Bug 1057376 - Clear the string read buffer between deserializations of CSP policies. r=geekboy a=bajaj
authorVlatko Markovic <vlatko.markovic@sonymobile.com>
Tue, 23 Sep 2014 10:10:58 -0700
changeset 217759 d614ae398c031b32dc11258734e20aca19e88fb8
parent 217758 96e15bbed7ab4385a1a2e24e2339776b26dc6ddc
child 217760 c00a707e28a9dd964f9c4b1d131bb1eb0a8907e3
push id6925
push userfdesre@mozilla.com
push dateTue, 23 Sep 2014 22:50:29 +0000
treeherdermozilla-aurora@d614ae398c03 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgeekboy, bajaj
bugs1057376
milestone34.0a2
Bug 1057376 - Clear the string read buffer between deserializations of CSP policies. r=geekboy a=bajaj In case when multiple CSP policies are applied it is needed to clear the temporary string buffer that holds the string of each CSP policy that is deserialized from the CSP policies stream. Failing to clear the buffer will result in concatenations of the CSP policies strings for each consecutive CSP policy that is being deserialized, which will end in generation and application of invalid CSP policy for all except the first CSP policy that was set for the document.
content/base/src/nsCSPContext.cpp
--- a/content/base/src/nsCSPContext.cpp
+++ b/content/base/src/nsCSPContext.cpp
@@ -1207,14 +1207,15 @@ nsCSPContext::Write(nsIObjectOutputStrea
                                                true);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Serialize all the policies.
   aStream->Write32(mPolicies.Length());
 
   nsAutoString polStr;
   for (uint32_t p = 0; p < mPolicies.Length(); p++) {
+    polStr.Truncate();
     mPolicies[p]->toString(polStr);
     aStream->WriteWStringZ(polStr.get());
     aStream->WriteBoolean(mPolicies[p]->getReportOnlyFlag());
   }
   return NS_OK;
 }