summary refs log tree commit diff
path: root/gnu/packages/patches/icecat-CVE-2015-2743.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-2743.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-2743.patch73
1 files changed, 73 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-2743.patch b/gnu/packages/patches/icecat-CVE-2015-2743.patch
new file mode 100644
index 0000000000..a74fe7b270
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-2743.patch
@@ -0,0 +1,73 @@
+From 9ed97d606aaaf79776b0e19a73ba30d8ad0685b5 Mon Sep 17 00:00:00 2001
+From: Ben Turner <bent.mozilla@gmail.com>
+Date: Tue, 26 May 2015 17:27:01 -0400
+Subject: [PATCH] Bug 1163109 - Restrict the resource:// weirdness in workers
+ to loads from a system principal. r=bzbarsky, a=lizzard
+
+--HG--
+extra : transplant_source : sQUdu%7C%ED%84%CA%5B%91%89/%1B2%25%CFY%B0%C3
+---
+ dom/workers/ScriptLoader.cpp | 37 ++++++++++++++++---------------------
+ 1 file changed, 16 insertions(+), 21 deletions(-)
+
+diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp
+index 0dfe625..3335c3e 100644
+--- a/dom/workers/ScriptLoader.cpp
++++ b/dom/workers/ScriptLoader.cpp
+@@ -509,22 +509,6 @@ private:
+       rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal));
+       NS_ENSURE_SUCCESS(rv, rv);
+ 
+-      // See if this is a resource URI. Since JSMs usually come from resource://
+-      // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE
+-      // flag as valid for creating privileged workers.
+-      if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
+-        bool isResource;
+-        rv = NS_URIChainHasFlags(finalURI,
+-                                 nsIProtocolHandler::URI_IS_UI_RESOURCE,
+-                                 &isResource);
+-        NS_ENSURE_SUCCESS(rv, rv);
+-
+-        if (isResource) {
+-          rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal));
+-          NS_ENSURE_SUCCESS(rv, rv);
+-        }
+-      }
+-
+       // If the load principal is the system principal then the channel
+       // principal must also be the system principal (we do not allow chrome
+       // code to create workers with non-chrome scripts). Otherwise this channel
+@@ -532,14 +516,25 @@ private:
+       // here in case redirects changed the location of the script).
+       if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) {
+         if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
+-          return NS_ERROR_DOM_BAD_URI;
++          // See if this is a resource URI. Since JSMs usually come from
++          // resource:// URIs we're currently considering all URIs with the
++          // URI_IS_UI_RESOURCE flag as valid for creating privileged workers.
++          bool isResource;
++          rv = NS_URIChainHasFlags(finalURI,
++                                   nsIProtocolHandler::URI_IS_UI_RESOURCE,
++                                   &isResource);
++          NS_ENSURE_SUCCESS(rv, rv);
++
++          if (isResource) {
++            // Assign the system principal to the resource:// worker only if it
++            // was loaded from code using the system principal.
++            channelPrincipal = loadPrincipal;
++          } else {
++            return NS_ERROR_DOM_BAD_URI;
++          }
+         }
+       }
+       else  {
+-        nsCString scheme;
+-        rv = finalURI->GetScheme(scheme);
+-        NS_ENSURE_SUCCESS(rv, rv);
+-
+         // We exempt data urls and other URI's that inherit their
+         // principal again.
+         if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) {
+-- 
+2.4.3
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-04 04:01:55 +0000