summaryrefslogtreecommitdiffstats
path: root/netwerk
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk')
-rw-r--r--netwerk/base/nsFileStreams.cpp7
-rw-r--r--netwerk/protocol/http/nsCORSListenerProxy.cpp2
2 files changed, 8 insertions, 1 deletions
diff --git a/netwerk/base/nsFileStreams.cpp b/netwerk/base/nsFileStreams.cpp
index 2ddb7ae98..6508b33b9 100644
--- a/netwerk/base/nsFileStreams.cpp
+++ b/netwerk/base/nsFileStreams.cpp
@@ -1015,11 +1015,18 @@ nsAtomicFileOutputStream::DoOpen()
}
if (NS_SUCCEEDED(rv) && mTargetFileExists) {
+ // Abort if |file| is not writable; it won't work as an output stream.
+ bool isWritable;
+ if (NS_SUCCEEDED(file->IsWritable(&isWritable)) && !isWritable) {
+ return NS_ERROR_FILE_ACCESS_DENIED;
+ }
+
uint32_t origPerm;
if (NS_FAILED(file->GetPermissions(&origPerm))) {
NS_ERROR("Can't get permissions of target file");
origPerm = mOpenParams.perm;
}
+
// XXX What if |perm| is more restrictive then |origPerm|?
// This leaves the user supplied permissions as they were.
rv = tempResult->CreateUnique(nsIFile::NORMAL_FILE_TYPE, origPerm);
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index c2a624330..b9355c82b 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -577,7 +577,7 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest)
// check for duplicate headers
rv = http->VisitOriginalResponseHeaders(visitor);
if (NS_FAILED(rv)) {
- LogBlockedRequest(aRequest, "CORSAllowOriginNotMatchingOrigin", nullptr);
+ LogBlockedRequest(aRequest, "CORSMultipleAllowOriginNotAllowed", nullptr);
return rv;
}