Backed out changesets 262df50c7355 and 2dbd41ba7717 (bug 1088617) for crashes.
authorRyan VanderMeulen <ryanvm@gmail.com>
Tue, 28 Oct 2014 12:57:31 -0400
changeset 237027 d94624ae1684444cd777aa7ff9beae75871fe948
parent 237026 e144f2194ed570b8eaa1906e1c8d759e06cb55b4
child 237028 c5f6f799213fa23544051601ed6bbb79affe2fe2
push idunknown
push userunknown
push dateunknown
bugs1088617
milestone36.0a1
backs out262df50c7355bca2e1c60f4c93c5573e204f77c7
2dbd41ba7717f2889f497159bd60189949800a7e
Backed out changesets 262df50c7355 and 2dbd41ba7717 (bug 1088617) for crashes.
caps/nsIScriptSecurityManager.idl
caps/nsPrincipal.cpp
caps/nsScriptSecurityManager.cpp
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -14,17 +14,17 @@ interface nsILoadContext;
 
 %{ C++
 #include "jspubtd.h"
 %}
 
 [ptr] native JSContextPtr(JSContext);
 [ptr] native JSObjectPtr(JSObject);
 
-[scriptable, uuid(f649959d-dae3-4027-83fd-5b7f8c8a8815)]
+[scriptable, uuid(3b021962-975e-43b5-8a93-9fc2d20346e9)]
 interface nsIScriptSecurityManager : nsISupports
 {
     /**
      * For each of these hooks returning NS_OK means 'let the action continue'.
      * Returning an error code means 'veto the action'. XPConnect will return
      * false to the js engine if the action is vetoed. The implementor of this
      * interface is responsible for setting a JS exception into the JSContext
      * if that is appropriate.
@@ -174,16 +174,23 @@ interface nsIScriptSecurityManager : nsI
     /**
      * Legacy name for getNoAppCodebasePrincipal.
      *
      * @deprecated use getNoAppCodebasePrincipal instead.
      */
     [deprecated] nsIPrincipal getCodebasePrincipal(in nsIURI uri);
 
     /**
+     * Returns OK if aJSContext and target have the same "origin"
+     * (scheme, host, and port).
+     */
+    [noscript] void checkSameOrigin(in JSContextPtr aJSContext,
+                                    in nsIURI aTargetURI);
+
+    /**
      * Returns OK if aSourceURI and target have the same "origin"
      * (scheme, host, and port).
      * ReportError flag suppresses error reports for functions that
      * don't need reporting.
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
                             in boolean reportError);
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -341,28 +341,16 @@ nsPrincipal::CheckMayLoad(nsIURI* aURI, 
    if (aAllowIfInheritsPrincipal) {
     // If the caller specified to allow loads of URIs that inherit
     // our principal, allow the load if this URI inherits its principal
     if (nsPrincipal::IsPrincipalInherited(aURI)) {
       return NS_OK;
     }
   }
 
-  // See if aURI is something like a Blob URI that is actually associated with
-  // a principal.
-  nsCOMPtr<nsIURIWithPrincipal> uriWithPrin = do_QueryInterface(aURI);
-  if (uriWithPrin) {
-    nsCOMPtr<nsIPrincipal> uriPrin;
-    uriWithPrin->GetPrincipal(getter_AddRefs(uriPrin));
-    MOZ_ASSERT(uriPrin);
-    if (nsIPrincipal::Subsumes(uriPrin)) {
-        return NS_OK;
-    }
-  }
-
   if (nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) {
     return NS_OK;
   }
 
   // If strict file origin policy is in effect, local files will always fail
   // SecurityCompareURIs unless they are identical. Explicitly check file origin
   // policy, in that case.
   if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -437,16 +437,49 @@ nsScriptSecurityManager::ContentSecurity
 bool
 nsScriptSecurityManager::JSPrincipalsSubsume(JSPrincipals *first,
                                              JSPrincipals *second)
 {
     return nsJSPrincipals::get(first)->Subsumes(nsJSPrincipals::get(second));
 }
 
 NS_IMETHODIMP
+nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
+                                         nsIURI* aTargetURI)
+{
+    MOZ_ASSERT_IF(cx, cx == nsContentUtils::GetCurrentJSContext());
+
+    // Get a principal from the context
+    nsIPrincipal* sourcePrincipal = nsContentUtils::SubjectPrincipal();
+    if (sourcePrincipal == mSystemPrincipal)
+    {
+        // This is a system (chrome) script, so allow access
+        return NS_OK;
+    }
+
+    // Get the original URI from the source principal.
+    // This has the effect of ignoring any change to document.domain
+    // which must be done to avoid DNS spoofing (bug 154930)
+    nsCOMPtr<nsIURI> sourceURI;
+    sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
+    if (!sourceURI) {
+      sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
+      NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
+    }
+
+    // Compare origins
+    if (!SecurityCompareURIs(sourceURI, aTargetURI))
+    {
+         ReportError(cx, NS_LITERAL_STRING("CheckSameOriginError"), sourceURI, aTargetURI);
+         return NS_ERROR_DOM_BAD_URI;
+    }
+    return NS_OK;
+}
+
+NS_IMETHODIMP
 nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
                                             nsIURI* aTargetURI,
                                             bool reportError)
 {
     if (!SecurityCompareURIs(aSourceURI, aTargetURI))
     {
          if (reportError) {
             ReportError(nullptr, NS_LITERAL_STRING("CheckSameOriginError"),