r8]         ;; // M
-        addp4           r8 = r11, r8      ;; // A
-
- // first entry is jump pointer, second entry is gp
-        addp4           r9 = 8, r8       ;; // A
-// load jump pointer
-        ld8             r8 = [r8]
-
-// load gp
-        ld8             gp = [r9]        ;; // M
-        mov             b6 = r8          ;; // I
-
-// branch to target virtual function
-        br.call.sptk.few rp = b6          ;; // B
-
-// epilog
-        mov             ar.pfs = r37         // I
-        mov             rp = r36          ;; // I
-
-        add             sp = 0, r38          // A
-        add             gp = 0, r39          // A
-        br.ret.sptk.few rp                ;; // B
-
-        .endp
-
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_ipf32.cpp

@@ -1,148 +0,0 @@
-
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- */
-
-#include "xptcprivate.h"
-
-#include <iostream.h>
-
-// "This code is for IA64 only"
-
-
-/* invoke_copy_to_stack() will copy from variant array 's' to
- * the stack argument area 'mloc', the integer register area 'iloc', and
- * the float register area 'floc'.
- *
- */
-extern "C" void
-invoke_copy_to_stack(uint64_t* mloc, uint64_t* iloc, uint64_t* floc,
-  const PRUint32 paramCount, nsXPTCVariant* s)
-{
-  uint64_t* dest = mloc;
-  PRUint32 len = paramCount;
-  nsXPTCVariant* source = s;
-
-  PRUint32 indx;
-  PRUint32 endlen;
-  endlen = (len > 7) ? 7 : len;
-  /* handle the memory arguments */
-  for (indx = 7; indx < len; ++indx)
-  {
-    if (source[indx].IsPtrData())
-    {
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].ptr;
-#else
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].ptr;
-#endif
-    }
-    else
-    switch (source[indx].type)
-    {
-    case nsXPTType::T_I8    : *(dest) = source[indx].val.i8;  break;
-    case nsXPTType::T_I16   : *(dest) = source[indx].val.i16; break;
-    case nsXPTType::T_I32   : *(dest) = source[indx].val.i32; break;
-    case nsXPTType::T_I64   : *(dest) = source[indx].val.i64; break;
-    case nsXPTType::T_U8    : *(dest) = source[indx].val.u8;  break;
-    case nsXPTType::T_U16   : *(dest) = source[indx].val.u16; break;
-    case nsXPTType::T_U32   : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_U64   : *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_FLOAT : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_DOUBLE: *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_BOOL  : *(dest) = source[indx].val.b; break;
-    case nsXPTType::T_CHAR  : *(dest) = source[indx].val.c; break;
-    case nsXPTType::T_WCHAR : *(dest) = source[indx].val.wc; break;
-    default:
-    // all the others are plain pointer types
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].val.p;
-#else
-      {
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].val.p;
-      }
-#endif
-    }
-    ++dest;
-  }
-  /* process register arguments */
-  dest = iloc;
-  for (indx = 0; indx < endlen; ++indx)
-  {
-    if (source[indx].IsPtrData())
-    {
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].ptr;
-#else
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].ptr;
-#endif
-    }
-    else
-    switch (source[indx].type)
-    {
-    case nsXPTType::T_I8    : *(dest) = source[indx].val.i8; break;
-    case nsXPTType::T_I16   : *(dest) = source[indx].val.i16; break;
-    case nsXPTType::T_I32   : *(dest) = source[indx].val.i32; break;
-    case nsXPTType::T_I64   : *(dest) = source[indx].val.i64; break;
-    case nsXPTType::T_U8    : *(dest) = source[indx].val.u8; break;
-    case nsXPTType::T_U16   : *(dest) = source[indx].val.u16; break;
-    case nsXPTType::T_U32   : *(dest) = source[indx].val.u32; break;
-    case nsXPTType::T_U64   : *(dest) = source[indx].val.u64; break;
-    case nsXPTType::T_FLOAT :
-      *((double*) (floc++)) = (double) source[indx].val.f;
-      break;
-    case nsXPTType::T_DOUBLE:
-      *((double*) (floc++)) = source[indx].val.d;
-      break;
-    case nsXPTType::T_BOOL  : *(dest) = source[indx].val.b; break;
-    case nsXPTType::T_CHAR  : *(dest) = source[indx].val.c; break;
-    case nsXPTType::T_WCHAR : *(dest) = source[indx].val.wc; break;
-    default:
-    // all the others are plain pointer types
-#ifdef __LP64__
-      /* 64 bit pointer mode */
-      *((void**) dest) = source[indx].val.p;
-#else
-      {
-      /* 32 bit pointer mode */
-      uint32_t* adr = (uint32_t*) dest;
-      *(adr) = 0;
-      *(adr+1) = (uint32_t) source[indx].val.p;
-      }
-#endif
-    }
-    ++dest;
-  }
-
-}
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_asm_ipf32.s

@@ -1,124 +0,0 @@
-
-// Select C numeric constant
-        .radix  C
-        .psr    abi32
-        .psr    msb
-// Section has executable code
-        .section .text, "ax","progbits"
-// procedure named 'SharedStub'
-        .proc   SharedStub
-// manual bundling
-        .explicit
-
-        .global PrepareAndDispatch
-//      .exclass  PrepareAndDispatch, @fullyvisible
-        .type   PrepareAndDispatch,@function
-
-SharedStub::
-// 9 arguments, first 8 are the input arguments of previous
-// function call.  The last one is methodIndex, and is passed in memory
-        .prologue
-        .save ar.pfs , r41
-// allocate 8 input args, 4 local args, and 5 output args
-        alloc           r41 = ar.pfs, 8, 4, 5, 0   // M
-        .save rp, r40
-        mov             r40 = rp                   // I
-        nop.i           0                       ;; // I
-
-        .save ar.unat, r42
-        mov             r42 = ar.unat              // M
-        .fframe 144
-        add             sp = -144, sp              // A
-// unwind table already knows gp, don't need to specify anything
-        add             r43 = 0, gp             ;; // A
-
-// We have possible 8 integer registers and 8 float registers that could
-// be arguments.  We also have a stack region from the previous
-// stack frame that may hold some stack arguments.
