Revert "Bug 1182569 - Skip security check for plugins using newstream attribute"

This reverts commit 5b0f4649b3fee771379af60ec04d43b8a525cf80.
author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 22:16:58 +0200
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 22:16:58 +0200
commit: 13f3978a14cb90eb01fc7f185f62b2ee2ac9f466 (patch)
tree: 1f59b2ec96124bb182f34bd6d8222e012656a1c0
parent: ee4f7c4aa17068cfda347fb6ce51ca0b1958fbb6 (diff)
download: UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.gz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.lz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.xz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.zip
5 files changed, 24 insertions, 47 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 8167a76ec..6810d0179 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -13888,8 +13888,7 @@ public:
                    const nsAString& aFileName,
                    nsIInputStream* aPostDataStream,
                    nsIInputStream* aHeadersDataStream,
-                   bool aIsTrusted,
-                   nsIPrincipal* aTriggeringPrincipal);
+                   bool aIsTrusted);
 
   NS_IMETHOD Run() override
   {
@@ -13905,7 +13904,7 @@ public:
       mHandler->OnLinkClickSync(mContent, mURI,
                                 mTargetSpec.get(), mFileName,
                                 mPostDataStream, mHeadersDataStream,
-                                nullptr, nullptr, mTriggeringPrincipal);
+                                nullptr, nullptr);
     }
     return NS_OK;
   }
@@ -13920,7 +13919,6 @@ private:
   nsCOMPtr<nsIContent> mContent;
   PopupControlState mPopupState;
   bool mIsTrusted;
-  nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
 };
 
 OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
@@ -13930,8 +13928,7 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
                                    const nsAString& aFileName,
                                    nsIInputStream* aPostDataStream,
                                    nsIInputStream* aHeadersDataStream,
-                                   bool aIsTrusted,
-                                   nsIPrincipal* aTriggeringPrincipal)
+                                   bool aIsTrusted)
   : mHandler(aHandler)
   , mURI(aURI)
   , mTargetSpec(aTargetSpec)
@@ -13941,7 +13938,6 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
   , mContent(aContent)
   , mPopupState(mHandler->mScriptGlobal->GetPopupControlState())
   , mIsTrusted(aIsTrusted)
-  , mTriggeringPrincipal(aTriggeringPrincipal)
 {
 }
 
@@ -13952,8 +13948,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
                         const nsAString& aFileName,
                         nsIInputStream* aPostDataStream,
                         nsIInputStream* aHeadersDataStream,
-                        bool aIsTrusted,
-                        nsIPrincipal* aTriggeringPrincipal)
+                        bool aIsTrusted)
 {
   NS_ASSERTION(NS_IsMainThread(), "wrong thread");
 
@@ -13992,8 +13987,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
 
   nsCOMPtr<nsIRunnable> ev =
     new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName,
-                         aPostDataStream, aHeadersDataStream,
-                         aIsTrusted, aTriggeringPrincipal);
+                         aPostDataStream, aHeadersDataStream, aIsTrusted);
   return NS_DispatchToCurrentThread(ev);
 }
 
@@ -14005,8 +13999,7 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
                             nsIInputStream* aPostDataStream,
                             nsIInputStream* aHeadersDataStream,
                             nsIDocShell** aDocShell,
-                            nsIRequest** aRequest,
-                            nsIPrincipal* aTriggeringPrincipal)
+                            nsIRequest** aRequest)
 {
   // Initialize the DocShell / Request
   if (aDocShell) {
@@ -14129,18 +14122,13 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
-  // if the triggeringPrincipal is not passed explicitly, then we
-  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
-  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
-    aTriggeringPrincipal ? aTriggeringPrincipal
-                         : aContent->NodePrincipal();
-
   nsresult rv = InternalLoad(clonedURI,                 // New URI
                              nullptr,                   // Original URI
                              false,                     // LoadReplace
                              referer,                   // Referer URI
                              refererPolicy,             // Referer policy
-                             triggeringPrincipal,
+                             aContent->NodePrincipal(), // Triggering is our node's
+                                                        // principal
                              aContent->NodePrincipal(),
                              flags,
                              target,                    // Window target
diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
index f510a15b0..63a4e3358 100644
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -201,8 +201,7 @@ public:
                          const nsAString& aFileName,
                          nsIInputStream* aPostDataStream,
                          nsIInputStream* aHeadersDataStream,
-                         bool aIsTrusted,
-                         nsIPrincipal* aTriggeringPrincipal) override;
+                         bool aIsTrusted) override;
   NS_IMETHOD OnLinkClickSync(nsIContent* aContent,
                              nsIURI* aURI,
                              const char16_t* aTargetSpec,
@@ -210,8 +209,7 @@ public:
                              nsIInputStream* aPostDataStream = 0,
                              nsIInputStream* aHeadersDataStream = 0,
                              nsIDocShell** aDocShell = 0,
-                             nsIRequest** aRequest = 0,
-                             nsIPrincipal* aTriggeringPrincipal = nullptr) override;
+                             nsIRequest** aRequest = 0) override;
   NS_IMETHOD OnOverLink(nsIContent* aContent,
                         nsIURI* aURI,
                         const char16_t* aTargetSpec) override;
diff --git a/docshell/base/nsILinkHandler.h b/docshell/base/nsILinkHandler.h
index 7069f1f1d..7cdcd566d 100644
--- a/docshell/base/nsILinkHandler.h
+++ b/docshell/base/nsILinkHandler.h
@@ -37,8 +37,6 @@ public:
    * @param aFileName non-null when the link should be downloaded as the given file
    * @param aHeadersDataStream ???
    * @param aIsTrusted false if the triggerer is an untrusted DOM event.
-   * @param aTriggeringPrincipal, if not passed explicitly we fall back to
-   *        the document's principal.
    */
   NS_IMETHOD OnLinkClick(nsIContent* aContent,
                          nsIURI* aURI,
@@ -46,8 +44,7 @@ public:
                          const nsAString& aFileName,
                          nsIInputStream* aPostDataStream,
                          nsIInputStream* aHeadersDataStream,
-                         bool aIsTrusted,
-                         nsIPrincipal* aTriggeringPrincipal) = 0;
+                         bool aIsTrusted) = 0;
 
