diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2743.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-2743.patch | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2743.patch b/gnu/packages/patches/icecat-CVE-2015-2743.patch deleted file mode 100644 index a74fe7b270..0000000000 --- a/gnu/packages/patches/icecat-CVE-2015-2743.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 9ed97d606aaaf79776b0e19a73ba30d8ad0685b5 Mon Sep 17 00:00:00 2001 -From: Ben Turner <bent.mozilla@gmail.com> -Date: Tue, 26 May 2015 17:27:01 -0400 -Subject: [PATCH] Bug 1163109 - Restrict the resource:// weirdness in workers - to loads from a system principal. r=bzbarsky, a=lizzard - ---HG-- -extra : transplant_source : sQUdu%7C%ED%84%CA%5B%91%89/%1B2%25%CFY%B0%C3 ---- - dom/workers/ScriptLoader.cpp | 37 ++++++++++++++++--------------------- - 1 file changed, 16 insertions(+), 21 deletions(-) - -diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp -index 0dfe625..3335c3e 100644 ---- a/dom/workers/ScriptLoader.cpp -+++ b/dom/workers/ScriptLoader.cpp -@@ -509,22 +509,6 @@ private: - rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); - -- // See if this is a resource URI. Since JSMs usually come from resource:// -- // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE -- // flag as valid for creating privileged workers. -- if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) { -- bool isResource; -- rv = NS_URIChainHasFlags(finalURI, -- nsIProtocolHandler::URI_IS_UI_RESOURCE, -- &isResource); -- NS_ENSURE_SUCCESS(rv, rv); -- -- if (isResource) { -- rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal)); -- NS_ENSURE_SUCCESS(rv, rv); -- } -- } -- - // If the load principal is the system principal then the channel - // principal must also be the system principal (we do not allow chrome - // code to create workers with non-chrome scripts). Otherwise this channel -@@ -532,14 +516,25 @@ private: - // here in case redirects changed the location of the script). - if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) { - if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) { -- return NS_ERROR_DOM_BAD_URI; -+ // See if this is a resource URI. Since JSMs usually come from -+ // resource:// URIs we're currently considering all URIs with the -+ // URI_IS_UI_RESOURCE flag as valid for creating privileged workers. -+ bool isResource; -+ rv = NS_URIChainHasFlags(finalURI, -+ nsIProtocolHandler::URI_IS_UI_RESOURCE, -+ &isResource); -+ NS_ENSURE_SUCCESS(rv, rv); -+ -+ if (isResource) { -+ // Assign the system principal to the resource:// worker only if it -+ // was loaded from code using the system principal. -+ channelPrincipal = loadPrincipal; -+ } else { -+ return NS_ERROR_DOM_BAD_URI; -+ } - } - } - else { -- nsCString scheme; -- rv = finalURI->GetScheme(scheme); -- NS_ENSURE_SUCCESS(rv, rv); -- - // We exempt data urls and other URI's that inherit their - // principal again. - if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) { --- -2.4.3 - |