-// We need to write the integer registers to a memory region, write
-// the float registers to a memory region (making sure we don't step
-// on NAT while touching the registers).  We also mark the memory
-// address of the stack arguments.
-// We then call PrepareAndDispatch() specifying the three memory
-// region pointers.
-
-
-        .body
-        add             out0 = 0, in0        // A  move self ptr
-// 144 bytes = 16 byte stack header + 64 byte int space + 64 byte float space
-// current frame is 144 bytes, previous frame is 112 bytes
-// restarg is at 144 + 112 + 16 bytes away from current sp
-// (current frame + previous frame + previous previous frame header)
-// methodIndex is at 144 + 16 bytes away from current sp
-// (current frame + previous frame header)
-        add             out4 = 192, sp       // A  restarg address
-        add             r11  = 160, sp    ;; // A  address of methodIndex
-
-        ld8             out1 = [r11]         // M  load methodIndex
-// sp + 16 is the start of intargs
-        add             out2 = 16, sp        // A  address of intargs
-// the intargs take up 64 bytes, so sp + 16 + 64 is the start of floatargs
-        add             out3 = 80, sp     ;; // A  address of floatargs
-
-        add             r11 = 0, out2     ;; // A
-        st8.spill       [r11] = in1, 8       // M
-        add             r10 = 0, out3     ;; // A
-
-        st8.spill       [r11] = in2, 8    ;; // M
-        st8.spill       [r11] = in3, 8       // M
-        nop.i           0                 ;; // I
-
-        st8.spill       [r11] = in4, 8    ;; // M
-        st8.spill       [r11] = in5, 8       // M
-        nop.i           0                 ;; // I
-
-        st8.spill       [r11] = in6, 8    ;; // M
-        st8.spill       [r11] = in7          // M
-        fclass.nm       p14,p15 = f8,@nat ;; // F
-
-(p14)   stfd            [r10] = f8, 8        // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 = f9,@nat ;; // F
-
-(p12)   stfd            [r10] = f9, 8        // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f10,@nat ;; // F
-
-(p14)   stfd            [r10] = f10, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f11,@nat ;; // F
-
-(p12)   stfd            [r10] = f11, 8       // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f12,@nat ;; // F
-
-(p14)   stfd            [r10] = f12, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f13,@nat ;; // F
-
-(p12)   stfd            [r10] = f13, 8       // M
-(p13)   add             r10 = 8, r10         // A
-        fclass.nm       p14,p15 =f14,@nat ;; // F
-
-(p14)   stfd            [r10] = f14, 8       // M
-(p15)   add             r10 = 8, r10         // A
-        fclass.nm       p12,p13 =f15,@nat ;; // F
-
-(p12)   stfd            [r10] = f15, 8       // M
-(p13)   add             r10 = 8, r10         // A
-
-// branch to PrepareAndDispatch
-        br.call.dptk.few rp = PrepareAndDispatch ;; // B
-
-// epilog
-        mov             ar.unat = r42        // M
-        mov             ar.pfs = r41         // I
-        mov             rp = r40          ;; // I
-
-        add             gp = 0, r43          // A
-        add             sp = 144, sp         // A
-        br.ret.dptk.few rp                ;; // B
-
-        .endp
-
-

mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_ipf32.cpp

@@ -1,169 +0,0 @@
-
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
- *
- * The contents of this file are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/NPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation.  Portions created by Netscape are
- * Copyright (C) 1999 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s): 
- */
-
-
-#include "xptcprivate.h"
-
-#include <stddef.h>
-#include <stdlib.h>
-
-// "This code is for IA64 only"
-
-/* Implement shared vtbl methods. */
-
-extern "C" nsresult
-PrepareAndDispatch(nsXPTCStubBase* self, PRUint32 methodIndex,
