From 798c2ed4f8d1685df5ef53ea2fef09669d30ed36 Mon Sep 17 00:00:00 2001 From: Moonchild Date: Sat, 22 Aug 2020 09:51:42 +0000 Subject: Issue #618 - Split SRI verification out from OnStreamComplete. --- dom/script/ScriptLoader.cpp | 45 ++++++++++++++++++++++++++++----------------- dom/script/ScriptLoader.h | 9 +++++++-- 2 files changed, 35 insertions(+), 19 deletions(-) diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp index cd0db629f..c94966169 100644 --- a/dom/script/ScriptLoader.cpp +++ b/dom/script/ScriptLoader.cpp @@ -2241,19 +2241,41 @@ ScriptLoader::OnStreamComplete(nsIIncrementalStreamLoader* aLoader, nsresult aChannelStatus, nsresult aSRIStatus, mozilla::Vector &aString, - mozilla::dom::SRICheckDataVerifier* aSRIDataVerifier) + SRICheckDataVerifier* aSRIDataVerifier) { ScriptLoadRequest* request = static_cast(aContext); NS_ASSERTION(request, "null request in stream complete handler"); NS_ENSURE_TRUE(request, NS_ERROR_FAILURE); + nsresult rv = VerifySRI(request, aLoader, aSRIStatus, aSRIDataVerifier); + + if (NS_SUCCEEDED(rv)) { + rv = PrepareLoadedRequest(request, aLoader, aChannelStatus, aString); + } + + if (NS_FAILED(rv)) { + HandleLoadError(request, rv); + } + + // Process our request and/or any pending ones + ProcessPendingRequests(); + + return NS_OK; +} + +nsresult +ScriptLoader::VerifySRI(ScriptLoadRequest* aRequest, + nsIIncrementalStreamLoader* aLoader, + nsresult aSRIStatus, + SRICheckDataVerifier* aSRIDataVerifier) const +{ nsCOMPtr channelRequest; aLoader->GetRequest(getter_AddRefs(channelRequest)); nsCOMPtr channel; channel = do_QueryInterface(channelRequest); nsresult rv = NS_OK; - if (!request->mIntegrity.IsEmpty() && + if (!aRequest->mIntegrity.IsEmpty() && NS_SUCCEEDED((rv = aSRIStatus))) { MOZ_ASSERT(aSRIDataVerifier); MOZ_ASSERT(mReporter); @@ -2262,7 +2284,7 @@ ScriptLoader::OnStreamComplete(nsIIncrementalStreamLoader* aLoader, if (mDocument && mDocument->GetDocumentURI()) { mDocument->GetDocumentURI()->GetAsciiSpec(sourceUri); } - rv = aSRIDataVerifier->Verify(request->mIntegrity, channel, sourceUri, + rv = aSRIDataVerifier->Verify(aRequest->mIntegrity, channel, sourceUri, mReporter); mReporter->FlushConsoleReports(mDocument); if (NS_FAILED(rv)) { @@ -2278,7 +2300,7 @@ ScriptLoader::OnStreamComplete(nsIIncrementalStreamLoader* aLoader, loadInfo->LoadingPrincipal()->GetCsp(getter_AddRefs(csp)); nsAutoCString violationURISpec; mDocument->GetDocumentURI()->GetAsciiSpec(violationURISpec); - uint32_t lineNo = request->mElement ? request->mElement->GetScriptLineNumber() : 0; + uint32_t lineNo = aRequest->mElement ? aRequest->mElement->GetScriptLineNumber() : 0; csp->LogViolationDetails( nsIContentSecurityPolicy::VIOLATION_TYPE_REQUIRE_SRI_FOR_SCRIPT, NS_ConvertUTF8toUTF16(violationURISpec), @@ -2286,19 +2308,8 @@ ScriptLoader::OnStreamComplete(nsIIncrementalStreamLoader* aLoader, rv = NS_ERROR_SRI_CORRUPT; } } - - if (NS_SUCCEEDED(rv)) { - rv = PrepareLoadedRequest(request, aLoader, aChannelStatus, aString); - } - - if (NS_FAILED(rv)) { - HandleLoadError(request, rv); - } - - // Process our request and/or any pending ones - ProcessPendingRequests(); - - return NS_OK; + + return rv; } void diff --git a/dom/script/ScriptLoader.h b/dom/script/ScriptLoader.h index ed57de7c8..46ed4e120 100644 --- a/dom/script/ScriptLoader.h +++ b/dom/script/ScriptLoader.h @@ -407,8 +407,6 @@ public: mozilla::Vector &aString, mozilla::dom::SRICheckDataVerifier* aSRIDataVerifier); - void HandleLoadError(ScriptLoadRequest *aRequest, nsresult aResult); - /** * Processes any pending requests that are ready for processing. */ @@ -510,6 +508,8 @@ private: nsresult StartLoad(ScriptLoadRequest *aRequest, const nsAString &aType, bool aScriptFromHead); + void HandleLoadError(ScriptLoadRequest *aRequest, nsresult aResult); + /** * Process any pending requests asynchronously (i.e. off an event) if there * are any. Note that this is a no-op if there aren't any currently pending @@ -544,6 +544,11 @@ private: return mEnabled && !mBlockerCount; } + nsresult VerifySRI(ScriptLoadRequest *aRequest, + nsIIncrementalStreamLoader* aLoader, + nsresult aSRIStatus, + SRICheckDataVerifier* aSRIDataVerifier) const; + nsresult AttemptAsyncScriptCompile(ScriptLoadRequest* aRequest); nsresult ProcessRequest(ScriptLoadRequest* aRequest); nsresult CompileOffThreadOrProcessRequest(ScriptLoadRequest* aRequest); -- cgit v1.2.3