wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 777705 - Default policy for expanded principals. r=mrbkap

Browse Source
This commit is contained in:
Gabor Krizsanits 2012-08-20 11:22:34 -07:00
parent b881c5e5b0
commit 2c957b446e
2 changed files with 62 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
caps/src/nsScriptSecurityManager.cpp
View File

@ -846,10 +846,9 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin) {
nsCOMPtr<nsIURI> uri, domain;
subjectPrincipal->GetURI(getter_AddRefs(uri));
// Subject can't be system if we failed the security
// check, so |uri| is non-null.
NS_ASSERTION(uri, "How did that happen?");
GetOriginFromURI(uri, subjectOrigin);
if (uri) { // Object principal might be expanded
GetOriginFromURI(uri, subjectOrigin);
}
subjectPrincipal->GetDomain(getter_AddRefs(domain));
if (domain) {
GetOriginFromURI(domain, subjectDomain);
@ -1069,55 +1068,63 @@ nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
#ifdef DEBUG_CAPS_LookupPolicy
printf("DomainLookup ");
#endif
nsCAutoString origin;
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
NS_ENSURE_SUCCESS(rv, rv);
char *start = origin.BeginWriting();
const char *nextToLastDot = nullptr;
const char *lastDot = nullptr;
const char *colon = nullptr;
char *p = start;
//-- search domain (stop at the end of the string or at the 3rd slash)
for (PRUint32 slashes=0; *p; p++)
if (nsCOMPtr<nsIExpandedPrincipal> exp = do_QueryInterface(aPrincipal))
{
if (*p == '/' && ++slashes == 3)
{
*p = '\0'; // truncate at 3rd slash
break;
}
if (*p == '.')
{
nextToLastDot = lastDot;
lastDot = p;
}
else if (!colon && *p == ':')
colon = p;
}
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : start);
DomainEntry *de = (DomainEntry*) mOriginToPolicyMap->Get(&key);
if (!de)
{
nsCAutoString scheme(start, colon-start+1);
nsCStringKey schemeKey(scheme);
de = (DomainEntry*) mOriginToPolicyMap->Get(&schemeKey);
}
while (de)
{
if (de->Matches(start))
{
dpolicy = de->mDomainPolicy;
break;
}
de = de->mNext;
}
if (!dpolicy)
// For expanded principals domain origin is not defined so let's just
// use the default policy
dpolicy = mDefaultPolicy;
}
else
{
nsCAutoString origin;
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
NS_ENSURE_SUCCESS(rv, rv);
char *start = origin.BeginWriting();
const char *nextToLastDot = nullptr;
const char *lastDot = nullptr;
const char *colon = nullptr;
char *p = start;
//-- search domain (stop at the end of the string or at the 3rd slash)
for (PRUint32 slashes=0; *p; p++)
{
if (*p == '/' && ++slashes == 3)
{
*p = '\0'; // truncate at 3rd slash
break;
}
if (*p == '.')
{
nextToLastDot = lastDot;
lastDot = p;
}
else if (!colon && *p == ':')
colon = p;
}
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : start);
DomainEntry *de = (DomainEntry*) mOriginToPolicyMap->Get(&key);
if (!de)
{
nsCAutoString scheme(start, colon-start+1);
nsCStringKey schemeKey(scheme);
de = (DomainEntry*) mOriginToPolicyMap->Get(&schemeKey);
}
while (de)
{
if (de->Matches(start))
{
dpolicy = de->mDomainPolicy;
break;
}
de = de->mNext;
}
if (!dpolicy)
dpolicy = mDefaultPolicy;
}
aPrincipal->SetSecurityPolicy((void*)dpolicy);
}

4
js/xpconnect/tests/unit/test_allowedDomains.js
View File

@ -39,4 +39,8 @@ function run_test() {
evalAndCatch("objC.prop1", sbMaster);
evalAndCatch("objMaster.prop1", sbA);
evalAndCatch("objMaster.prop1", sbSubset);
// Bug 777705:
Components.utils.evalInSandbox("Components.interfaces", sbMaster);
do_check_true(true);
}