Bug 821671 - Check alarm API parameters in the parent (part 3, Alarm API). r=sicking
authorGene Lian <clian@mozilla.com>
Sat, 22 Dec 2012 19:47:23 +0800
changeset 127825 ac4b105b91373fb25993760a3782d4517531c97d
parent 127824 eb675de841e9642a09b970624f0908e49c6ea853
child 127826 d2c5708db6efde4c8113b6ccf56ee6694ad31f61
push id2323
push userbbajaj@mozilla.com
push dateMon, 01 Apr 2013 19:47:02 +0000
treeherdermozilla-beta@7712be144d91 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs821671
milestone20.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 821671 - Check alarm API parameters in the parent (part 3, Alarm API). r=sicking
dom/alarm/AlarmService.jsm
--- a/dom/alarm/AlarmService.jsm
+++ b/dom/alarm/AlarmService.jsm
@@ -78,29 +78,33 @@ this.AlarmService = {
       return;
 
     if (!this._alarmHalService.setAlarm(this._getAlarmTime(aAlarm) / 1000, 0))
       throw Components.results.NS_ERROR_FAILURE;
   },
 
   receiveMessage: function receiveMessage(aMessage) {
     debug("receiveMessage(): " + aMessage.name);
+    let json = aMessage.json;
 
-    // To prevent hacked child processes from sending commands to parent
-    // to schedule alarms, we need to check their installed permissions.
+    // To prevent the hacked child process from sending commands to parent
+    // to schedule alarms, we need to check its permission and manifest URL.
     if (["AlarmsManager:GetAll", "AlarmsManager:Add", "AlarmsManager:Remove"]
           .indexOf(aMessage.name) != -1) {
       if (!aMessage.target.assertPermission("alarms")) {
         debug("Got message from a child process with no 'alarms' permission.");
         return null;
       }
+      if (!aMessage.target.assertContainApp(json.manifestURL)) {
+        debug("Got message from a child process containing illegal manifest URL.");
+        return null;
+      }
     }
 
     let mm = aMessage.target.QueryInterface(Ci.nsIMessageSender);
-    let json = aMessage.json;
     switch (aMessage.name) {
       case "AlarmsManager:GetAll":
         this._db.getAll(
           json.manifestURL,
           function getAllSuccessCb(aAlarms) {
             debug("Callback after getting alarms from database: " + JSON.stringify(aAlarms));
             this._sendAsyncMessage(mm, "GetAll", true, json.requestId, aAlarms);
           }.bind(this),