Bug 1289001 - Security check in NeckoParent::GetValidatedAppInfo must pass if the serialized LoadContext is null. r=valentin, a=gchang
authorAndrea Marchesini <amarchesini@mozilla.com>
Sat, 29 Oct 2016 22:04:38 +0200
changeset 356689 4f76c3bce70fee115b8a2bc5cc4e7357ae003b6b
parent 356688 1fb19c64c1cc26cafa1814d13e143217cb27f404
child 356690 46b359a3770a7c5b51e81584ec37c3a6beeeb349
push id6597
push userryanvm@gmail.com
push dateMon, 21 Nov 2016 16:17:59 +0000
treeherdermozilla-beta@e0bec38b612a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin, gchang
bugs1289001
milestone51.0
Bug 1289001 - Security check in NeckoParent::GetValidatedAppInfo must pass if the serialized LoadContext is null. r=valentin, a=gchang
netwerk/ipc/NeckoParent.cpp
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -118,26 +118,42 @@ void CrashWithReason(const char * reason
 #endif
 }
 
 const char*
 NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                                  PContentParent* aContent,
                                  DocShellOriginAttributes& aAttrs)
 {
-  if (UsingNeckoIPCSecurity()) {
-    if (!aSerialized.IsNotNull()) {
+  if (!aSerialized.IsNotNull()) {
+    if (UsingNeckoIPCSecurity()) {
       CrashWithReason("GetValidatedAppInfo | SerializedLoadContext from child is null");
       return "SerializedLoadContext from child is null";
     }
+
+    // If serialized is null, we cannot validate anything. We have to assume
+    // that this requests comes from a SystemPrincipal.
+    aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
+    return nullptr;
+  }
+
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aContent)->GetManagedTabContext();
+  if (contextArray.IsEmpty()) {
+    if (UsingNeckoIPCSecurity()) {
+      CrashWithReason("GetValidatedAppInfo | ContentParent does not have any PBrowsers");
+      return "ContentParent does not have any PBrowsers";
+    }
+
+    // We are running xpcshell tests
+    aAttrs = aSerialized.mOriginAttributes;
+    return nullptr;
   }
 
   nsAutoCString debugString;
-  nsTArray<TabContext> contextArray =
-    static_cast<ContentParent*>(aContent)->GetManagedTabContext();
   for (uint32_t i = 0; i < contextArray.Length(); i++) {
     TabContext tabContext = contextArray[i];
     uint32_t appId = tabContext.OwnOrContainingAppId();
     bool inBrowserElement = aSerialized.IsNotNull() ?
                               aSerialized.mOriginAttributes.mInIsolatedMozBrowser :
                               tabContext.IsIsolatedMozBrowserElement();
 
     if (appId == NECKO_UNKNOWN_APP_ID) {
@@ -170,41 +186,26 @@ NeckoParent::GetValidatedAppInfo(const S
     aAttrs.mSignedPkg = aSerialized.mOriginAttributes.mSignedPkg;
     aAttrs.mUserContextId = aSerialized.mOriginAttributes.mUserContextId;
     aAttrs.mPrivateBrowsingId = aSerialized.mOriginAttributes.mPrivateBrowsingId;
     aAttrs.mFirstPartyDomain = aSerialized.mOriginAttributes.mFirstPartyDomain;
 
     return nullptr;
   }
 
-  if (contextArray.Length() != 0) {
-    nsAutoCString errorString;
-    errorString.Append("GetValidatedAppInfo | App does not have permission -");
-    errorString.Append(debugString);
-
-    // Leak the buffer on the heap to make sure that it lives long enough, as
-    // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
-    // the program.
-    char * error = strdup(errorString.BeginReading());
-    CrashWithReason(error);
-    return "App does not have permission";
-  }
+  nsAutoCString errorString;
+  errorString.Append("GetValidatedAppInfo | App does not have permission -");
+  errorString.Append(debugString);
 
-  if (!UsingNeckoIPCSecurity()) {
-    // We are running xpcshell tests
-    if (aSerialized.IsNotNull()) {
-      aAttrs = aSerialized.mOriginAttributes;
-    } else {
-      aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
-    }
-    return nullptr;
-  }
-
-  CrashWithReason("GetValidatedAppInfo | ContentParent does not have any PBrowsers");
-  return "ContentParent does not have any PBrowsers";
+  // Leak the buffer on the heap to make sure that it lives long enough, as
+  // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
+  // the program.
+  char * error = strdup(errorString.BeginReading());
+  CrashWithReason(error);
+  return "App does not have permission";
 }
 
 const char *
 NeckoParent::CreateChannelLoadContext(const PBrowserOrId& aBrowser,
                                       PContentParent* aContent,
                                       const SerializedLoadContext& aSerialized,
                                       nsCOMPtr<nsILoadContext> &aResult)
 {