-  uint64_t* intargs, uint64_t* floatargs, uint64_t* restargs)
-{
-
-#define PARAM_BUFFER_COUNT     16
-
-  nsXPTCMiniVariant paramBuffer[PARAM_BUFFER_COUNT];
-  nsXPTCMiniVariant* dispatchParams = NULL;
-  nsIInterfaceInfo* iface_info = NULL;
-  const nsXPTMethodInfo* info;
-  nsresult result = NS_ERROR_FAILURE;
-  uint64_t* iargs = intargs;
-  uint64_t* fargs = floatargs;
-  PRUint8 paramCount;
-  PRUint8 i;
-
-  NS_ASSERTION(self,"no self");
-
-  self->GetInterfaceInfo(&iface_info);
-  NS_ASSERTION(iface_info,"no interface info");
-
-  iface_info->GetMethodInfo(PRUint16(methodIndex), &info);
-  NS_ASSERTION(info,"no interface info");
-
-  paramCount = info->GetParamCount();
-
-  // setup variant array pointer
-  if(paramCount > PARAM_BUFFER_COUNT)
-    dispatchParams = new nsXPTCMiniVariant[paramCount];
-  else
-    dispatchParams = paramBuffer;
-  NS_ASSERTION(dispatchParams,"no place for params");
-
-  for(i = 0; i < paramCount; ++i)
-  {
-    int isfloat = 0;
-    const nsXPTParamInfo& param = info->GetParam(i);
-    const nsXPTType& type = param.GetType();
-    nsXPTCMiniVariant* dp = &dispatchParams[i];
-
-    if(param.IsOut() || !type.IsArithmetic())
-    {
-#ifdef __LP64__
-        /* 64 bit pointer mode */
-        dp->val.p = (void*) *iargs;
-#else
-        /* 32 bit pointer mode */
-        uint32_t* adr = (uint32_t*) iargs;
-        dp->val.p = (void*) (*(adr+1));
-#endif
-    }
-    else
-    switch(type)
-    {
-    case nsXPTType::T_I8     : dp->val.i8  = *(iargs); break;
-    case nsXPTType::T_I16    : dp->val.i16 = *(iargs); break;
-    case nsXPTType::T_I32    : dp->val.i32 = *(iargs); break;
-    case nsXPTType::T_I64    : dp->val.i64 = *(iargs); break;
-    case nsXPTType::T_U8     : dp->val.u8  = *(iargs); break;
-    case nsXPTType::T_U16    : dp->val.u16 = *(iargs); break;
-    case nsXPTType::T_U32    : dp->val.u32 = *(iargs); break;
-    case nsXPTType::T_U64    : dp->val.u64 = *(iargs); break;
-    case nsXPTType::T_FLOAT  :
-      isfloat = 1;
-      if (i < 7)
-        dp->val.f = (float) *((double*) fargs); /* register */
-      else
-        dp->val.u32 = *(fargs); /* memory */
-      break;
-    case nsXPTType::T_DOUBLE :
-      isfloat = 1;
-      dp->val.u64 = *(fargs);
-      break;
-    case nsXPTType::T_BOOL   : dp->val.b   = *(iargs); break;
-    case nsXPTType::T_CHAR   : dp->val.c   = *(iargs); break;
-    case nsXPTType::T_WCHAR  : dp->val.wc  = *(iargs); break;
-    default:
-      NS_ASSERTION(0, "bad type");
-      break;
-    }
-    if (i < 7)
-    {
-      /* we are parsing register arguments */
-      if (i == 6)
-      {
-        // run out of register arguments, move on to memory arguments
-        iargs = restargs;
-        fargs = restargs;
-      }
-      else
-      {
-        ++iargs; // advance one integer register slot
-        if (isfloat) ++fargs; // advance float register slot if isfloat
-      }
-    }
-    else
-    {
-      /* we are parsing memory arguments */
-      ++iargs;
-      ++fargs;
-    }
-  }
-
-  result = self->CallMethod((PRUint16) methodIndex, info, dispatchParams);
-
-  NS_RELEASE(iface_info);
-
-  if(dispatchParams != paramBuffer)
-    delete [] dispatchParams;
-
-  return result;
-}
-
-extern "C" int SharedStub(PRUint64,PRUint64,PRUint64,PRUint64,
- PRUint64,PRUint64,PRUint64,PRUint64,PRUint64);
-
-/* Variable a0-a7 were put there so we can have access to the 8 input
-   registers on Stubxyz entry */
-
-#define STUB_ENTRY(n) \
-nsresult nsXPTCStubBase::Stub##n(PRUint64 a1, \
-PRUint64 a2,PRUint64 a3,PRUint64 a4,PRUint64 a5,PRUint64 a6,PRUint64 a7) \
-{ uint64_t a0 = (uint64_t) this; \
- return SharedStub(a0,a1,a2,a3,a4,a5,a6,a7,(PRUint64) n); \
-}
-
-#define SENTINEL_ENTRY(n) \
-nsresult nsXPTCStubBase::Sentinel##n() \
-{ \
-    NS_ASSERTION(0,"nsXPTCStubBase::Sentinel called"); \
-    return NS_ERROR_NOT_IMPLEMENTED; \
-}
-
-#include "xptcstubsdef.inc"
-