diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2743.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-2743.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2743.patch b/gnu/packages/patches/icecat-CVE-2015-2743.patch new file mode 100644 index 0000000000..a74fe7b270 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-2743.patch @@ -0,0 +1,73 @@ +From 9ed97d606aaaf79776b0e19a73ba30d8ad0685b5 Mon Sep 17 00:00:00 2001 +From: Ben Turner <bent.mozilla@gmail.com> +Date: Tue, 26 May 2015 17:27:01 -0400 +Subject: [PATCH] Bug 1163109 - Restrict the resource:// weirdness in workers + to loads from a system principal. r=bzbarsky, a=lizzard + +--HG-- +extra : transplant_source : sQUdu%7C%ED%84%CA%5B%91%89/%1B2%25%CFY%B0%C3 +--- + dom/workers/ScriptLoader.cpp | 37 ++++++++++++++++--------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp +index 0dfe625..3335c3e 100644 +--- a/dom/workers/ScriptLoader.cpp ++++ b/dom/workers/ScriptLoader.cpp +@@ -509,22 +509,6 @@ private: + rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal)); + NS_ENSURE_SUCCESS(rv, rv); + +- // See if this is a resource URI. Since JSMs usually come from resource:// +- // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE +- // flag as valid for creating privileged workers. +- if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) { +- bool isResource; +- rv = NS_URIChainHasFlags(finalURI, +- nsIProtocolHandler::URI_IS_UI_RESOURCE, +- &isResource); +- NS_ENSURE_SUCCESS(rv, rv); +- +- if (isResource) { +- rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal)); +- NS_ENSURE_SUCCESS(rv, rv); +- } +- } +- + // If the load principal is the system principal then the channel + // principal must also be the system principal (we do not allow chrome + // code to create workers with non-chrome scripts). Otherwise this channel +@@ -532,14 +516,25 @@ private: + // here in case redirects changed the location of the script). + if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) { + if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) { +- return NS_ERROR_DOM_BAD_URI; ++ // See if this is a resource URI. Since JSMs usually come from ++ // resource:// URIs we're currently considering all URIs with the ++ // URI_IS_UI_RESOURCE flag as valid for creating privileged workers. ++ bool isResource; ++ rv = NS_URIChainHasFlags(finalURI, ++ nsIProtocolHandler::URI_IS_UI_RESOURCE, ++ &isResource); ++ NS_ENSURE_SUCCESS(rv, rv); ++ ++ if (isResource) { ++ // Assign the system principal to the resource:// worker only if it ++ // was loaded from code using the system principal. ++ channelPrincipal = loadPrincipal; ++ } else { ++ return NS_ERROR_DOM_BAD_URI; ++ } + } + } + else { +- nsCString scheme; +- rv = finalURI->GetScheme(scheme); +- NS_ENSURE_SUCCESS(rv, rv); +- + // We exempt data urls and other URI's that inherit their + // principal again. + if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) { +-- +2.4.3 + |