Merge from mozilla-central

2024-09-13 09:24:08 -07:00 · 2012-05-03 17:33:52 -04:00 · 2012-05-03 17:33:52 -04:00 · ad0e54ab78
commit ad0e54ab78
parent 7907bf7faa 1010d4717a
10 changed files with 152 additions and 19 deletions
--- a/build/win32/mozconfig.vs2010-win64
+++ b/build/win32/mozconfig.vs2010-win64
@ -0,0 +1,12 @@
+export INCLUDE=/c/tools/msvs10/vc/include:/c/tools/msvs10/vc/atlmfc/include:/c/tools/sdks/v7.0/include:/c/tools/sdks/v7.0/include/atl:/c/tools/sdks/dx10/include
+export LIBPATH=/c/tools/msvs10/vc/lib:/c/tools/msvs10/vc/atlmfc/lib
+export LIB=/c/tools/msvs10/vc/lib:/c/tools/msvs10/vc/atlmfc/lib:/c/tools/sdks/v7.0/lib:/c/tools/sdks/dx10/lib
+export PATH="/c/tools/msvs10/Common7/IDE:/c/tools/msvs10/VC/BIN:/c/tools/msvs10/Common7/Tools:/c/tools/msvs10/VC/VCPackages:${PATH}"
+export WIN32_REDIST_DIR=/c/tools/msvs10/VC/redist/x86/Microsoft.VC100.CRT
+
+
+mk_add_options "export LIB=$LIB"
+mk_add_options "export LIBPATH=$LIBPATH"
+mk_add_options "export PATH=$PATH"
+mk_add_options "export INCLUDE=$INCLUDE"
+mk_add_options "export WIN32_REDIST_DIR=$WIN32_REDIST_DIR"
--- a/netwerk/base/public/nsNetUtil.h
+++ b/netwerk/base/public/nsNetUtil.h
@ -229,8 +229,14 @@ NS_NewChannel(nsIChannel           **result,
                rv |= chan->SetLoadGroup(loadGroup);
            if (callbacks)
                rv |= chan->SetNotificationCallbacks(callbacks);
-            if (loadFlags != nsIRequest::LOAD_NORMAL)
-                rv |= chan->SetLoadFlags(loadFlags);
+            if (loadFlags != nsIRequest::LOAD_NORMAL) {
+                // Retain the LOAD_REPLACE load flag if set.
+                nsLoadFlags normalLoadFlags = 0;
+                chan->GetLoadFlags(&normalLoadFlags);
+                rv |= chan->SetLoadFlags(loadFlags | 
+                                         (normalLoadFlags & 
+                                          nsIChannel::LOAD_REPLACE));
+            }
            if (channelPolicy) {
                nsCOMPtr<nsIWritablePropertyBag2> props = do_QueryInterface(chan);
                if (props) {
--- a/netwerk/protocol/file/nsFileChannel.cpp
+++ b/netwerk/protocol/file/nsFileChannel.cpp
@ -273,6 +273,36 @@ nsFileUploadContentStream::OnCopyComplete()

 //-----------------------------------------------------------------------------

+nsFileChannel::nsFileChannel(nsIURI *uri) 
+{
+  // If we have a link file, we should resolve its target right away.
+  // This is to protect against a same origin attack where the same link file
+  // can point to different resources right after the first resource is loaded.
+  nsCOMPtr<nsIFile> file;
+  nsCOMPtr <nsIURI> targetURI;
+  nsCAutoString fileTarget;
+  nsCOMPtr<nsILocalFile> resolvedFile;
+  bool symLink;
+  nsCOMPtr<nsIFileURL> fileURL = do_QueryInterface(uri);
+  if (fileURL && 
+      NS_SUCCEEDED(fileURL->GetFile(getter_AddRefs(file))) &&
+      NS_SUCCEEDED(file->IsSymlink(&symLink)) && 
+      symLink &&
+      NS_SUCCEEDED(file->GetNativeTarget(fileTarget)) &&
+      NS_SUCCEEDED(NS_NewNativeLocalFile(fileTarget, PR_TRUE, 
+                                         getter_AddRefs(resolvedFile))) &&
+      NS_SUCCEEDED(NS_NewFileURI(getter_AddRefs(targetURI), 
+                   resolvedFile, nsnull))) {
+    SetURI(targetURI);
+    SetOriginalURI(uri);
+    nsLoadFlags loadFlags = 0;
+    GetLoadFlags(&loadFlags);
+    SetLoadFlags(loadFlags | nsIChannel::LOAD_REPLACE);
+  } else {
+    SetURI(uri);
+  }
+}
+
 nsresult
 nsFileChannel::MakeFileInputStream(nsIFile *file,
                                   nsCOMPtr<nsIInputStream> &stream,
--- a/netwerk/protocol/file/nsFileChannel.h
+++ b/netwerk/protocol/file/nsFileChannel.h
@ -53,9 +53,7 @@ public:
  NS_DECL_NSIFILECHANNEL
  NS_DECL_NSIUPLOADCHANNEL

