diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-0816.patch')
-rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-0816.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-0816.patch b/gnu/packages/patches/icecat-CVE-2015-0816.patch new file mode 100644 index 0000000000..5632e37eb3 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-0816.patch @@ -0,0 +1,76 @@ +From ae49ed04f54c2f78d6ba7e545e0099602a3270fa Mon Sep 17 00:00:00 2001 +From: Boris Zbarsky <bzbarsky@mit.edu> +Date: Thu, 19 Mar 2015 18:58:44 -0400 +Subject: [PATCH] Bug 1144991 - Be a bit more restrictive about when a + URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that + doesn't have the same scheme. r=bholley, a=abillings + +--- + caps/src/nsScriptSecurityManager.cpp | 38 +++++++++++++++++++++++++----------- + 1 file changed, 27 insertions(+), 11 deletions(-) + +diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp +index 3587358..6577b95 100644 +--- a/caps/src/nsScriptSecurityManager.cpp ++++ b/caps/src/nsScriptSecurityManager.cpp +@@ -770,12 +770,31 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, + NS_ENSURE_SUCCESS(rv, rv); + if (hasFlags) { + if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) { ++ ++ // For now, don't change behavior for resource:// or moz-icon:// and ++ // just allow them. + if (!targetScheme.EqualsLiteral("chrome")) { +- // for now don't change behavior for resource: or moz-icon: + return NS_OK; + } + +- // allow load only if chrome package is whitelisted ++ // Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE ++ // target if ALLOW_CHROME is set. ++ // ++ // ALLOW_CHROME is a flag that we pass on all loads _except_ docshell ++ // loads (since docshell loads run the loaded content with its origin ++ // principal). So we're effectively allowing resource://, chrome://, ++ // and moz-icon:// source URIs to load resource://, chrome://, and ++ // moz-icon:// files, so long as they're not loading it as a document. ++ bool sourceIsUIResource; ++ rv = NS_URIChainHasFlags(sourceBaseURI, ++ nsIProtocolHandler::URI_IS_UI_RESOURCE, ++ &sourceIsUIResource); ++ NS_ENSURE_SUCCESS(rv, rv); ++ if (sourceIsUIResource) { ++ return NS_OK; ++ } ++ ++ // Allow the load only if the chrome package is whitelisted. + nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService( + NS_CHROMEREGISTRY_CONTRACTID)); + if (reg) { +@@ -787,17 +806,14 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, + } + } + +- // resource: and chrome: are equivalent, securitywise +- // That's bogus!! Fix this. But watch out for +- // the view-source stylesheet? +- bool sourceIsChrome; +- rv = NS_URIChainHasFlags(sourceBaseURI, +- nsIProtocolHandler::URI_IS_UI_RESOURCE, +- &sourceIsChrome); +- NS_ENSURE_SUCCESS(rv, rv); +- if (sourceIsChrome) { ++ // Special-case the hidden window: it's allowed to load ++ // URI_IS_UI_RESOURCE no matter what. Bug 1145470 tracks removing this. ++ nsAutoCString sourceSpec; ++ if (NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) && ++ sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) { + return NS_OK; + } ++ + if (reportErrors) { + ReportError(nullptr, errorTag, sourceURI, aTargetURI); + } +-- +2.2.1 + |