diff options
Diffstat (limited to 'netwerk/base')
| -rw-r--r-- | netwerk/base/LoadInfo.cpp | 23 | ||||
| -rw-r--r-- | netwerk/base/TLSServerSocket.cpp | 10 | ||||
| -rw-r--r-- | netwerk/base/TLSServerSocket.h | 1 | ||||
| -rw-r--r-- | netwerk/base/nsFileStreams.cpp | 7 | ||||
| -rw-r--r-- | netwerk/base/nsILoadInfo.idl | 17 | ||||
| -rw-r--r-- | netwerk/base/nsITLSServerSocket.idl | 12 | ||||
| -rw-r--r-- | netwerk/base/nsStandardURL.cpp | 4 | ||||
| -rw-r--r-- | netwerk/base/security-prefs.js | 2 |
8 files changed, 69 insertions, 7 deletions
diff --git a/netwerk/base/LoadInfo.cpp b/netwerk/base/LoadInfo.cpp index a8c9a5a25..ebe9d4703 100644 --- a/netwerk/base/LoadInfo.cpp +++ b/netwerk/base/LoadInfo.cpp @@ -81,7 +81,7 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadingPrincipal, // This constructor shouldn't be used for TYPE_DOCUMENT loads that don't // have a loadingPrincipal - MOZ_ASSERT(skipContentTypeCheck || + MOZ_ASSERT(skipContentTypeCheck || mLoadingPrincipal || mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT); // TODO(bug 1259873): Above, we initialize mIsThirdPartyContext to false meaning @@ -493,6 +493,27 @@ LoadInfo::ContextForTopLevelLoad() return context; } +already_AddRefed<nsISupports> +LoadInfo::GetLoadingContext() +{ + nsCOMPtr<nsISupports> context; + if (mInternalContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) { + context = ContextForTopLevelLoad(); + } + else { + context = LoadingNode(); + } + return context.forget(); +} + +NS_IMETHODIMP +LoadInfo::GetLoadingContextXPCOM(nsISupports** aResult) +{ + nsCOMPtr<nsISupports> context = GetLoadingContext(); + context.forget(aResult); + return NS_OK; +} + NS_IMETHODIMP LoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) { diff --git a/netwerk/base/TLSServerSocket.cpp b/netwerk/base/TLSServerSocket.cpp index b32a9a188..257a7f5da 100644 --- a/netwerk/base/TLSServerSocket.cpp +++ b/netwerk/base/TLSServerSocket.cpp @@ -419,6 +419,13 @@ TLSServerConnectionInfo::GetCipherName(nsACString& aCipherName) } NS_IMETHODIMP +TLSServerConnectionInfo::GetCipherSuite(nsACString& aCipherSuite) +{ + aCipherSuite.Assign(mCipherSuite); + return NS_OK; +} + +NS_IMETHODIMP TLSServerConnectionInfo::GetKeyLength(uint32_t* aKeyLength) { if (NS_WARN_IF(!aKeyLength)) { @@ -490,7 +497,8 @@ TLSServerConnectionInfo::HandshakeCallback(PRFileDesc* aFD) if (NS_FAILED(rv)) { return rv; } - mCipherName.Assign(cipherInfo.cipherSuiteName); + mCipherName.Assign(cipherInfo.symCipherName); + mCipherSuite.Assign(cipherInfo.cipherSuiteName); mKeyLength = cipherInfo.effectiveKeyBits; mMacLength = cipherInfo.macBits; diff --git a/netwerk/base/TLSServerSocket.h b/netwerk/base/TLSServerSocket.h index 9fb57e0cc..fd47fc918 100644 --- a/netwerk/base/TLSServerSocket.h +++ b/netwerk/base/TLSServerSocket.h @@ -68,6 +68,7 @@ private: nsCOMPtr<nsIX509Cert> mPeerCert; int16_t mTlsVersionUsed; nsCString mCipherName; + nsCString mCipherSuite; uint32_t mKeyLength; uint32_t mMacLength; // lock protects access to mSecurityObserver diff --git a/netwerk/base/nsFileStreams.cpp b/netwerk/base/nsFileStreams.cpp index 2ddb7ae98..6508b33b9 100644 --- a/netwerk/base/nsFileStreams.cpp +++ b/netwerk/base/nsFileStreams.cpp @@ -1015,11 +1015,18 @@ nsAtomicFileOutputStream::DoOpen() } if (NS_SUCCEEDED(rv) && mTargetFileExists) { + // Abort if |file| is not writable; it won't work as an output stream. + bool isWritable; + if (NS_SUCCEEDED(file->IsWritable(&isWritable)) && !isWritable) { + return