summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2014-1590.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2014-1590.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2014-1590.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2014-1590.patch b/gnu/packages/patches/icecat-CVE-2014-1590.patch
new file mode 100644
index 0000000000..f8513980ad
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2014-1590.patch
@@ -0,0 +1,33 @@
+commit 50c5ca4bacf7cda77c3a7ab1b8d82ded18fb3355
+Author: Olli Pettay <Olli.Pettay@helsinki.fi>
+Date:   Sun Nov 2 22:01:55 2014 +0200
+
+    Bug 1087633 - Filter out XPConnect wrapped input streams. r=bz, a=lmandel
+
+	Modified   content/base/src/nsXMLHttpRequest.h
+diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h
+index b1fc4e3..4ab4f29 100644
+--- a/content/base/src/nsXMLHttpRequest.h
++++ b/content/base/src/nsXMLHttpRequest.h
+@@ -28,7 +28,8 @@
+ #include "nsIPrincipal.h"
+ #include "nsIScriptObjectPrincipal.h"
+ #include "nsISizeOfEventTarget.h"
+-
++#include "nsIXPConnect.h"
++#include "nsIInputStream.h"
+ #include "mozilla/Assertions.h"
+ #include "mozilla/DOMEventTargetHelper.h"
+ #include "mozilla/MemoryReporting.h"
+@@ -446,6 +447,11 @@ public:
+   void Send(nsIInputStream* aStream, ErrorResult& aRv)
+   {
+     NS_ASSERTION(aStream, "Null should go to string version");
++    nsCOMPtr<nsIXPConnectWrappedJS> wjs = do_QueryInterface(aStream);
++    if (wjs) {
++      aRv.Throw(NS_ERROR_DOM_TYPE_ERR);
++      return;
++    }
+     aRv = Send(RequestBody(aStream));
+   }
+   void SendAsBinary(const nsAString& aBody, ErrorResult& aRv);