Bug 1424505 - Block osk.exe from UIA instantiation. r=Jamie, a=RyanVM DEVEDITION_59_0b12_BUILD1 DEVEDITION_59_0b12_RELEASE FIREFOX_59_0b12_BUILD1 FIREFOX_59_0b12_RELEASE
authorAaron Klotz <aklotz@mozilla.com>
Tue, 20 Feb 2018 12:24:47 -0700
changeset 454996 abc5f0d35082241616975246fd770c77359a0d5e
parent 454995 28b5b075c5e6dc6284113646b22a523f5abb02c3
child 454997 3df63b8f9bfaeedc47c149528584346910e47e91
push id1648
push usermtabara@mozilla.com
push dateThu, 01 Mar 2018 12:45:47 +0000
treeherdermozilla-release@cbb9688c2eeb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersJamie, RyanVM
bugs1424505
milestone59.0
Bug 1424505 - Block osk.exe from UIA instantiation. r=Jamie, a=RyanVM
accessible/windows/msaa/CompatibilityUIA.cpp
accessible/windows/msaa/LazyInstantiator.cpp
widget/windows/nsAppShell.cpp
--- a/accessible/windows/msaa/CompatibilityUIA.cpp
+++ b/accessible/windows/msaa/CompatibilityUIA.cpp
@@ -128,16 +128,43 @@ FindNamedObject(const ComparatorFnT& aCo
     }
 
     firstCall = FALSE;
   } while (ntStatus == STATUS_MORE_ENTRIES);
 
   return false;
 }
 
+static const char* gBlockedUiaClients[] = {
+  "osk.exe"
+};
+
+static bool
+ShouldBlockUIAClient(nsIFile* aClientExe)
+{
+  if (PR_GetEnv("MOZ_DISABLE_ACCESSIBLE_BLOCKLIST")) {
+    return false;
+  }
+
+  nsAutoString leafName;
+  nsresult rv = aClientExe->GetLeafName(leafName);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+
+  for (size_t index = 0, len = ArrayLength(gBlockedUiaClients); index < len;
+       ++index) {
+    if (leafName.EqualsIgnoreCase(gBlockedUiaClients[index])) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 namespace mozilla {
 namespace a11y {
 
 Maybe<DWORD> Compatibility::sUiaRemotePid;
 
 Maybe<bool>
 Compatibility::OnUIAMessage(WPARAM aWParam, LPARAM aLParam)
 {
@@ -302,21 +329,20 @@ Compatibility::OnUIAMessage(WPARAM aWPar
   }
 
   if (!remotePid) {
     return Nothing();
   }
 
   a11y::SetInstantiator(remotePid.value());
 
-  /* This is where we could block UIA stuff
+  // Block if necessary
   nsCOMPtr<nsIFile> instantiator;
   if (a11y::GetInstantiator(getter_AddRefs(instantiator)) &&
       ShouldBlockUIAClient(instantiator)) {
     return Some(false);
   }
-  */
 
   return Some(true);
 }
 
 } // namespace a11y
 } // namespace mozilla
--- a/accessible/windows/msaa/LazyInstantiator.cpp
+++ b/accessible/windows/msaa/LazyInstantiator.cpp
@@ -228,17 +228,17 @@ LazyInstantiator::ShouldInstantiate(cons
   }
 
   a11y::SetInstantiator(GetClientPid(aClientTid));
 
   nsCOMPtr<nsIFile> clientExe;
   if (!a11y::GetInstantiator(getter_AddRefs(clientExe))) {
     return true;
   }
-  
+
   nsresult rv;
   if (!PR_GetEnv("MOZ_DISABLE_ACCESSIBLE_BLOCKLIST")) {
     // Debugging option is not present, so check blocklist.
     nsAutoString leafName;
     rv = clientExe->GetLeafName(leafName);
     if (NS_SUCCEEDED(rv)) {
       for (size_t i = 0, len = ArrayLength(gBlockedRemoteClients); i < len; ++i) {
         if (leafName.EqualsIgnoreCase(gBlockedRemoteClients[i])) {
--- a/widget/windows/nsAppShell.cpp
+++ b/widget/windows/nsAppShell.cpp
@@ -185,24 +185,28 @@ UiaHookProc(int aCode, WPARAM aWParam, L
   auto cwp = reinterpret_cast<CWPSTRUCT*>(aLParam);
   if (gUiaMsg && cwp->message == gUiaMsg) {
     if (gUiaAttempts < kMaxUiaAttempts) {
       ++gUiaAttempts;
 
       Maybe<bool> shouldCallNextHook =
         a11y::Compatibility::OnUIAMessage(cwp->wParam, cwp->lParam);
       if (shouldCallNextHook.isSome()) {
-        // We've got an instantiator, disconnect this hook.
+        // We've got an instantiator.
+        if (!shouldCallNextHook.value()) {
+          // We're blocking this instantiation. We need to keep this hook set
+          // so that we can catch any future instantiation attempts.
+          return 0;
+        }
+
+        // We're allowing the instantiator to proceed, so this hook is no longer
+        // needed.
         if (::UnhookWindowsHookEx(gUiaHook)) {
           gUiaHook = nullptr;
         }
-
-        if (!shouldCallNextHook.value()) {
-          return 0;
-        }
       } else {
         // Our hook might be firing after UIA; let's try reinstalling ourselves.
         InitUIADetection();
       }
     } else {
       // We've maxed out our attempts. Let's unhook.
       if (::UnhookWindowsHookEx(gUiaHook)) {
         gUiaHook = nullptr;