NS_ERROR_FILE_ACCESS_DENIED; + } + uint32_t origPerm; if (NS_FAILED(file->GetPermissions(&origPerm))) { NS_ERROR("Can't get permissions of target file"); origPerm = mOpenParams.perm; } + // XXX What if |perm| is more restrictive then |origPerm|? // This leaves the user supplied permissions as they were. rv = tempResult->CreateUnique(nsIFile::NORMAL_FILE_TYPE, origPerm); diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl index 9a883ff98..bc609c317 100644 --- a/netwerk/base/nsILoadInfo.idl +++ b/netwerk/base/nsILoadInfo.idl @@ -10,7 +10,7 @@ interface nsIDOMDocument; interface nsINode; interface nsIPrincipal; - +native LoadContextRef(already_AddRefed<nsISupports>); %{C++ #include "nsTArray.h" #include "mozilla/BasePrincipal.h" @@ -334,6 +334,21 @@ interface nsILoadInfo : nsISupports nsISupports binaryContextForTopLevelLoad(); /** + * For all loads except loads of TYPE_DOCUMENT, the loadingContext + * simply returns the loadingNode. For loads of TYPE_DOCUMENT this + * will return the context available for top-level loads which + * do not have a loadingNode. + */ + [binaryname(LoadingContextXPCOM)] + readonly attribute nsISupports loadingContext; + + /** + * A C++ friendly version of the loadingContext. + */ + [noscript, notxpcom, nostdcall, binaryname(GetLoadingContext)] + LoadContextRef binaryGetLoadingContext(); + + /** * The securityFlags of that channel. */ readonly attribute nsSecurityFlags securityFlags; diff --git a/netwerk/base/nsITLSServerSocket.idl b/netwerk/base/nsITLSServerSocket.idl index 9a03c2ead..57485357f 100644 --- a/netwerk/base/nsITLSServerSocket.idl +++ b/netwerk/base/nsITLSServerSocket.idl @@ -94,7 +94,7 @@ interface nsITLSServerSocket : nsIServerSocket * method of the security observer has been called (see * |nsITLSServerSecurityObserver| below). */ -[scriptable, uuid(19668ea4-e5ad-4182-9698-7e890d48f327)] +[scriptable, uuid(205e273d-2439-449b-bfc5-fc555c87dbc4)] interface nsITLSClientStatus : nsISupports { /** @@ -125,11 +125,19 @@ interface nsITLSClientStatus : nsISupports /** * cipherName * + * Name of the symetric cipher used, such as + * "AES-GCM" or "CAMELLIA". + */ + readonly attribute ACString cipherName; + + /** + * cipherSuite + * * Name of the cipher suite used, such as * "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". * See security/nss/lib/ssl/sslinfo.c for the possible values. */ - readonly attribute ACString cipherName; + readonly attribute ACString cipherSuite; /** * keyLength diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index e2a290e4d..dff4ecbc0 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -3455,8 +3455,10 @@ FromIPCSegment(const nsACString& aSpec, const ipc::StandardURLSegment& aSegment, return false; } + CheckedInt<uint32_t> segmentLen = aSegment.position(); + segmentLen += aSegment.length(); // Make sure the segment does not extend beyond the spec. - if (NS_WARN_IF(aSegment.position() + aSegment.length() > aSpec.Length())) { + if (NS_WARN_IF(!segmentLen.isValid() || segmentLen.value() > aSpec.Length())) { return false; } diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index 5351d7c04..cfbbf4a45 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -3,7 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ pref("security.tls.version.min", 1); -pref("security.tls.version.max", 3); +pref("security.tls.version.max", 4); pref("security.tls.version.fallback-limit", 3); pref("security.tls.insecure_fallback_hosts", ""); pref("security.tls.unrestricted_rc4_fallback", false); |