From 018229734f5e7dc2038d75067f6c99942c0d1814 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 8 Jun 2018 18:24:39 -0400 Subject: gnu: icecat: Relabel patches to reflect CVE assignments. Document that we include fixes for CVE-2018-6126, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12365, 1 out of 2 changesets for CVE-2018-5156, and 10 out of 17 changesets for CVE-2018-5188. * gnu/packages/gnuzilla.scm (icecat)[source]: Relabel patches to reflect CVE assignments. --- gnu/packages/gnuzilla.scm | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'gnu/packages/gnuzilla.scm') diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index df87700d6f..f98d6cc99a 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -479,27 +479,27 @@ security standards.") (mozilla-patch "icecat-CVE-2018-5150-pt08.patch" "134c728799c1" "16hbwx6fx1hrddsyjjbd3z954ql3pg348xs13h9riyblq8crzmam") (mozilla-patch "icecat-CVE-2018-5150-pt09.patch" "14eab155eaa8" "0wr4xgblxzk4c2gvlnpl7ic1196mrhry1hgwdl1jivq0ji5cbvbd") (mozilla-patch "icecat-bug-1452619.patch" "2b75d55ccf0e" "1g87aybw6ggv6hyk385bplv0lx63n020gwyq0d6d4pqld48hsm1i") - (mozilla-patch "icecat-bug-1453127.patch" "89857f35df29" "0gzi47svrw5ajdlm3i12193psm702zx70x5h1rwp4gb7gxh4m4d9") + (mozilla-patch "icecat-CVE-2018-5156-pt1.patch" "89857f35df29" "0gzi47svrw5ajdlm3i12193psm702zx70x5h1rwp4gb7gxh4m4d9") (mozilla-patch "icecat-CVE-2018-5150-pt10.patch" "3f2ec03c0405" "0w02952dlxd2gmwghck2nm4rjjmc5ylg62bw6m1rvi35kcr134lr") (mozilla-patch "icecat-CVE-2018-5183.patch" "f729bf78fb3a" "0xkj6jwxwdqkvb5c7wi16b8cm8qrnlrd3s9jnd46jg03iykrx56f") - (mozilla-patch "icecat-bug-1437842.patch" "eb896089db47" "10lppk4x2d3pim71a36ky1dmg08rs5ckfiljwvfnr1cw6934qxl4") - (mozilla-patch "icecat-bug-1458270.patch" "2374dca97bde" "0y1g55wvj44nzb1qfkl271jcf8s1ik8lcl1785z0zim4qzn7qkpa") - (mozilla-patch "icecat-bug-1452576.patch" "70b6298e0c9e" "0n5jfy6c421dkybk8m18vd61y95zz0r64g1p1zlya3fps5knfaqi") - (mozilla-patch "icecat-bug-1459206-pt1.patch" "4ef79fe9b3b7" "1c32z1ki1i6xj1nbb0xlxwqnmz48ikmy8dmp37rkjz8ssn04wgfg") - (mozilla-patch "icecat-bug-1459206-pt2.patch" "9ad16112044a" "0ayya67sx7avcb8bplfdxb92l9g4mjrb1s3hby283llhqv0ikg9b") - (mozilla-patch "icecat-bug-1459162.patch" "11d8a87fb6d6" "1rkmdk18llw0x1jakix75hlhy0hpsmlminnflagbzrzjli81gwm1") - (mozilla-patch "icecat-bug-1451297.patch" "407b10ad1273" "16qzsfirw045xag96f1qvpdlibm8lwdj9l1mlli4n1vz0db91v9q") - (mozilla-patch "icecat-bug-1462682.patch" "e76e2e481b17" "0hnx13msjy28n3bpa2c24kpzalam4bdk5gnp0f9k671l48rs9yb3") - (mozilla-patch "icecat-bug-1450688.patch" "2c75bfcd465c" "1pjinj8qypafqm2fk68s3hzcbzcijn09qzrpcxvzq6bl1yfc1xfd") - (mozilla-patch "icecat-bug-1456975.patch" "042f80f3befd" "0av918kin4bkrq7gnjz0h9w8kkq8rk9l93250lfl5kqrinza1gsk") - (mozilla-patch "icecat-bugs-1442722+1455071+1433642+1456604+1458320.patch" + (mozilla-patch "icecat-CVE-2018-5188-pt01.patch" "eb896089db47" "10lppk4x2d3pim71a36ky1dmg08rs5ckfiljwvfnr1cw6934qxl4") + (mozilla-patch "icecat-CVE-2018-5188-pt02.patch" "2374dca97bde" "0y1g55wvj44nzb1qfkl271jcf8s1ik8lcl1785z0zim4qzn7qkpa") + (mozilla-patch "icecat-CVE-2018-5188-pt03.patch" "70b6298e0c9e" "0n5jfy6c421dkybk8m18vd61y95zz0r64g1p1zlya3fps5knfaqi") + (mozilla-patch "icecat-CVE-2018-12365-pt1.patch" "4ef79fe9b3b7" "1c32z1ki1i6xj1nbb0xlxwqnmz48ikmy8dmp37rkjz8ssn04wgfg") + (mozilla-patch "icecat-CVE-2018-12365-pt2.patch" "9ad16112044a" "0ayya67sx7avcb8bplfdxb92l9g4mjrb1s3hby283llhqv0ikg9b") + (mozilla-patch "icecat-CVE-2018-12359.patch" "11d8a87fb6d6" "1rkmdk18llw0x1jakix75hlhy0hpsmlminnflagbzrzjli81gwm1") + (mozilla-patch "icecat-CVE-2018-5188-pt04.patch" "407b10ad1273" "16qzsfirw045xag96f1qvpdlibm8lwdj9l1mlli4n1vz0db91v9q") + (mozilla-patch "icecat-CVE-2018-6126.patch" "e76e2e481b17" "0hnx13msjy28n3bpa2c24kpzalam4bdk5gnp0f9k671l48rs9yb3") + (mozilla-patch "icecat-CVE-2018-5188-pt05.patch" "2c75bfcd465c" "1pjinj8qypafqm2fk68s3hzcbzcijn09qzrpcxvzq6bl1yfc1xfd") + (mozilla-patch "icecat-CVE-2018-5188-pt06.patch" "042f80f3befd" "0av918kin4bkrq7gnjz0h9w8kkq8rk9l93250lfl5kqrinza1gsk") + (mozilla-patch "icecat-CVE-2018-5188-pt07+bugs-1455071+1433642+1456604+1458320.patch" "bb0451c9c4a0" "1lhm1b2a7c6jwhzsg3c830hfhp17p8j9zbcmgchpb8c5jkc3vw0x") - (mozilla-patch "icecat-bug-1465108-pt1.patch" "8189b262e3b9" "13rh86ddwmj1bhv3ibbil3sv5xbqq1c9v1czgbsna5hxxkzc1y3b") - (mozilla-patch "icecat-bug-1465108-pt2.patch" "9f81ae3f6e1d" "05vfg8a8jrzd93n1wvncmvdmqgf9cgsl8ryxgjs3032gbbjkga7q") - (mozilla-patch "icecat-bug-1459693.patch" "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx") - (mozilla-patch "icecat-bug-1464829.patch" "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34") - (mozilla-patch "icecat-bug-1452375-pt1.patch" "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40") - (mozilla-patch "icecat-bug-1452375-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168"))) + (mozilla-patch "icecat-CVE-2018-5188-pt08.patch" "8189b262e3b9" "13rh86ddwmj1bhv3ibbil3sv5xbqq1c9v1czgbsna5hxxkzc1y3b") + (mozilla-patch "icecat-CVE-2018-5188-pt09.patch" "9f81ae3f6e1d" "05vfg8a8jrzd93n1wvncmvdmqgf9cgsl8ryxgjs3032gbbjkga7q") + (mozilla-patch "icecat-CVE-2018-12360.patch" "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx") + (mozilla-patch "icecat-CVE-2018-5188-pt10.patch" "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34") + (mozilla-patch "icecat-CVE-2018-12362-pt1.patch" "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40") + (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168"))) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3 From 605e3345c3ee89a7e462898439e8fc3d3c0ecaf6 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 26 Jun 2018 22:13:06 -0400 Subject: gnu: icecat: Add more fixes from upstream mozilla-esr52. Includes fixes for CVE-2018-12363, CVE-2018-12364, CVE-2018-12366, the remaining 1 out of 2 changesets for CVE-2018-5156, and the remaining 7 out of 17 changesets for CVE-2018-5188. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. * gnu/packages/patches/icecat-bug-1413868-pt1.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gnuzilla.scm | 18 +- gnu/packages/patches/icecat-bug-1413868-pt1.patch | 663 ++++++++++++++++++++++ 3 files changed, 681 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/icecat-bug-1413868-pt1.patch (limited to 'gnu/packages/gnuzilla.