Bug 968342 - implement check for mailnews protocols before allowing load. r=jorgk,rkent a=jorgk
authorNeil Rashbrook <neil@parkwaycc.co.uk>
Fri, 31 Mar 2017 14:57:24 +0200
changeset 27865 cd16709e68e83891e85419e05ce9713c4294db2d
parent 27864 ac959d841e939551b5c944b6113110d15218a29d
child 27866 183d25ea0e84b53f707458c1091f8057951e6bdc
push id1881
push usermozilla@jorgk.com
push dateTue, 25 Apr 2017 14:52:44 +0000
treeherdercomm-esr52@183d25ea0e84 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjorgk, rkent, jorgk
bugs968342
Bug 968342 - implement check for mailnews protocols before allowing load. r=jorgk,rkent a=jorgk
mailnews/base/src/nsMsgContentPolicy.cpp
--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@@ -234,19 +234,36 @@ nsMsgContentPolicy::ShouldLoad(uint32_t 
   // If the requesting location is safe, accept the content location request.
   if (IsSafeRequestingLocation(aRequestingLocation))
     return rv;
 
   // Now default to reject so early returns via NS_ENSURE_SUCCESS
   // cause content to be rejected.
   *aDecision = nsIContentPolicy::REJECT_REQUEST;
 
-  // if aContentLocation is a protocol we handle (imap, pop3, mailbox, etc)
-  // or is a chrome url, then allow the load
+  // If aContentLocation uses a protocol we handle (imap, pop, mailbox, news),
+  // we require that the load comes from the same scheme/account/server/port.
+  // This is basically a simplyfied "same origin" test.
+  // Pre-paths for example are:
+  // mailbox: mailbox://
+  // imap:    imap://user@domain@server:port
+  // news:    news://server:port
+  nsCOMPtr<nsIMsgMailNewsUrl> mailnewsUrl(do_QueryInterface(aContentLocation));
+  if (mailnewsUrl) {
+    nsCString contentPrePath, requestingPrePath;
+    aContentLocation->GetPrePath(contentPrePath);
+    aRequestingLocation->GetPrePath(requestingPrePath);
+    if (contentPrePath.Equals(requestingPrePath))  {
+      *aDecision = nsIContentPolicy::ACCEPT;
+      return NS_OK;
+    }
+  }
 
+  // If exposed protocol not covered by the test above or protocol that has been
+  // specifically exposed by an add-on, or is a chrome url, then allow the load.
   if (IsExposedProtocol(aContentLocation))
   {
     *aDecision = nsIContentPolicy::ACCEPT;
     return NS_OK;
   }
 
   // never load unexposed protocols except for http, https and file.
   // Protocols like ftp are always blocked.
@@ -381,26 +398,23 @@ nsMsgContentPolicy::IsSafeRequestingLoca
  */
 bool
 nsMsgContentPolicy::IsExposedProtocol(nsIURI *aContentLocation)
 {
   nsAutoCString contentScheme;
   nsresult rv = aContentLocation->GetScheme(contentScheme);
   NS_ENSURE_SUCCESS(rv, false);
 
-  // If you are changing this list, you may need to also consider changing the
-  // list of network.protocol-handler.expose.* prefs in all-thunderbird.js.
+  // Check some exposed protocols. Not all protocols in the list of
+  // network.protocol-handler.expose.* prefs in all-thunderbird.js are
+  // admitted purely based on their scheme.
+  // news, snews, nntp, imap, pop and mailbox are checked before the call
+  // to this function by matching content location and requesting location.
   if (MsgLowerCaseEqualsLiteral(contentScheme, "mailto") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "news") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "snews") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "nntp") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "imap") ||
       MsgLowerCaseEqualsLiteral(contentScheme, "addbook") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "pop") ||
-      MsgLowerCaseEqualsLiteral(contentScheme, "mailbox") ||
       MsgLowerCaseEqualsLiteral(contentScheme, "about"))
     return true;
 
   // check if customized exposed scheme
   if (mCustomExposedProtocols.Contains(contentScheme))
     return true;
 
   bool isData;