Bug 1424505: Block osk.exe from UIA instantiation; r=Jamie
authorAaron Klotz <aklotz@mozilla.com>
Tue, 20 Feb 2018 12:24:47 -0700
changeset 404810 c0260c67218a901452602a1fbf2b6ebfd66abaa3
parent 404809 93501da7b1f6969cb9718960a2f2e6a61c7c1f47
child 404811 b192696c08a254b4a52fcac4bdd5ebd7538c78e7
push id33490
push userdluca@mozilla.com
push dateThu, 22 Feb 2018 10:00:20 +0000
treeherdermozilla-central@ea3da643422c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersJamie
bugs1424505
milestone60.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1424505: Block osk.exe from UIA instantiation; r=Jamie
accessible/windows/msaa/CompatibilityUIA.cpp
accessible/windows/msaa/LazyInstantiator.cpp
widget/windows/nsAppShell.cpp
--- a/accessible/windows/msaa/CompatibilityUIA.cpp
+++ b/accessible/windows/msaa/CompatibilityUIA.cpp
@@ -128,16 +128,43 @@ FindNamedObject(const ComparatorFnT& aCo
     }
 
     firstCall = FALSE;
   } while (ntStatus == STATUS_MORE_ENTRIES);
 
   return false;
 }
 
+static const char* gBlockedUiaClients[] = {
+  "osk.exe"
+};
+
+static bool
+ShouldBlockUIAClient(nsIFile* aClientExe)
+{
+  if (PR_GetEnv("MOZ_DISABLE_ACCESSIBLE_BLOCKLIST")) {
+    return false;
+  }
+
+  nsAutoString leafName;
+  nsresult rv = aClientExe->GetLeafName(leafName);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+
+  for (size_t index = 0, len = ArrayLength(gBlockedUiaClients); index < len;
+       ++index) {
+    if (leafName.EqualsIgnoreCase(gBlockedUiaClients[index])) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 namespace mozilla {
 namespace a11y {
 
 Maybe<DWORD> Compatibility::sUiaRemotePid;
 
 Maybe<bool>
 Compatibility::OnUIAMessage(WPARAM aWParam, LPARAM aLParam)
 {
@@ -302,21 +329,20 @@ Compatibility::OnUIAMessage(WPARAM aWPar
   }
 
   if (!remotePid) {
     return Nothing();
   }
 
   a11y::SetInstantiator(remotePid.value());
 
-  /* This is where we could block UIA stuff
+  // Block if necessary
   nsCOMPtr<nsIFile> instantiator;
   if (a11y::GetInstantiator(getter_AddRefs(instantiator)) &&
       ShouldBlockUIAClient(instantiator)) {
     return Some(false);
   }
-  */
 
   return Some(true);
 }
 
 } // namespace a11y
 } // namespace mozilla
--- a/accessible/windows/msaa/LazyInstantiator.cpp
+++ b/accessible/windows/msaa/LazyInstantiator.cpp
@@ -228,17 +228,17 @@ LazyInstantiator::ShouldInstantiate(cons
   }
 
   a11y::SetInstantiator(GetClientPid(aClientTid));
 
   nsCOMPtr<nsIFile> clientExe;
   if (!a11y::GetInstantiator(getter_AddRefs(clientExe))) {
     return true;
   }
-  
+
   nsresult rv;
   if (!PR_GetEnv("MOZ_DISABLE_ACCESSIBLE_BLOCKLIST")) {
     // Debugging option is not present, so check blocklist.
     nsAutoString leafName;
     rv = clientExe->GetLeafName(leafName);
     if (NS_SUCCEEDED(rv)) {
       for (size_t i = 0, len = ArrayLength(gBlockedRemoteClients); i < len; ++i) {
         if (leafName.EqualsIgnoreCase(gBlockedRemoteClients[i])) {
--- a/widget/windows/nsAppShell.cpp
+++ b/widget/windows/nsAppShell.cpp
@@ -185,24 +185,28 @@ UiaHookProc(int aCode, WPARAM aWParam, L
   auto cwp = reinterpret_cast<CWPSTRUCT*>(aLParam);
   if (gUiaMsg && cwp->message == gUiaMsg) {
     if (gUiaAttempts < kMaxUiaAttempts) {
       ++gUiaAttempts;
 
       Maybe<bool> shouldCallNextHook =
         a11y::Compatibility::OnUIAMessage(cwp->wParam, cwp->lParam);
       if (shouldCallNextHook.isSome()) {
-        // We've got an instantiator, disconnect this hook.
+        // We've got an instantiator.
+        if (!shouldCallNextHook.value()) {
+          // We're blocking this instantiation. We need to keep this hook set
+          // so that we can catch any future instantiation attempts.
+          return 0;
+        }
+
+        // We're allowing the instantiator to proceed, so this hook is no longer
+        // needed.
         if (::UnhookWindowsHookEx(gUiaHook)) {
           gUiaHook = nullptr;
         }
-
-        if (!shouldCallNextHook.value()) {
-          return 0;
-        }
       } else {
         // Our hook might be firing after UIA; let's try reinstalling ourselves.
         InitUIADetection();
       }
     } else {
       // We've maxed out our attempts. Let's unhook.
       if (::UnhookWindowsHookEx(gUiaHook)) {
         gUiaHook = nullptr;