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 5818603802..58aebf12a2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -798,6 +798,7 @@ dist_patch_DATA = \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ + %D%/packages/patches/icecat-bug-1413868-pt1.patch \ %D%/packages/patches/icecat-CVE-2018-5157-and-CVE-2018-5158.patch \ %D%/packages/patches/icecat-use-system-graphite2.patch \ %D%/packages/patches/icecat-use-system-harfbuzz.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index f98d6cc99a..9e6061eb64 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -499,7 +499,23 @@ security standards.") (mozilla-patch "icecat-CVE-2018-12360.patch" "face7a3dd5d7" "0jclw30mf693w8lrmvn0iankggj21nh4j3zh51q5363rj5xncdzx") (mozilla-patch "icecat-CVE-2018-5188-pt10.patch" "7afb58c046c8" "1r0569r76712x7x1sw6xr0x06ilv6iw3fncb0f8r8b9mp6wrpx34") (mozilla-patch "icecat-CVE-2018-12362-pt1.patch" "f1a745f8c42d" "11q73pb7a8f09xjzil4rhg5nr49zrnz1vb0prni0kqvrnppf5s40") - (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168"))) + (mozilla-patch "icecat-CVE-2018-12362-pt2.patch" "1f9a430881cc" "0f79rv7njliqxx33z07n60b50jg0a596d1km7ayz2hivbl2d0168") + (mozilla-patch "icecat-CVE-2018-5188-pt11.patch" "28f4fc0a5141" "1a8f9z6c80in8ccj82ysdrcr2lqypp29l4acs50kwncm0c0b01zl") + (mozilla-patch "icecat-CVE-2018-12363.patch" "ad5a53a1d2b1" "0rhl4r39ydb3lkfp5pkwvhhzqgfh33s9r7b7jccgkrx6f13xyq78") + (mozilla-patch "icecat-CVE-2018-5188-pt12.patch" "0ddfc03c0454" "1b0xw2kj9765lvpl8iwr3wwcz40bdfp3dp4y9f546a61qsi9q9d6") + (mozilla-patch "icecat-CVE-2018-5156-pt2.patch" "dbf36189a364" "1awbyhy0r79i03sns2p0m78f9hb6c7kp4hwia2khx4qszlsr4j95") + (mozilla-patch "icecat-CVE-2018-5188-pt13.patch" "32509dfde003" "0cc3c92dgf5qynk093prq610c9x815l2fa24ddrw9czdzbwblsdq") + (mozilla-patch "icecat-bug-1462912.patch" "f18535a212da" "0zkqz9il89f1s1yrp5c6hj6kysy2x02iy50vgwdj30lr56gkpzmk") + (mozilla-patch "icecat-CVE-2018-5188-pt14.patch" "e8e9e1ef79f2" "0dc8p6fsppq3bhbpmp41f8mjxbr31pvgpga0a73dqdaicq5ydgj4") + (search-patch "icecat-bug-1413868-pt1.patch") + (mozilla-patch "icecat-CVE-2018-5188-pt15.patch" "9d4d31b2630d" "1lcbmsyi09kp80h1jgxj5l45zl24xn22h1lq7drbyjxsn1kggq4g") + (mozilla-patch "icecat-CVE-2018-12366-pt1.patch" "edf2c7dff493" "06xmyk7nm54cm9m6qc59wz8cxxfa5r25mf2xzdzy74iq5hwa1ac8") + (mozilla-patch "icecat-CVE-2018-5188-pt16.patch" "05549a4d1b80" "10q68cllshmmhlrbirm9h4gyc3ffrcpsxihfpcbxh90nv2h16jci") + (mozilla-patch "icecat-CVE-2018-12364.patch" "67b2d8924841" "197riigbb6l30959pygr0zlv7vaims78dg1mh0pg33pa7cbna0ds") + (mozilla-patch "icecat-CVE-2018-12366-pt2.patch" "528d4d997bb3" "0f375i96a404dkn0fanmd9pgfj3wyrhjfc5dwslw2s44gwfjhljb") + (mozilla-patch "icecat-bug-1369771.patch" "fab16ad7f256" "0kd8qm04sjgfgfg8yw3ivcxazb1d7v430g86chw4n64qybsh9ka3") + (mozilla-patch "icecat-CVE-2018-5188-pt17.patch" "068e249d02b4" "1iy9by1mg5qhp8502h31m8zm99aq2hx0c5n3hadd5pk11lfnq6ll") + (mozilla-patch "icecat-bug-1413868-pt2.patch" "755067c14b06" "089dwqwzcdg1l6aimi0i65q4dgb2iny5h8yjx63h9zgv77n0700a"))) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/icecat-bug-1413868-pt1.patch b/gnu/packages/patches/icecat-bug-1413868-pt1.patch new file mode 100644 index 0000000000..18382dc33a --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1413868-pt1.patch @@ -0,0 +1,663 @@ +Based on +Adapted to apply cleanly to GNU IceCat. + +# HG changeset patch +# User Honza Bambas +# Date 1528830658 14400 +# Node ID 431fa5dd4016bdab7e4bb0d3c4df85468fe337b0 +# Parent e8e9e1ef79f2a18c61ec1b87cfb214c8d4960f8e +Bug 1413868. r=valentin, a=RyanVM + +diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp +--- a/toolkit/xre/nsAppRunner.cpp ++++ b/toolkit/xre/nsAppRunner.cpp +@@ -4,16 +4,17 @@ + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + + #include "mozilla/dom/ContentParent.h" + #include "mozilla/dom/ContentChild.h" + #include "mozilla/ipc/GeckoChildProcessHost.h" + + #include "mozilla/ArrayUtils.h" + #include "mozilla/Attributes.h" ++#include "mozilla/FilePreferences.h" + #include "mozilla/ChaosMode.h" + #include "mozilla/IOInterposer.h" + #include "mozilla/Likely.h" + #include "mozilla/MemoryChecking.h" + #include "mozilla/Poison.h" + #include "mozilla/Preferences.h" + #include "mozilla/ScopeExit.h" + #include "mozilla/Services.h" +@@ -4304,16 +4305,20 @@ XREMain::XRE_mainRun() + // Need to write out the fact that the profile has been removed and potentially + // that the selected/default profile changed. + mProfileSvc->Flush(); + } + } + + mDirProvider.DoStartup(); + ++ // As FilePreferences need the profile directory, we must initialize right here. ++ mozilla::FilePreferences::InitDirectoriesWhitelist(); ++ mozilla::FilePreferences::InitPrefs(); ++ + OverrideDefaultLocaleIfNeeded(); + + #ifdef MOZ_CRASHREPORTER + nsCString userAgentLocale; + // Try a localized string first. This pref is always a localized string in + // IceCatMobile, and might be elsewhere, too. + if (NS_SUCCEEDED(Preferences::GetLocalizedCString("general.useragent.locale", &userAgentLocale))) { + CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("useragent_locale"), userAgentLocale); +diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp +--- a/toolkit/xre/nsEmbedFunctions.cpp ++++ b/toolkit/xre/nsEmbedFunctions.cpp +@@ -46,16 +46,17 @@ + #include "nsX11ErrorHandler.h" + #include "nsGDKErrorHandler.h" + #include "base/at_exit.h" + #include "base/command_line.h" + #include "base/message_loop.h" + #include "base/process_util.h" + #include "chrome/common/child_process.h" + ++#include "mozilla/FilePreferences.h" + #include "mozilla/ipc/BrowserProcessSubThread.h" + #include "mozilla/ipc/GeckoChildProcessHost.h" + #include "mozilla/ipc/IOThreadChild.h" + #include "mozilla/ipc/ProcessChild.h" + #include "ScopedXREEmbed.h" + + #include "mozilla/plugins/PluginProcessChild.h" + #include "mozilla/dom/ContentProcess.h" +@@ -680,16 +681,18 @@ XRE_InitChildProcess(int aArgc, + ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY); + #endif + + #if defined(MOZ_SANDBOX) && defined(XP_WIN) + // We need to do this after the process has been initialised, as + // InitLoggingIfRequired may need access to prefs. + mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction); + #endif ++ mozilla::FilePreferences::InitDirectoriesWhitelist(); ++ mozilla::FilePreferences::InitPrefs(); + + OverrideDefaultLocaleIfNeeded(); + + #if defined(MOZ_CRASHREPORTER) + #if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK) + AddContentSandboxLevelAnnotation(); + #endif + #endif +diff --git a/xpcom/io/FilePreferences.cpp b/xpcom/io/FilePreferences.cpp +new file mode 100644 +--- /dev/null ++++ b/xpcom/io/FilePreferences.cpp +@@ -0,0 +1,271 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=8 sts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++* License, v. 2.0. If a copy of the MPL was not distributed with this ++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include "FilePreferences.h" ++ ++#include "mozilla/Preferences.h" ++#include "nsAppDirectoryServiceDefs.h" ++#include "nsDirectoryServiceDefs.h" ++#include "nsDirectoryServiceUtils.h" ++ ++namespace mozilla { ++namespace FilePreferences { ++ ++static bool sBlockUNCPaths = false; ++typedef nsTArray Paths; ++ ++static Paths& PathArray() ++{ ++ static Paths sPaths; ++ return sPaths; ++} ++ ++static void AllowDirectory(char const* directory) ++{ ++ nsCOMPtr file; ++ NS_GetSpecialDirectory(directory, getter_AddRefs(file)); ++ if (!file) { ++ return; ++ } ++ ++ nsString path; ++ if (NS_FAILED(file->GetTarget(path))) { ++ return; ++ } ++ ++ // The whitelist makes sense only for UNC paths, because this code is used ++ // to block only UNC paths, hence, no need to add non-UNC directories here ++ // as those would never pass the check. ++ if (!StringBeginsWith(path, NS_LITERAL_STRING("\\\\"))) { ++ return; ++ } ++ ++ if (!PathArray().Contains(path)) { ++ PathArray().AppendElement(path); ++ } ++} ++ ++void InitPrefs() ++{ ++ sBlockUNCPaths = Preferences::GetBool("network.file.disable_unc_paths", false); ++} ++ ++void InitDirectoriesWhitelist() ++{ ++ // NS_GRE_DIR is the installation path where the binary resides. ++ AllowDirectory(NS_GRE_DIR); ++ // NS_APP_USER_PROFILE_50_DIR and NS_APP_USER_PROFILE_LOCAL_50_DIR are the two ++ // parts of the profile we store permanent and local-specific data. ++ AllowDirectory(NS_APP_USER_PROFILE_50_DIR); ++ AllowDirectory(NS_APP_USER_PROFILE_LOCAL_50_DIR); ++} ++ ++namespace { // anon ++ ++class Normalizer ++{ ++public: ++ Normalizer(const nsAString& aFilePath, const char16_t aSeparator); ++ bool Get(nsAString& aNormalizedFilePath); ++ ++private: ++ bool ConsumeItem(); ++ bool ConsumeSeparator(); ++ bool IsEOF() { return mFilePathCursor == mFilePathEnd; } ++ ++ bool ConsumeName(); ++ bool CheckParentDir(); ++ bool CheckCurrentDir(); ++ ++ nsString::const_char_iterator mFilePathCursor; ++ nsString::const_char_iterator mFilePathEnd; ++ ++ nsDependentSubstring mItem; ++ char16_t const mSeparator; ++ nsTArray mStack; ++}; ++ ++Normalizer::Normalizer(const nsAString& aFilePath, const char16_t aSeparator) ++ : mFilePathCursor(aFilePath.BeginReading()) ++ , mFilePathEnd(aFilePath.EndReading()) ++ , mSeparator(aSeparator) ++{ ++} ++ ++bool Normalizer::ConsumeItem() ++{ ++ if (IsEOF()) { ++ return false; ++ } ++ ++ nsString::const_char_iterator nameBegin = mFilePathCursor; ++ while (mFilePathCursor != mFilePathEnd) { ++ if (*mFilePathCursor == mSeparator) { ++ break; // don't include the separator ++ } ++ ++mFilePathCursor; ++ } ++ ++ mItem.Rebind(nameBegin, mFilePathCursor); ++ return true; ++} ++ ++bool Normalizer::ConsumeSeparator() ++{ ++ if (IsEOF()) { ++ return false; ++ } ++ ++ if (*mFilePathCursor != mSeparator) { ++ return false; ++ } ++ ++ ++mFilePathCursor; ++ return true; ++} ++ ++bool Normalizer::Get(nsAString& aNormalizedFilePath) ++{ ++ aNormalizedFilePath.Truncate(); ++ ++ if (IsEOF()) { ++ return true; ++ } ++ if (ConsumeSeparator()) { ++ aNormalizedFilePath.Append(mSeparator); ++ } ++ ++ if (IsEOF()) { ++ return true; ++ } ++ if (ConsumeSeparator()) { ++ aNormalizedFilePath.Append(mSeparator); ++ } ++ ++ while (!IsEOF()) { ++ if (!ConsumeName()) { ++ return false; ++ } ++ } ++ ++ for (auto const& name : mStack) { ++ aNormalizedFilePath.Append(name); ++ } ++ ++ return true; ++} ++ ++bool Normalizer::ConsumeName() ++{ ++ if (!ConsumeItem()) { ++ return true; ++ } ++ ++ if (CheckCurrentDir()) { ++ return true; ++ } ++ ++ if (CheckParentDir()) { ++ if (!mStack.Length()) { ++ // This means there are more \.. than valid names ++ return false; ++ } ++ ++ mStack.RemoveElementAt(mStack.Length() - 1); ++ return true; ++ } ++ ++ if (mItem.IsEmpty()) { ++ // this means an empty name (a lone slash), which is illegal ++ return false; ++ } ++ ++ if (ConsumeSeparator()) { ++ mItem.Rebind(mItem.BeginReading(), mFilePathCursor); ++ } ++ mStack.AppendElement(mItem); ++ ++ return true; ++} ++ ++bool Normalizer::CheckCurrentDir() ++{ ++ if (mItem == NS_LITERAL_STRING(".")) { ++ ConsumeSeparator(); ++ // EOF is acceptable ++ return true; ++ } ++ ++ return false; ++} ++ ++bool Normalizer::CheckParentDir() ++{ ++ if (mItem == NS_LITERAL_STRING("..")) { ++ ConsumeSeparator(); ++ // EOF is acceptable ++ return true; ++ } ++ ++ return false; ++} ++ ++} // anon ++ ++bool IsBlockedUNCPath(const nsAString& aFilePath) ++{ ++ if (!sBlockUNCPaths) { ++ return false; ++ } ++ ++ if (!StringBeginsWith(aFilePath, NS_LITERAL_STRING("\\\\"))) { ++ return false; ++ } ++ ++ nsAutoString normalized; ++ if (!Normalizer(aFilePath, L'\\').Get(normalized)) { ++ // Broken paths are considered invalid and thus inaccessible ++ return true; ++ } ++ ++ for (const auto& allowedPrefix : PathArray()) { ++ if (StringBeginsWith(normalized, allowedPrefix)) { ++ if (normalized.Length() == allowedPrefix.Length()) { ++ return false; ++ } ++ if (normalized[allowedPrefix.Length()] == L'\\') { ++ return false; ++ } ++ ++ // When we are here, the path has a form "\\path\prefixevil" ++ // while we have an allowed prefix of "\\path\prefix". ++ // Note that we don't want to add a slash to the end of a prefix ++ // so that opening the directory (no slash at the end) still works. ++ break; ++ } ++ } ++ ++ return true; ++} ++ ++void testing::SetBlockUNCPaths(bool aBlock) ++{ ++ sBlockUNCPaths = aBlock; ++} ++ ++void testing::AddDirectoryToWhitelist(nsAString const & aPath) ++{ ++ PathArray().AppendElement(aPath); ++} ++ ++bool testing::NormalizePath(nsAString const & aPath, nsAString & aNormalized) ++{ ++ Normalizer normalizer(aPath, L'\\'); ++ return normalizer.Get(aNormalized); ++} ++ ++} // ::FilePreferences ++} // ::mozilla +diff --git a/xpcom/io/FilePreferences.h b/xpcom/io/FilePreferences.h +new file mode 100644 +--- /dev/null ++++ b/xpcom/io/FilePreferences.h +@@ -0,0 +1,25 @@ ++/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ ++/* vim: set ts=8 sts=2 et