Bug 960684 - Don't allow unsafe paths when constructing DeviceStorageFile object. r=bent
☠☠ backed out by 677be012a2aa ☠ ☠
authorDave Hylands <dhylands@mozilla.com>
Thu, 16 Jan 2014 15:11:24 -0800
changeset 163920 00967488c6bb0b0edb749cebfe33a079f220c389
parent 163919 fb394fa6404e7fd7ba02839afe26be346ff1ae17
child 163921 677be012a2aa3564bcd2699d841784e087fd8401
push id38584
push usercbook@mozilla.com
push dateFri, 17 Jan 2014 10:04:30 +0000
treeherdermozilla-inbound@28a9d7e2416f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbent
bugs960684
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 960684 - Don't allow unsafe paths when constructing DeviceStorageFile object. r=bent
dom/devicestorage/nsDeviceStorage.cpp
--- a/dom/devicestorage/nsDeviceStorage.cpp
+++ b/dom/devicestorage/nsDeviceStorage.cpp
@@ -889,16 +889,26 @@ DeviceStorageFile::NormalizeFilePath() {
 #endif
 }
 
 void
 DeviceStorageFile::AppendRelativePath(const nsAString& aPath) {
   if (!mFile) {
     return;
   }
+  if (!IsSafePath(aPath)) {
+    // All of the APIs (in the child) do checks to verify that the path is
+    // valid and return PERMISSION_DENIED if a non-safe path is entered.
+    // This check is done in the parent and prevents a compromised
+    // child from bypassing the check. It shouldn't be possible for this
+    // code path to be taken with a non-compromised child.
+    NS_WARNING("Unsafe path detected - ignoring");
+    NS_WARNING(NS_LossyConvertUTF16toASCII(aPath).get());
+    return;
+  }
 #if defined(XP_WIN)
   // replace forward slashes with backslashes,
   // since nsLocalFileWin chokes on them
   nsString temp;
   temp.Assign(aPath);
 
   char16_t* cur = temp.BeginWriting();
   char16_t* end = temp.EndWriting();