Bug 940684 - Don't allow unsafe paths when constructing DeviceStorageFile object. (Corrected bug # DONTBUILD) r=bent
authorDave Hylands <dhylands@mozilla.com>
Thu, 16 Jan 2014 15:11:24 -0800
changeset 163921 bf42b0e0697695f0d706f4fdcdf4522f2e6fbf51
parent 163920 677be012a2aa3564bcd2699d841784e087fd8401
child 163922 0837bcd3b018b7298c7d09cd4f565dca4a8cd993
push id26018
push usercbook@mozilla.com
push dateFri, 17 Jan 2014 09:16:09 +0000
treeherdermozilla-central@b53589696cf8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbent
bugs940684
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 940684 - Don't allow unsafe paths when constructing DeviceStorageFile object. (Corrected bug # DONTBUILD) r=bent
dom/devicestorage/nsDeviceStorage.cpp
--- a/dom/devicestorage/nsDeviceStorage.cpp
+++ b/dom/devicestorage/nsDeviceStorage.cpp
@@ -889,16 +889,26 @@ DeviceStorageFile::NormalizeFilePath() {
 #endif
 }
 
 void
 DeviceStorageFile::AppendRelativePath(const nsAString& aPath) {
   if (!mFile) {
     return;
   }
+  if (!IsSafePath(aPath)) {
+    // All of the APIs (in the child) do checks to verify that the path is
+    // valid and return PERMISSION_DENIED if a non-safe path is entered.
+    // This check is done in the parent and prevents a compromised
+    // child from bypassing the check. It shouldn't be possible for this
+    // code path to be taken with a non-compromised child.
+    NS_WARNING("Unsafe path detected - ignoring");
+    NS_WARNING(NS_LossyConvertUTF16toASCII(aPath).get());
+    return;
+  }
 #if defined(XP_WIN)
   // replace forward slashes with backslashes,
   // since nsLocalFileWin chokes on them
   nsString temp;
   temp.Assign(aPath);
 
   char16_t* cur = temp.BeginWriting();
   char16_t* end = temp.EndWriting();