-  nsFileChannel(nsIURI *uri) {
-    SetURI(uri);
-  }
+  nsFileChannel(nsIURI *uri);

 protected:
  // Called to construct a blocking file input stream for the given file.  This
--- a/netwerk/test/unit/data/system_root.lnk
+++ b/netwerk/test/unit/data/system_root.lnk
--- a/netwerk/test/unit/test_file_protocol.js
+++ b/netwerk/test/unit/test_file_protocol.js
@ -12,6 +12,7 @@ const special_type = "application/x-our-special-type";
  test_read_dir_1,
  test_read_dir_2,
  test_upload_file,
+  test_load_replace,
  do_test_finished
 ].forEach(add_test);

@ -222,6 +223,28 @@ function test_upload_file() {
  chan.asyncOpen(new FileStreamListener(on_upload_complete), null);
 }

+function test_load_replace() {
+  // lnk files should resolve to their targets
+  const isWindows = ("@mozilla.org/windows-registry-key;1" in Cc);
+  if (isWindows) {
+    dump("*** test_load_replace\n");
+    file = do_get_file("data/system_root.lnk", false);
+    var chan = new_file_channel(file);
+
+    // The LOAD_REPLACE flag should be set
+    do_check_eq(chan.loadFlags & chan.LOAD_REPLACE, chan.LOAD_REPLACE);
+
+    // The original URI path should differ from the URI path
+    do_check_neq(chan.URI.path, chan.originalURI.path);
+
+    // The original URI path should be the same as the lnk file path
+    var ios = Cc["@mozilla.org/network/io-service;1"].
+              getService(Ci.nsIIOService);
+    do_check_eq(chan.originalURI.path, ios.newFileURI(file).path);
+  }
+  run_next_test();
+}
+
 function run_test() {
  run_next_test();
 }
--- a/services/sync/modules/identity.js
+++ b/services/sync/modules/identity.js
@ -251,8 +251,8 @@ IdentityManager.prototype = {
    this._log.info("Sync Key being updated.");
    this._syncKey = value;

-    // Calling the getter has the side-effect of populating the object, which
-    // we desire.
+    // Clear any cached Sync Key Bundle and regenerate it.
+    this._syncKeyBundle = null;
    let bundle = this.syncKeyBundle;

    this._syncKeyUpdated = true;
@ -315,6 +315,12 @@ IdentityManager.prototype = {
      return LOGIN_FAILED_NO_PASSPHRASE;
    }

+    // If we have a Sync Key but no bundle, bundle creation failed, which
+    // implies a bad Sync Key.
+    if (!this._syncKeyBundle) {
+      return LOGIN_FAILED_INVALID_PASSPHRASE;
+    }
+
    return STATUS_OK;
  },

--- a/services/sync/modules/service.js
+++ b/services/sync/modules/service.js
@ -554,17 +554,16 @@ WeaveSvc.prototype = {
    // Furthermore, we assume that our sync key is already upgraded,
    // and fail if that assumption is invalidated.

