diff options
author | Sebastian Streich <sstreich@mozilla.com> | 2019-09-05 09:48:51 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-09-05 09:48:51 +0200 |
commit | 334a892eb5f94c9adc5253101a213c8b8b492df8 (patch) | |
tree | 75bd3ca9117c26ab2395168bcfed570f07b74ab9 /dom/security | |
parent | 4d4924e5105dbdfdcc3ff821671fba0dfeb11b11 (diff) | |
download | UXP-334a892eb5f94c9adc5253101a213c8b8b492df8.tar UXP-334a892eb5f94c9adc5253101a213c8b8b492df8.tar.gz UXP-334a892eb5f94c9adc5253101a213c8b8b492df8.tar.lz UXP-334a892eb5f94c9adc5253101a213c8b8b492df8.tar.xz UXP-334a892eb5f94c9adc5253101a213c8b8b492df8.zip |
Add checks to respect CSP-wildcard + Ports.
Diffstat (limited to 'dom/security')
-rw-r--r-- | dom/security/nsCSPUtils.cpp | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index 71c8e3433..d07ad7945 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -641,13 +641,22 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected // just a specific scheme, the parser should generate a nsCSPSchemeSource. NS_ASSERTION((!mHost.IsEmpty()), "host can not be the empty string"); + // Before we can check if the host matches, we have to + // extract the host part from aUri. + nsAutoCString uriHost; + nsresult rv = aUri->GetAsciiHost(uriHost); + NS_ENSURE_SUCCESS(rv, false); + + nsString decodedUriHost; + CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriHost), decodedUriHost); + // 2) host matching: Enforce a single * if (mHost.EqualsASCII("*")) { // The single ASTERISK character (*) does not match a URI's scheme of a type // designating a globally unique identifier (such as blob:, data:, or filesystem:) - // At the moment firefox does not support filesystem; but for future compatibility + // At the moment UXP does not support "filesystem:" but for future compatibility // we support it in CSP according to the spec, see: 4.2.2 Matching Source Expressions - // Note, that whitelisting any of these schemes would call nsCSPSchemeSrc::permits(). + // Note: whitelisting any of these schemes would call nsCSPSchemeSrc::permits(). bool isBlobScheme = (NS_SUCCEEDED(aUri->SchemeIs("blob", &isBlobScheme)) && isBlobScheme); bool isDataScheme = @@ -658,20 +667,15 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected if (isBlobScheme || isDataScheme || isFileScheme) { return false; } - return true; - } - - // Before we can check if the host matches, we have to - // extract the host part from aUri. - nsAutoCString uriHost; - nsresult rv = aUri->GetAsciiHost(uriHost); - NS_ENSURE_SUCCESS(rv, false); - - nsString decodedUriHost; - CSP_PercentDecodeStr(NS_ConvertUTF8toUTF16(uriHost), decodedUriHost); + // If no scheme is present there also won't be a port and folder to check + // which means we can return early. + if (mScheme.IsEmpty()) { + return true; + } + } // 4.5) host matching: Check if the allowed host starts with a wilcard. - if (mHost.First() == '*') { + else if (mHost.First() == '*') { NS_ASSERTION(mHost[1] == '.', "Second character needs to be '.' whenever host starts with '*'"); // Eliminate leading "*", but keeping the FULL STOP (.) thereafter before checking |