Backed out changesets 262df50c7355 and 2dbd41ba7717 (bug 1088617) for crashes.
authorRyan VanderMeulen <ryanvm@gmail.com>
Tue, 28 Oct 2014 12:57:31 -0400
changeset 224015 d94624ae1684444cd777aa7ff9beae75871fe948
parent 224014 e144f2194ed570b8eaa1906e1c8d759e06cb55b4
child 224016 c5f6f799213fa23544051601ed6bbb79affe2fe2
push id6
push usergszorc@mozilla.com
push dateWed, 29 Oct 2014 17:51:36 +0000
bugs1088617
milestone36.0a1
backs out262df50c7355bca2e1c60f4c93c5573e204f77c7
2dbd41ba7717f2889f497159bd60189949800a7e
Backed out changesets 262df50c7355 and 2dbd41ba7717 (bug 1088617) for crashes.
caps/nsIScriptSecurityManager.idl
caps/nsPrincipal.cpp
caps/nsScriptSecurityManager.cpp
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -14,17 +14,17 @@ interface nsILoadContext;
 
 %{ C++
 #include "jspubtd.h"
 %}
 
 [ptr] native JSContextPtr(JSContext);
 [ptr] native JSObjectPtr(JSObject);
 
-[scriptable, uuid(f649959d-dae3-4027-83fd-5b7f8c8a8815)]
+[scriptable, uuid(3b021962-975e-43b5-8a93-9fc2d20346e9)]
 interface nsIScriptSecurityManager : nsISupports
 {
     /**
      * For each of these hooks returning NS_OK means 'let the action continue'.
      * Returning an error code means 'veto the action'. XPConnect will return
      * false to the js engine if the action is vetoed. The implementor of this
      * interface is responsible for setting a JS exception into the JSContext
      * if that is appropriate.
@@ -174,16 +174,23 @@ interface nsIScriptSecurityManager : nsI
     /**
      * Legacy name for getNoAppCodebasePrincipal.
      *
      * @deprecated use getNoAppCodebasePrincipal instead.
      */
     [deprecated] nsIPrincipal getCodebasePrincipal(in nsIURI uri);
 
     /**
+     * Returns OK if aJSContext and target have the same "origin"
+     * (scheme, host, and port).
+     */
+    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
+                                    in nsIURI aTargetURI);
+
+    /**
      * Returns OK if aSourceURI and target have the same "origin"
      * (scheme, host, and port).
      * ReportError flag suppresses error reports for functions that
      * don't need reporting.
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
                             in boolean reportError);
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -341,28 +341,16 @@ nsPrincipal::CheckMayLoad(nsIURI* aURI, 
    if (aAllowIfInheritsPrincipal) {
     // If the caller specified to allow loads of URIs that inherit
     // our principal, allow the load if this URI inherits its principal
     if (nsPrincipal::IsPrincipalInherited(aURI)) {
       return NS_OK;
     }
   }
 
-  // See if aURI is something like a Blob URI that is actually associated with
-  // a principal.
-  nsCOMPtr<nsIURIWithPrincipal> uriWithPrin = do_QueryInterface(aURI);
-  if (uriWithPrin) {
-    nsCOMPtr<nsIPrincipal> uriPrin;
-    uriWithPrin->GetPrincipal(getter_AddRefs(uriPrin));
-    MOZ_ASSERT(uriPrin);
-    if (nsIPrincipal::Subsumes(uriPrin)) {
-        return NS_OK;
-    }
-  }
-
   if (nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) {
     return NS_OK;
   }
 
   // If strict file origin policy is in effect, local files will always fail
   // SecurityCompareURIs unless they are identical. Explicitly check file origin
   // policy, in that case.
   if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -437,16 +437,49 @@ nsScriptSecurityManager::ContentSecurity
 bool
 nsScriptSecurityManager::JSPrincipalsSubsume(JSPrincipals *first,
                                              JSPrincipals *second)
 {
     return nsJSPrincipals::get(first)->Subsumes(nsJSPrincipals::get(second));
 }
 
 NS_IMETHODIMP
+nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
+                                         nsIURI* aTargetURI)
+{
+    MOZ_ASSERT_IF(cx, cx == nsContentUtils::GetCurrentJSContext());
+
+    // Get a principal from the context
+    nsIPrincipal* sourcePrincipal = nsContentUtils::SubjectPrincipal();
+    if (sourcePrincipal == mSystemPrincipal)
+    {
+        // This is a system (chrome) script, so allow access
+        return NS_OK;
+    }
+
+    // Get the original URI from the source principal.
+    // This has the effect of ignoring any change to document.domain
+    // which must be done to avoid DNS spoofing (bug 154930)
+    nsCOMPtr<nsIURI> sourceURI;
+    sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
+    if (!sourceURI) {
+      sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
+      NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
+    }
+
+    // Compare origins
+    if (!SecurityCompareURIs(sourceURI, aTargetURI))
+    {
+         ReportError(cx, NS_LITERAL_STRING("CheckSameOriginError"), sourceURI, aTargetURI);
+         return NS_ERROR_DOM_BAD_URI;
+    }
+    return NS_OK;
+}
+
+NS_IMETHODIMP
 nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
                                             nsIURI* aTargetURI,
                                             bool reportError)
 {
     if (!SecurityCompareURIs(aSourceURI, aTargetURI))
     {
          if (reportError) {
             ReportError(nullptr, NS_LITERAL_STRING("CheckSameOriginError"),