-    let syncKeyBundle = this._identity.syncKeyBundle;
-    if (!syncKeyBundle) {
-      this._log.error("No sync key: cannot fetch symmetric keys.");
+    if (!this._identity.syncKey) {
      Status.login = LOGIN_FAILED_NO_PASSPHRASE;
-      Status.sync = CREDENTIALS_CHANGED;             // For want of a better option.
+      Status.sync = CREDENTIALS_CHANGED;
      return false;
    }

-    // Not sure this validation is necessary now.
-    if (!Utils.isPassphrase(this._identity.syncKey)) {
-      this._log.warn("Sync key input is invalid: cannot fetch symmetric keys.");
+    let syncKeyBundle = this._identity.syncKeyBundle;
+    if (!syncKeyBundle) {
+      this._log.error("Sync Key Bundle not set. Invalid Sync Key?");
+
      Status.login = LOGIN_FAILED_INVALID_PASSPHRASE;
      Status.sync = CREDENTIALS_CHANGED;
      return false;
--- a/services/sync/tests/unit/test_identity_manager.js
+++ b/services/sync/tests/unit/test_identity_manager.js
@ -180,6 +180,62 @@ add_test(function test_sync_key() {
  run_next_test();
 });

+add_test(function test_sync_key_changes() {
+  _("Ensure changes to Sync Key have appropriate side-effects.");
+
+  let im = new IdentityManager();
+  let sk1 = Utils.generatePassphrase();
+  let sk2 = Utils.generatePassphrase();
+
+  im.account = "johndoe";
+  do_check_eq(im.syncKey, null);
+  do_check_eq(im.syncKeyBundle, null);
+
+  im.syncKey = sk1;
+  do_check_neq(im.syncKeyBundle, null);
+
+  let ek1 = im.syncKeyBundle.encryptionKeyB64;
+  let hk1 = im.syncKeyBundle.hmacKeyB64;
+
+  // Change the Sync Key and ensure the Sync Key Bundle is updated.
+  im.syncKey = sk2;
+  let ek2 = im.syncKeyBundle.encryptionKeyB64;
+  let hk2 = im.syncKeyBundle.hmacKeyB64;
+
+  do_check_neq(ek1, ek2);
+  do_check_neq(hk1, hk2);
+
+  im.account = null;
+
+  run_next_test();
+});
+
+add_test(function test_current_auth_state() {
+  _("Ensure current auth state is reported properly.");
+
+  let im = new IdentityManager();
+  do_check_eq(im.currentAuthState, LOGIN_FAILED_NO_USERNAME);
+
+  im.account = "johndoe";
+  do_check_eq(im.currentAuthState, LOGIN_FAILED_NO_PASSWORD);
+
+  im.basicPassword = "ilovejane";
+  do_check_eq(im.currentAuthState, LOGIN_FAILED_NO_PASSPHRASE);
+
+  im.syncKey = "foobar";
+  do_check_eq(im.currentAuthState, LOGIN_FAILED_INVALID_PASSPHRASE);
+
+  im.syncKey = null;
+  do_check_eq(im.currentAuthState, LOGIN_FAILED_NO_PASSPHRASE);
+
+  im.syncKey = Utils.generatePassphrase();
+  do_check_eq(im.currentAuthState, STATUS_OK);
+
+  im.account = null;
+
+  run_next_test();
+});
+
 add_test(function test_sync_key_persistence() {
  _("Ensure Sync Key persistence works as expected.");

--- a/xpcom/io/nsLocalFileWin.cpp
+++ b/xpcom/io/nsLocalFileWin.cpp
@ -2925,19 +2925,22 @@ nsLocalFile::IsSymlink(bool *_retval)
    NS_ENSURE_ARG(_retval);

    // unless it is a valid shortcut path it's not a symlink
-    if (!IsShortcutPath(mWorkingPath))
-    {
+    if (!IsShortcutPath(mWorkingPath)) {
        *_retval = false;
        return NS_OK;
    }

    // we need to know if this is a file or directory
    nsresult rv = ResolveAndStat();
-    if (NS_FAILED(rv))
+    if (NS_FAILED(rv)) {
        return rv;
+    }

-    // it's only a shortcut if it is a file
-    *_retval = (mFileInfo64.type == PR_FILE_FILE);
+    // We should not check mFileInfo64.type here for PR_FILE_FILE because lnk
+    // files can point to directories or files.  Important security checks
+    // depend on correctly identifying lnk files.  mFileInfo64 now holds info
+    // about the target of the lnk file, not the actual lnk file!
+    *_retval = true;
    return NS_OK;
 }