Be more careful about what filename we propagate to compiled setTimeout functions. bug 411092, r+sr=jst

2024-09-13 09:24:08 -07:00 · 2008-01-29 18:11:48 -08:00 · 2008-01-29 18:11:48 -08:00 · e767cbcebc
commit e767cbcebc
parent 52337e9048
5 changed files with 34 additions and 12 deletions
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -7355,7 +7355,7 @@ nsGlobalWindow::SetTimeoutOrInterval(PRBool aIsInterval, PRInt32 *aReturn)
  PRInt32 interval = 0;
  PRBool isInterval = aIsInterval;
  nsCOMPtr<nsIScriptTimeoutHandler> handler;
-  nsresult rv = NS_CreateJSTimeoutHandler(GetContextInternal(),
+  nsresult rv = NS_CreateJSTimeoutHandler(this,
                                          &isInterval,
                                          &interval,
                                          getter_AddRefs(handler));
--- a/dom/src/base/nsGlobalWindow.h
+++ b/dom/src/base/nsGlobalWindow.h
@ -138,7 +138,7 @@ enum OpenAllowValue {
 };

 extern nsresult
-NS_CreateJSTimeoutHandler(nsIScriptContext *aContext,
+NS_CreateJSTimeoutHandler(nsGlobalWindow *aWindow,
                          PRBool *aIsInterval,
                          PRInt32 *aInterval,
                          nsIScriptTimeoutHandler **aRet);
--- a/dom/src/base/nsJSTimeoutHandler.cpp
+++ b/dom/src/base/nsJSTimeoutHandler.cpp
@ -49,6 +49,7 @@
 #include "nsJSEnvironment.h"
 #include "nsServiceManagerUtils.h"
 #include "nsDOMError.h"
+#include "nsGlobalWindow.h"

 static const char kSetIntervalStr[] = "setInterval";
 static const char kSetTimeoutStr[] = "setTimeout";
@ -87,7 +88,7 @@ public:
  // added.
  virtual void SetLateness(PRIntervalTime aHowLate);

-  nsresult Init(nsIScriptContext *aContext, PRBool *aIsInterval,
+  nsresult Init(nsGlobalWindow *aWindow, PRBool *aIsInterval,
                PRInt32 *aInterval);

  void ReleaseJSObjects();
@ -165,18 +166,17 @@ nsJSScriptTimeoutHandler::ReleaseJSObjects()
 }

 nsresult
-nsJSScriptTimeoutHandler::Init(nsIScriptContext *aContext, PRBool *aIsInterval,
+nsJSScriptTimeoutHandler::Init(nsGlobalWindow *aWindow, PRBool *aIsInterval,
                               PRInt32 *aInterval)
 {
-  if (!aContext) {
+  mContext = aWindow->GetContextInternal();
+  if (!mContext) {
    // This window was already closed, or never properly initialized,
    // don't let a timer be scheduled on such a window.

    return NS_ERROR_NOT_INITIALIZED;
  }

-  mContext = aContext;
-
  nsAXPCNativeCallContext *ncc = nsnull;
  nsresult rv = nsContentUtils::XPConnect()->
    GetCurrentNativeCallContext(&ncc);
@ -253,11 +253,18 @@ nsJSScriptTimeoutHandler::Init(nsIScriptContext *aContext, PRBool *aIsInterval,

    mExpr = expr;

+    nsIPrincipal *prin = aWindow->GetPrincipal();
+    JSPrincipals *jsprins;
+    rv = prin->GetJSPrincipals(cx, &jsprins);
+    NS_ENSURE_SUCCESS(rv, rv);
+
    // Get the calling location.
    const char *filename;
-    if (nsJSUtils::GetCallingLocation(cx, &filename, &mLineNo)) {
+    if (nsJSUtils::GetCallingLocation(cx, &filename, &mLineNo, jsprins)) {
      mFileName.Assign(filename);
    }
+
+    JSPRINCIPALS_DROP(cx, jsprins);
  } else if (funobj) {
    rv = NS_HOLD_JS_OBJECTS(this, nsJSScriptTimeoutHandler);
    NS_ENSURE_SUCCESS(rv, rv);
@ -315,7 +322,7 @@ nsJSScriptTimeoutHandler::GetHandlerText()
                         (::JS_GetStringChars(mExpr));
 }

-nsresult NS_CreateJSTimeoutHandler(nsIScriptContext *aContext,
+nsresult NS_CreateJSTimeoutHandler(nsGlobalWindow *aWindow,
                                   PRBool *aIsInterval,
                                   PRInt32 *aInterval,
                                   nsIScriptTimeoutHandler **aRet)
@ -325,7 +332,7 @@ nsresult NS_CreateJSTimeoutHandler(nsIScriptContext *aContext,
  if (!handler)
    return NS_ERROR_OUT_OF_MEMORY;

-  nsresult rv = handler->Init(aContext, aIsInterval, aInterval);
+  nsresult rv = handler->Init(aWindow, aIsInterval, aInterval);
  if (NS_FAILED(rv)) {
    delete handler;
    return rv;
--- a/dom/src/base/nsJSUtils.cpp
+++ b/dom/src/base/nsJSUtils.cpp
@ -1,4 +1,5 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 sw=2 et tw=78: */
 /* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
@ -60,7 +61,7 @@

 JSBool
 nsJSUtils::GetCallingLocation(JSContext* aContext, const char* *aFilename,
-                              PRUint32 *aLineno)
+                              PRUint32* aLineno, JSPrincipals* aPrincipals)
 {
  // Get the current filename and line number
  JSStackFrame* frame = nsnull;
@ -74,6 +75,20 @@ nsJSUtils::GetCallingLocation(JSContext* aContext, const char* *aFilename,
  } while (frame && !script);

  if (script) {
+    // If aPrincipals is non-null then our caller is asking us to ensure
+    // that the filename we return does not have elevated privileges.
+    if (aPrincipals) {
+      JSPrincipals* scriptPrins = JS_GetScriptPrincipals(aContext, script);
+
+      // Return the weaker of the two principals if they differ.
+      if (scriptPrins != aPrincipals &&
+          scriptPrins->subsume(scriptPrins, aPrincipals)) {
+        *aFilename = aPrincipals->codebase;
+        *aLineno = 0;
+        return JS_TRUE;
+      }
+    }
+
    const char* filename = ::JS_GetScriptFilename(aContext, script);

    if (filename) {
--- a/dom/src/base/nsJSUtils.h
+++ b/dom/src/base/nsJSUtils.h
@ -57,7 +57,7 @@ class nsJSUtils
 {
 public:
  static JSBool GetCallingLocation(JSContext* aContext, const char* *aFilename,
-                                   PRUint32 *aLineno);
+                                   PRUint32* aLineno, JSPrincipals* aPrincipals);

  static jsval ConvertStringToJSVal(const nsString& aProp,
                                    JSContext* aContext);