Client code - Bug 1348645 - check that the app update callback path is valid. r=mhowell, a=rkothari
authorRobert Strong <robert.bugzilla@gmail.com>
Wed, 03 May 2017 16:32:13 -0700
changeset 396136 bbc43c6d7d15ba3d609c461b10d879e854d846b0
parent 396135 bbcddab3288afe64402e5093cf7786fe152bb4e7
child 396137 e9cf46a8fe6f791e3a3c35a6665fceb3378ad4f5
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmhowell, rkothari
bugs1348645
milestone54.0
Client code - Bug 1348645 - check that the app update callback path is valid. r=mhowell, a=rkothari
toolkit/mozapps/update/common/errors.h
toolkit/mozapps/update/updater/updater.cpp
--- a/toolkit/mozapps/update/common/errors.h
+++ b/toolkit/mozapps/update/common/errors.h
@@ -88,16 +88,18 @@
 #define WRITE_ERROR_DELETE_BACKUP 69
 #define WRITE_ERROR_EXTRACT 70
 #define REMOVE_FILE_SPEC_ERROR 71
 #define INVALID_APPLYTO_DIR_STAGED_ERROR 72
 #define LOCK_ERROR_PATCH_FILE 73
 #define INVALID_APPLYTO_DIR_ERROR 74
 #define INVALID_INSTALL_DIR_PATH_ERROR 75
 #define INVALID_WORKING_DIR_PATH_ERROR 76
+#define INVALID_CALLBACK_PATH_ERROR 77
+#define INVALID_CALLBACK_DIR_ERROR 78
 
 // Error codes 80 through 99 are reserved for nsUpdateService.js
 
 // The following error codes are only used by updater.exe
 // when a fallback key exists for tests.
 #define FALLBACKKEY_UNKNOWN_ERROR 100
 #define FALLBACKKEY_REGPATH_ERROR 101
 #define FALLBACKKEY_NOKEY_ERROR 102
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -2964,16 +2964,49 @@ int NS_main(int argc, NS_tchar **argv)
   // elements, but I don't necessarily believe it.
   NS_tstrncpy(gWorkingDirPath, argv[3], MAXPATHLEN);
   gWorkingDirPath[MAXPATHLEN - 1] = NS_T('\0');
   slash = NS_tstrrchr(gWorkingDirPath, NS_SLASH);
   if (slash && !slash[1]) {
     *slash = NS_T('\0');
   }
 
+  // These checks are also performed in workmonitor.cpp since the maintenance
+  // service can be called directly.
+  if (argc > callbackIndex) {
+    if (!IsValidFullPath(argv[callbackIndex])) {
+      WriteStatusFile(INVALID_CALLBACK_PATH_ERROR);
+      fprintf(stderr, "The callback file path is not valid for this "  \
+              "application (" LOG_S ")\n", argv[callbackIndex]);
+#ifdef XP_MACOSX
+      if (isElevated) {
+        freeArguments(argc, argv);
+        CleanupElevatedMacUpdate(true);
+      }
+#endif
+      return 1;
+    }
+
+    size_t len = NS_tstrlen(gInstallDirPath);
+    NS_tchar callbackInstallDir[MAXPATHLEN] = { NS_T('\0') };
+    NS_tstrncpy(callbackInstallDir, argv[callbackIndex], len);
+    if (NS_tstrcmp(gInstallDirPath, callbackInstallDir) != 0) {
+      WriteStatusFile(INVALID_CALLBACK_DIR_ERROR);
+      fprintf(stderr, "The callback file must be located in the "  \
+              "installation directory (" LOG_S ")\n", argv[callbackIndex]);
+#ifdef XP_MACOSX
+      if (isElevated) {
+        freeArguments(argc, argv);
+        CleanupElevatedMacUpdate(true);
+      }
+#endif
+      return 1;
+    }
+  }
+
 #ifdef XP_MACOSX
   if (!isElevated && !IsRecursivelyWritable(argv[2])) {
     // If the app directory isn't recursively writeable, an elevated update is
     // required.
     UpdateServerThreadArgs threadArgs;
     threadArgs.argc = argc;
     threadArgs.argv = const_cast<const NS_tchar**>(argv);