From 5b389aeb027e5ea7885b0298e262bd1a4c37f083 Mon Sep 17 00:00:00 2001 From: Nigel Babu Date: Thu, 19 Nov 2015 14:26:33 +0530 Subject: [PATCH] Backed out changeset 95069f2ce648 (bug 1182546) for Android M(c) bustage ON A CLOSED TREE --- dom/security/nsContentSecurityManager.cpp | 10 +-- netwerk/base/nsILoadInfo.idl | 2 +- parser/htmlparser/nsExpatDriver.cpp | 87 +++++++++++++---------- 3 files changed, 52 insertions(+), 47 deletions(-) diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp index 1792c77e436..9f619bf7b52 100644 --- a/dom/security/nsContentSecurityManager.cpp +++ b/dom/security/nsContentSecurityManager.cpp @@ -217,15 +217,7 @@ DoContentSecurityChecks(nsIURI* aURI, nsILoadInfo* aLoadInfo) break; } - case nsIContentPolicy::TYPE_DTD: { - mimeTypeGuess = EmptyCString(); - requestingContext = aLoadInfo->LoadingNode(); - MOZ_ASSERT(!requestingContext || - requestingContext->NodeType() == nsIDOMNode::DOCUMENT_NODE, - "type_dtd requires requestingContext of type Document"); - break; - } - + case nsIContentPolicy::TYPE_DTD: case nsIContentPolicy::TYPE_FONT: { MOZ_ASSERT(false, "contentPolicyType not supported yet"); break; diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 3ed6ec8ed74..10f1be0463f 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -127,7 +127,7 @@ interface nsILoadInfo : nsISupports const unsigned long SEC_ABOUT_BLANK_INHERITS = (1<<8); /** - * Allow access to chrome: packages that are content accessible. + * Allow chrome: to bypass security checks. */ const unsigned long SEC_ALLOW_CHROME = (1<<9); diff --git a/parser/htmlparser/nsExpatDriver.cpp b/parser/htmlparser/nsExpatDriver.cpp index 4bda076e450..e3d58010268 100644 --- a/parser/htmlparser/nsExpatDriver.cpp +++ b/parser/htmlparser/nsExpatDriver.cpp @@ -14,8 +14,8 @@ #include "nsIURL.h" #include "nsIUnicharInputStream.h" #include "nsISimpleUnicharStreamFactory.h" -#include "nsIProtocolHandler.h" #include "nsNetUtil.h" +#include "nsNullPrincipal.h" #include "prprf.h" #include "prmem.h" #include "nsTextFormatter.h" @@ -28,7 +28,6 @@ #include "nsError.h" #include "nsXPCOMCIDInternal.h" #include "nsUnicharInputStream.h" -#include "nsContentUtils.h" #include "mozilla/Logging.h" @@ -756,59 +755,73 @@ nsExpatDriver::OpenInputStreamFromExternalDTD(const char16_t* aFPIStr, baseURI); NS_ENSURE_SUCCESS(rv, rv); - // make sure the URI is allowed to be loaded in sync - bool isUIResource = false; - rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_IS_UI_RESOURCE, - &isUIResource); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr localURI; - if (!isUIResource) { - // Check to see if we can map the DTD to a known local DTD, or if a DTD - // file of the same name exists in the special DTD directory + // check if it is alright to load this uri + bool isChrome = false; + uri->SchemeIs("chrome", &isChrome); + if (!isChrome) { + // since the url is not a chrome url, check to see if we can map the DTD + // to a known local DTD, or if a DTD file of the same name exists in the + // special DTD directory if (aFPIStr) { // see if the Formal Public Identifier (FPI) maps to a catalog entry mCatalogData = LookupCatalogData(aFPIStr); - GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI)); } + + nsCOMPtr localURI; + GetLocalDTDURI(mCatalogData, uri, getter_AddRefs(localURI)); if (!localURI) { return NS_ERROR_NOT_IMPLEMENTED; } + + localURI.swap(uri); } - nsCOMPtr channel; - if (localURI) { - localURI.swap(uri); - rv = NS_NewChannel(getter_AddRefs(channel), - uri, - nsContentUtils::GetSystemPrincipal(), - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, - nsIContentPolicy::TYPE_DTD); + nsCOMPtr doc; + NS_ASSERTION(mSink == nsCOMPtr(do_QueryInterface(mOriginalSink)), + "In nsExpatDriver::OpenInputStreamFromExternalDTD: " + "mOriginalSink not the same object as mSink?"); + if (mOriginalSink) + doc = do_QueryInterface(mOriginalSink->GetTarget()); + int16_t shouldLoad = nsIContentPolicy::ACCEPT; + rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_DTD, + uri, + (doc ? doc->NodePrincipal() : nullptr), + doc, + EmptyCString(), //mime guess + nullptr, //extra + &shouldLoad); + if (NS_FAILED(rv)) return rv; + if (NS_CP_REJECTED(shouldLoad)) { + // Disallowed by content policy + return NS_ERROR_CONTENT_BLOCKED; } - else { - NS_ASSERTION(mSink == nsCOMPtr(do_QueryInterface(mOriginalSink)), - "In nsExpatDriver::OpenInputStreamFromExternalDTD: " - "mOriginalSink not the same object as mSink?"); - nsCOMPtr doc; - if (mOriginalSink) { - doc = do_QueryInterface(mOriginalSink->GetTarget()); - } - NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE); + + nsAutoCString absURL; + uri->GetSpec(absURL); + + CopyUTF8toUTF16(absURL, aAbsURL); + + nsCOMPtr channel; + if (doc) { rv = NS_NewChannel(getter_AddRefs(channel), uri, doc, - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS | - nsILoadInfo::SEC_ALLOW_CHROME, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_DTD); + } + else { + nsCOMPtr nullPrincipal = nsNullPrincipal::Create(); + NS_ENSURE_TRUE(nullPrincipal, NS_ERROR_FAILURE); + rv = NS_NewChannel(getter_AddRefs(channel), + uri, + nullPrincipal, + nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_DTD); } NS_ENSURE_SUCCESS(rv, rv); - nsAutoCString absURL; - uri->GetSpec(absURL); - CopyUTF8toUTF16(absURL, aAbsURL); - channel->SetContentType(NS_LITERAL_CSTRING("application/xml")); - return channel->Open2(aStream); + return channel->Open(aStream); } static nsresult