From 13f3978a14cb90eb01fc7f185f62b2ee2ac9f466 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 22 Apr 2018 22:16:58 +0200 Subject: Revert "Bug 1182569 - Skip security check for plugins using newstream attribute" This reverts commit 5b0f4649b3fee771379af60ec04d43b8a525cf80. --- docshell/base/nsDocShell.cpp | 28 ++++++++-------------------- docshell/base/nsDocShell.h | 6 ++---- docshell/base/nsILinkHandler.h | 10 ++-------- dom/base/nsContentUtils.cpp | 2 +- dom/plugins/base/nsPluginInstanceOwner.cpp | 25 +++++++++++-------------- 5 files changed, 24 insertions(+), 47 deletions(-) diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 8167a76ec..6810d0179 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -13888,8 +13888,7 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted, - nsIPrincipal* aTriggeringPrincipal); + bool aIsTrusted); NS_IMETHOD Run() override { @@ -13905,7 +13904,7 @@ public: mHandler->OnLinkClickSync(mContent, mURI, mTargetSpec.get(), mFileName, mPostDataStream, mHeadersDataStream, - nullptr, nullptr, mTriggeringPrincipal); + nullptr, nullptr); } return NS_OK; } @@ -13920,7 +13919,6 @@ private: nsCOMPtr mContent; PopupControlState mPopupState; bool mIsTrusted; - nsCOMPtr mTriggeringPrincipal; }; OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, @@ -13930,8 +13928,7 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted, - nsIPrincipal* aTriggeringPrincipal) + bool aIsTrusted) : mHandler(aHandler) , mURI(aURI) , mTargetSpec(aTargetSpec) @@ -13941,7 +13938,6 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler, , mContent(aContent) , mPopupState(mHandler->mScriptGlobal->GetPopupControlState()) , mIsTrusted(aIsTrusted) - , mTriggeringPrincipal(aTriggeringPrincipal) { } @@ -13952,8 +13948,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent, const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted, - nsIPrincipal* aTriggeringPrincipal) + bool aIsTrusted) { NS_ASSERTION(NS_IsMainThread(), "wrong thread"); @@ -13992,8 +13987,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent, nsCOMPtr ev = new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName, - aPostDataStream, aHeadersDataStream, - aIsTrusted, aTriggeringPrincipal); + aPostDataStream, aHeadersDataStream, aIsTrusted); return NS_DispatchToCurrentThread(ev); } @@ -14005,8 +13999,7 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, nsIDocShell** aDocShell, - nsIRequest** aRequest, - nsIPrincipal* aTriggeringPrincipal) + nsIRequest** aRequest) { // Initialize the DocShell / Request if (aDocShell) { @@ -14129,18 +14122,13 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent, return NS_ERROR_OUT_OF_MEMORY; } - // if the triggeringPrincipal is not passed explicitly, then we - // fall back to using doc->NodePrincipal() as the triggeringPrincipal. - nsCOMPtr triggeringPrincipal = - aTriggeringPrincipal ? aTriggeringPrincipal - : aContent->NodePrincipal(); - nsresult rv = InternalLoad(clonedURI, // New URI nullptr, // Original URI false, // LoadReplace referer, // Referer URI refererPolicy, // Referer policy - triggeringPrincipal, + aContent->NodePrincipal(), // Triggering is our node's + // principal aContent->NodePrincipal(), flags, target, // Window target diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h index f510a15b0..63a4e3358 100644 --- a/docshell/base/nsDocShell.h +++ b/docshell/base/nsDocShell.h @@ -201,8 +201,7 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted, - nsIPrincipal* aTriggeringPrincipal) override; + bool aIsTrusted) override; NS_IMETHOD OnLinkClickSync(nsIContent* aContent, nsIURI* aURI, const char16_t* aTargetSpec, @@ -210,8 +209,7 @@ public: nsIInputStream* aPostDataStream = 0, nsIInputStream* aHeadersDataStream = 0, nsIDocShell** aDocShell = 0, - nsIRequest** aRequest = 0, - nsIPrincipal* aTriggeringPrincipal = nullptr) override; + nsIRequest** aRequest = 0) override; NS_IMETHOD OnOverLink(nsIContent* aContent, nsIURI* aURI, const char16_t* aTargetSpec) override; diff --git a/docshell/base/nsILinkHandler.h b/docshell/base/nsILinkHandler.h index 7069f1f1d..7cdcd566d 100644 --- a/docshell/base/nsILinkHandler.h +++ b/docshell/base/nsILinkHandler.h @@ -37,8 +37,6 @@ public: * @param aFileName non-null when the link should be downloaded as the given file * @param aHeadersDataStream ??? * @param aIsTrusted false if the triggerer is an untrusted DOM event. - * @param aTriggeringPrincipal, if not passed explicitly we fall back to - * the document's principal. */ NS_IMETHOD OnLinkClick(nsIContent* aContent, nsIURI* aURI, @@ -46,8 +44,7 @@ public: const nsAString& aFileName, nsIInputStream* aPostDataStream, nsIInputStream* aHeadersDataStream, - bool aIsTrusted, - nsIPrincipal* aTriggeringPrincipal) = 0; + bool aIsTrusted) = 0; /** * Process a click on a link. @@ -64,8 +61,6 @@ public: * @param aHeadersDataStream ??? * @param aDocShell (out-param) the DocShell that the request was opened on * @param aRequest the request that was opened - * @param aTriggeringPrincipal, if not passed explicitly we fall back to - * the document's principal. */ NS_IMETHOD OnLinkClickSync(nsIContent* aContent, nsIURI* aURI, @@ -74,8 +69,7 @@ public: nsIInputStream* aPostDataStream = 0, nsIInputStream* aHeadersDataStream = 0, nsIDocShell** aDocShell = 0, - nsIRequest** aRequest = 0, - nsIPrincipal* aTriggeringPrincipal = nullptr) = 0; + nsIRequest** aRequest = 0) = 0; /** * Process a mouse-over a link. diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index c3ff2b4d8..ef87a250e 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -5100,7 +5100,7 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext, handler->OnLinkClick(aContent, aLinkURI, fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(), - fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal()); + fileName, nullptr, nullptr, aIsTrusted); } } diff --git a/dom/plugins/base/nsPluginInstanceOwner.cpp b/dom/plugins/base/nsPluginInstanceOwner.cpp index 7de6c2b73..b7651be1a 100644 --- a/dom/plugins/base/nsPluginInstanceOwner.cpp +++ b/dom/plugins/base/nsPluginInstanceOwner.cpp @@ -535,6 +535,16 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL, nsresult rv = NS_NewURI(getter_AddRefs(uri), aURL, baseURI); NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE); + if (aDoCheckLoadURIChecks) { + nsCOMPtr secMan( + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv)); + NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE); + + rv = secMan->CheckLoadURIWithPrincipal(content->NodePrincipal(), uri, + nsIScriptSecurityManager::STANDARD); + NS_ENSURE_SUCCESS(rv, rv); + } + nsCOMPtr headersDataStream; if (aPostStream && aHeadersData) { if (!aHeadersDataLen) @@ -553,21 +563,8 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL, Preferences::GetInt("privacy.popups.disable_from_plugins"); nsAutoPopupStatePusher popupStatePusher((PopupControlState)blockPopups); - - // if security checks (in particular CheckLoadURIWithPrincipal) needs - // to be skipped we are creating a codebasePrincipal to make sure - // that security check succeeds. Please note that we do not want to - // fall back to using the systemPrincipal, because that would also - // bypass ContentPolicy checks which should still be enforced. - nsCOMPtr triggeringPrincipal; - if (!aDoCheckLoadURIChecks) { - mozilla::PrincipalOriginAttributes attrs = - BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef(); - triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs); - } - rv = lh->OnLinkClick(content, uri, unitarget.get(), NullString(), - aPostStream, headersDataStream, true, triggeringPrincipal); + aPostStream, headersDataStream, true); return rv; } -- cgit v1.2.3