[tbb-commits] [tor-browser/tor-browser-24.5.0esr-1] fix #9308 and #11433: don't leak user install path of TBB
mikeperry at torproject.org
mikeperry at torproject.org
Fri Apr 25 17:33:07 UTC 2014
commit 7ac088b732719d6e69466e583b7eb31767759d22
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Wed Apr 23 16:05:48 2014 -0700
fix #9308 and #11433: don't leak user install path of TBB
---
js/xpconnect/src/XPCConvert.cpp | 5 ++++-
js/xpconnect/src/XPCException.cpp | 7 ++++++-
js/xpconnect/src/XPCStack.cpp | 7 +++++--
xpcom/build/Omnijar.cpp | 29 +++++++++++++++++++++++++++++
xpcom/build/Omnijar.h | 13 +++++++++++++
5 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/js/xpconnect/src/XPCConvert.cpp b/js/xpconnect/src/XPCConvert.cpp
index a94a519..dd8c8f4 100644
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -8,6 +8,7 @@
/* Data conversion between native and JavaScript types. */
#include "mozilla/Util.h"
+#include "mozilla/Omnijar.h"
#include "xpcprivate.h"
#include "nsString.h"
@@ -1319,9 +1320,11 @@ XPCConvert::JSErrorToXPCException(const char* message,
static_cast<const PRUnichar*>(report->uclinebuf);
data = new nsScriptError();
+ nsAutoCString resourceFilename;
+ Omnijar::ConvertToResourceFilename(nsCString(report->filename), resourceFilename);
data->InitWithWindowID(
bestMessage,
- NS_ConvertASCIItoUTF16(report->filename),
+ NS_ConvertASCIItoUTF16(resourceFilename.get()),
uclinebuf ? nsDependentString(uclinebuf) : EmptyString(),
report->lineno,
report->uctokenptr - report->uclinebuf, report->flags,
diff --git a/js/xpconnect/src/XPCException.cpp b/js/xpconnect/src/XPCException.cpp
index a0b48c2..1e42662 100644
--- a/js/xpconnect/src/XPCException.cpp
+++ b/js/xpconnect/src/XPCException.cpp
@@ -9,6 +9,7 @@
#include "xpcprivate.h"
#include "nsError.h"
#include "nsIUnicodeDecoder.h"
+#include "mozilla/Omnijar.h"
/***************************************************************************/
/* Quick and dirty mapping of well known result codes to strings. We only
@@ -291,8 +292,12 @@ nsXPCException::Initialize(const char *aMessage, nsresult aResult, const char *a
// For now, fill in our location details from our stack frame.
// Later we may allow other locations?
nsresult rc;
- if (NS_FAILED(rc = aLocation->GetFilename(&mFilename)))
+ char* rawFilename = nullptr;
+ if (NS_FAILED(rc = aLocation->GetFilename(&rawFilename)))
return rc;
+ nsAutoCString resourceFilename;
+ mozilla::Omnijar::ConvertToResourceFilename(nsCString(rawFilename), resourceFilename);
+ mFilename = (char *) nsMemory::Clone(resourceFilename.get(), resourceFilename.Length()+1);
if (NS_FAILED(rc = aLocation->GetLineNumber(&mLineNumber)))
return rc;
} else {
diff --git a/js/xpconnect/src/XPCStack.cpp b/js/xpconnect/src/XPCStack.cpp
index db30556..adfd456 100644
--- a/js/xpconnect/src/XPCStack.cpp
+++ b/js/xpconnect/src/XPCStack.cpp
@@ -7,6 +7,7 @@
/* Implements nsIStackFrame. */
#include "xpcprivate.h"
+#include "mozilla/Omnijar.h"
class XPCJSStackFrame : public nsIStackFrame
{
@@ -107,9 +108,11 @@ XPCJSStackFrame::CreateStack(JSContext* cx, XPCJSStackFrame** stack)
JSAutoCompartment ac(cx, desc->frames[i].script);
const char* filename = JS_GetScriptFilename(cx, desc->frames[i].script);
if (filename) {
+ nsAutoCString resourceFilename;
+ mozilla::Omnijar::ConvertToResourceFilename(nsCString(filename), resourceFilename);
self->mFilename = (char*)
- nsMemory::Clone(filename,
- sizeof(char)*(strlen(filename)+1));
+ nsMemory::Clone(resourceFilename.get(),
+ sizeof(char)*(resourceFilename.Length()+1));
}
self->mLineno = desc->frames[i].lineno;
diff --git a/xpcom/build/Omnijar.cpp b/xpcom/build/Omnijar.cpp
index 4d75c7e..79fa163 100644
--- a/xpcom/build/Omnijar.cpp
+++ b/xpcom/build/Omnijar.cpp
@@ -164,4 +164,33 @@ Omnijar::GetURIString(Type aType, nsACString &result)
return NS_OK;
}
+bool
+Omnijar::RebaseFilename(const nsCString& filename, const nsCString& oldBase, const nsCString& newBase, nsACString &result) {
+ PRInt32 pos = filename.Find(oldBase);
+ if (pos > -1) {
+ nsAutoCString path;
+ filename.Right(path, filename.Length() - pos - oldBase.Length());
+ result = newBase + path;
+ return true;
+ }
+ result = filename;
+ return false;
+}
+
+void
+Omnijar::ConvertToResourceFilename(const nsCString& filename, nsACString &result) {
+ if (StringBeginsWith(filename, NS_LITERAL_CSTRING("file://"))
+ || StringBeginsWith(filename, NS_LITERAL_CSTRING("jar:"))) {
+ if (RebaseFilename(filename, NS_LITERAL_CSTRING("/browser/omni.ja!/"),
+ NS_LITERAL_CSTRING("resource://app/"), result)) {
+ return;
+ }
+ if (RebaseFilename(filename, NS_LITERAL_CSTRING("/omni.ja!/"),
+ NS_LITERAL_CSTRING("resource://gre/"), result)) {
+ return;
+ }
+ }
+ result = filename;
+}
+
} /* namespace mozilla */
diff --git a/xpcom/build/Omnijar.h b/xpcom/build/Omnijar.h
index a261e35..4ba49a7 100644
--- a/xpcom/build/Omnijar.h
+++ b/xpcom/build/Omnijar.h
@@ -117,12 +117,25 @@ static already_AddRefed<nsZipArchive> GetReader(nsIFile *aPath);
*/
static nsresult GetURIString(Type aType, nsACString &result);
+/**
+ * If the filename contains a "file://" URI, which is an absolute path,
+ * attempts to convert to a "resource://" URI. Otherwise returns the
+ * filename unchanged.
+ */
+static void ConvertToResourceFilename(const nsCString& filename, nsACString &result);
+
private:
/**
* Used internally, respectively by Init() and CleanUp()
*/
static void InitOne(nsIFile *aPath, Type aType);
static void CleanUpOne(Type aType);
+/**
+ * Rebases a filename, given a (possibly internal) base directory, and a new
+ * base directory name. E.g.: RebaseFilename("a/b/c","b","d",result) -> result = "d/c".
+ */
+static bool RebaseFilename(const nsCString& filename, const nsCString& oldBase, const nsCString& newBase, nsACString &result);
+
}; /* class Omnijar */
More information about the tbb-commits
mailing list