sw=2 tw=80: */ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++* License, v. 2.0. If a copy of the MPL was not distributed with this ++* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#include "nsIObserver.h" ++ ++namespace mozilla { ++namespace FilePreferences { ++ ++void InitPrefs(); ++void InitDirectoriesWhitelist(); ++bool IsBlockedUNCPath(const nsAString& aFilePath); ++ ++namespace testing { ++ ++void SetBlockUNCPaths(bool aBlock); ++void AddDirectoryToWhitelist(nsAString const& aPath); ++bool NormalizePath(nsAString const & aPath, nsAString & aNormalized); ++ ++} ++ ++} // FilePreferences ++} // mozilla +diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build +--- a/xpcom/io/moz.build ++++ b/xpcom/io/moz.build +@@ -79,24 +79,26 @@ EXPORTS += [ + 'nsUnicharInputStream.h', + 'nsWildCard.h', + 'SlicedInputStream.h', + 'SpecialSystemDirectory.h', + ] + + EXPORTS.mozilla += [ + 'Base64.h', ++ 'FilePreferences.h', + 'SnappyCompressOutputStream.h', + 'SnappyFrameUtils.h', + 'SnappyUncompressInputStream.h', + ] + + UNIFIED_SOURCES += [ + 'Base64.cpp', + 'crc32c.c', ++ 'FilePreferences.cpp', + 'nsAnonymousTemporaryFile.cpp', + 'nsAppFileLocationProvider.cpp', + 'nsBinaryStream.cpp', + 'nsDirectoryService.cpp', + 'nsEscape.cpp', + 'nsInputStreamTee.cpp', + 'nsIOUtil.cpp', + 'nsLinebreakConverter.cpp', +diff --git a/xpcom/io/nsLocalFileWin.cpp b/xpcom/io/nsLocalFileWin.cpp +--- a/xpcom/io/nsLocalFileWin.cpp ++++ b/xpcom/io/nsLocalFileWin.cpp +@@ -41,16 +41,17 @@ + #include + #include + #include + + #include "nsXPIDLString.h" + #include "prproces.h" + #include "prlink.h" + ++#include "mozilla/FilePreferences.h" + #include "mozilla/Mutex.h" + #include "SpecialSystemDirectory.h" + + #include "nsTraceRefcnt.h" + #include "nsXPCOMCIDInternal.h" + #include "nsThreadUtils.h" + #include "nsXULAppAPI.h" + +@@ -1162,16 +1163,20 @@ nsLocalFile::InitWithPath(const nsAStrin + char16_t secondChar = *(++begin); + + // just do a sanity check. if it has any forward slashes, it is not a Native path + // on windows. Also, it must have a colon at after the first char. + if (FindCharInReadable(L'/', begin, end)) { + return NS_ERROR_FILE_UNRECOGNIZED_PATH; + } + ++ if (FilePreferences::IsBlockedUNCPath(aFilePath)) { ++ return NS_ERROR_FILE_ACCESS_DENIED; ++ } ++ + if (secondChar != L':' && (secondChar != L'\\' || firstChar != L'\\')) { + return NS_ERROR_FILE_UNRECOGNIZED_PATH; + } + + if (secondChar == L':') { + // Make sure we have a valid drive, later code assumes the drive letter + // is a single char a-z or A-Z. + if (PathGetDriveNumberW(aFilePath.Data()) == -1) { +@@ -1974,16 +1979,20 @@ nsLocalFile::CopySingleFile(nsIFile* aSo + bool path1Remote, path2Remote; + if (!IsRemoteFilePath(filePath.get(), path1Remote) || + !IsRemoteFilePath(destPath.get(), path2Remote) || + path1Remote || path2Remote) { + dwCopyFlags |= COPY_FILE_NO_BUFFERING; + } + } + ++ if (FilePreferences::IsBlockedUNCPath(destPath)) { ++ return NS_ERROR_FILE_ACCESS_DENIED; ++ } ++ + if (!move) { + copyOK = ::CopyFileExW(filePath.get(), destPath.get(), nullptr, + nullptr, nullptr, dwCopyFlags); + } else { + copyOK = ::MoveFileExW(filePath.get(), destPath.get(), + MOVEFILE_REPLACE_EXISTING); + + // Check