Bug 1289001 - Security check in NeckoParent::GetValidatedAppInfo must pass if the serialized LoadContext is null, r=valentin
authorAndrea Marchesini <amarchesini@mozilla.com>
Sat, 29 Oct 2016 22:04:38 +0200
changeset 320195 4a6cd6dff941517c15ce49226f74e438f83983e8
parent 320194 40cd4eb145ffd5d0c4d698965ed3870903c70c2f
child 320196 bcb5f7b49427929996c0b8425cb9220f0c07e7bc
push id20751
push userphilringnalda@gmail.com
push dateSun, 30 Oct 2016 18:06:35 +0000
treeherderfx-team@e3279760cd97 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1289001
milestone52.0a1
Bug 1289001 - Security check in NeckoParent::GetValidatedAppInfo must pass if the serialized LoadContext is null, r=valentin
netwerk/ipc/NeckoParent.cpp
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -109,26 +109,42 @@ void CrashWithReason(const char * reason
 #endif
 }
 
 const char*
 NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                                  PContentParent* aContent,
                                  DocShellOriginAttributes& aAttrs)
 {
-  if (UsingNeckoIPCSecurity()) {
-    if (!aSerialized.IsNotNull()) {
+  if (!aSerialized.IsNotNull()) {
+    if (UsingNeckoIPCSecurity()) {
       CrashWithReason("GetValidatedAppInfo | SerializedLoadContext from child is null");
       return "SerializedLoadContext from child is null";
     }
+
+    // If serialized is null, we cannot validate anything. We have to assume
+    // that this requests comes from a SystemPrincipal.
+    aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
+    return nullptr;
+  }
+
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aContent)->GetManagedTabContext();
+  if (contextArray.IsEmpty()) {
+    if (UsingNeckoIPCSecurity()) {
+      CrashWithReason("GetValidatedAppInfo | ContentParent does not have any PBrowsers");
+      return "ContentParent does not have any PBrowsers";
+    }
+
+    // We are running xpcshell tests
+    aAttrs = aSerialized.mOriginAttributes;
+    return nullptr;
   }
 
   nsAutoCString debugString;
-  nsTArray<TabContext> contextArray =
-    static_cast<ContentParent*>(aContent)->GetManagedTabContext();
   for (uint32_t i = 0; i < contextArray.Length(); i++) {
     TabContext tabContext = contextArray[i];
     uint32_t appId = tabContext.OwnOrContainingAppId();
     bool inBrowserElement = aSerialized.IsNotNull() ?
                               aSerialized.mOriginAttributes.mInIsolatedMozBrowser :
                               tabContext.IsIsolatedMozBrowserElement();
 
     if (appId == NECKO_UNKNOWN_APP_ID) {
@@ -161,41 +177,26 @@ NeckoParent::GetValidatedAppInfo(const S
     aAttrs.mSignedPkg = aSerialized.mOriginAttributes.mSignedPkg;
     aAttrs.mUserContextId = aSerialized.mOriginAttributes.mUserContextId;
     aAttrs.mPrivateBrowsingId = aSerialized.mOriginAttributes.mPrivateBrowsingId;
     aAttrs.mFirstPartyDomain = aSerialized.mOriginAttributes.mFirstPartyDomain;
 
     return nullptr;
   }
 
-  if (contextArray.Length() != 0) {
-    nsAutoCString errorString;
-    errorString.Append("GetValidatedAppInfo | App does not have permission -");
-    errorString.Append(debugString);
-
-    // Leak the buffer on the heap to make sure that it lives long enough, as
-    // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
-    // the program.
-    char * error = strdup(errorString.BeginReading());
-    CrashWithReason(error);
-    return "App does not have permission";
-  }
+  nsAutoCString errorString;
+  errorString.Append("GetValidatedAppInfo | App does not have permission -");
+  errorString.Append(debugString);
 
-  if (!UsingNeckoIPCSecurity()) {
-    // We are running xpcshell tests
-    if (aSerialized.IsNotNull()) {
-      aAttrs = aSerialized.mOriginAttributes;
-    } else {
-      aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
-    }
-    return nullptr;
-  }
-
-  CrashWithReason("GetValidatedAppInfo | ContentParent does not have any PBrowsers");
-  return "ContentParent does not have any PBrowsers";
+  // Leak the buffer on the heap to make sure that it lives long enough, as
+  // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
+  // the program.
+  char * error = strdup(errorString.BeginReading());
+  CrashWithReason(error);
+  return "App does not have permission";
 }
 
 const char *
 NeckoParent::CreateChannelLoadContext(const PBrowserOrId& aBrowser,
                                       PContentParent* aContent,
                                       const SerializedLoadContext& aSerialized,
                                       nsCOMPtr<nsILoadContext> &aResult)
 {