   /**
    * Process a click on a link.
@@ -64,8 +61,6 @@ public:
    * @param aHeadersDataStream ???
    * @param aDocShell (out-param) the DocShell that the request was opened on
    * @param aRequest the request that was opened
-   * @param aTriggeringPrincipal, if not passed explicitly we fall back to
-   *        the document's principal.
    */
   NS_IMETHOD OnLinkClickSync(nsIContent* aContent,
                              nsIURI* aURI,
@@ -74,8 +69,7 @@ public:
                              nsIInputStream* aPostDataStream = 0,
                              nsIInputStream* aHeadersDataStream = 0,
                              nsIDocShell** aDocShell = 0,
-                             nsIRequest** aRequest = 0,
-                             nsIPrincipal* aTriggeringPrincipal = nullptr) = 0;
+                             nsIRequest** aRequest = 0) = 0;
 
   /**
    * Process a mouse-over a link.
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index c3ff2b4d8..ef87a250e 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5100,7 +5100,7 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
 
     handler->OnLinkClick(aContent, aLinkURI,
                          fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
-                         fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());
+                         fileName, nullptr, nullptr, aIsTrusted);
   }
 }
 
diff --git a/dom/plugins/base/nsPluginInstanceOwner.cpp b/dom/plugins/base/nsPluginInstanceOwner.cpp
index 7de6c2b73..b7651be1a 100644
--- a/dom/plugins/base/nsPluginInstanceOwner.cpp
+++ b/dom/plugins/base/nsPluginInstanceOwner.cpp
@@ -535,6 +535,16 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
   nsresult rv = NS_NewURI(getter_AddRefs(uri), aURL, baseURI);
   NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
 
+  if (aDoCheckLoadURIChecks) {
+    nsCOMPtr<nsIScriptSecurityManager> secMan(
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
+    NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+
+    rv = secMan->CheckLoadURIWithPrincipal(content->NodePrincipal(), uri,
+                                           nsIScriptSecurityManager::STANDARD);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
   nsCOMPtr<nsIInputStream> headersDataStream;
   if (aPostStream && aHeadersData) {
     if (!aHeadersDataLen)
@@ -553,21 +563,8 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
     Preferences::GetInt("privacy.popups.disable_from_plugins");
   nsAutoPopupStatePusher popupStatePusher((PopupControlState)blockPopups);
 
-
-  // if security checks (in particular CheckLoadURIWithPrincipal) needs
-  // to be skipped we are creating a codebasePrincipal to make sure
-  // that security check succeeds. Please note that we do not want to
-  // fall back to using the systemPrincipal, because that would also
-  // bypass ContentPolicy checks which should still be enforced.
-  nsCOMPtr<nsIPrincipal> triggeringPrincipal;
-  if (!aDoCheckLoadURIChecks) {
-    mozilla::PrincipalOriginAttributes attrs =
-      BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef();
-    triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-  }
-
   rv = lh->OnLinkClick(content, uri, unitarget.get(), NullString(),
-                       aPostStream, headersDataStream, true, triggeringPrincipal);
+                       aPostStream, headersDataStream, true);
 
   return rv;
 }
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 22:16:58 +0200
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 22:16:58 +0200
commit	13f3978a14cb90eb01fc7f185f62b2ee2ac9f466 (patch)
tree	1f59b2ec96124bb182f34bd6d8222e012656a1c0
parent	ee4f7c4aa17068cfda347fb6ce51ca0b1958fbb6 (diff)
download	UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.gz UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.lz UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.xz UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.zip