if copying the source file to a different volume, +diff --git a/xpcom/tests/gtest/TestFilePreferencesWin.cpp b/xpcom/tests/gtest/TestFilePreferencesWin.cpp +new file mode 100644 +--- /dev/null ++++ b/xpcom/tests/gtest/TestFilePreferencesWin.cpp +@@ -0,0 +1,141 @@ ++#include "gtest/gtest.h" ++ ++#include "mozilla/FilePreferences.h" ++#include "nsIFile.h" ++#include "nsXPCOMCID.h" ++ ++TEST(FilePreferencesWin, Normalization) ++{ ++ nsAutoString normalized; ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("foo\\some"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("foo\\some")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\foo"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\bar\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.."), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\foo\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\..\\bar\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\..\\bar"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\bar")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\.\\..\\.\\..\\"), normalized); ++ ASSERT_TRUE(normalized == NS_LITERAL_STRING("\\\\")); ++ ++ bool result; ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.."), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\\\bar"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\foo\\bar\\..\\..\\..\\..\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\.\\\\"), normalized); ++ ASSERT_FALSE(result); ++ ++ result = mozilla::FilePreferences::testing::NormalizePath( ++ NS_LITERAL_STRING("\\\\..\\\\"), normalized); ++ ASSERT_FALSE(result); ++} ++ ++TEST(FilePreferencesWin, AccessUNC) ++{ ++ nsCOMPtr lf = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID); ++ ++ nsresult rv; ++ ++ mozilla::FilePreferences::testing::SetBlockUNCPaths(false); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_OK); ++ ++ mozilla::FilePreferences::testing::SetBlockUNCPaths(true); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); ++ ++ mozilla::FilePreferences::testing::AddDirectoryToWhitelist(NS_LITERAL_STRING("\\\\nice")); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\share")); ++ ASSERT_EQ(rv, NS_OK); ++ ++ rv = lf->InitWithPath(NS_LITERAL_STRING("\\\\nice\\..\\evil\\share")); ++ ASSERT_EQ(rv, NS_ERROR_FILE_ACCESS_DENIED); ++} +diff --git a/xpcom/tests/gtest/moz.build b/xpcom/tests/gtest/moz.build +--- a/xpcom/tests/gtest/moz.build ++++ b/xpcom/tests/gtest/moz.build +@@ -51,16 +51,21 @@ UNIFIED_SOURCES += [ + if CONFIG['MOZ_DEBUG'] and CONFIG['OS_ARCH'] not in ('WINNT') and CONFIG['OS_TARGET'] != 'Android': + # FIXME bug 523392: TestDeadlockDetector doesn't like Windows + # Bug 1054249: Doesn't work on Android + UNIFIED_SOURCES += [ + 'TestDeadlockDetector.cpp', + 'TestDeadlockDetectorScalability.cpp', + ] + ++if CONFIG['OS_TARGET'] == 'WINNT': ++ UNIFIED_SOURCES += [ ++ 'TestFilePreferencesWin.cpp', ++ ] ++ + if CONFIG['WRAP_STL_INCLUDES'] and not CONFIG['CLANG_CL']: + UNIFIED_SOURCES += [ + 'TestSTLWrappers.cpp', + ] + + # Compile TestAllocReplacement separately so Windows headers don't pollute + # the global namespace for other files. + SOURCES += [ + -- cgit v1.2.3