[tor-commits] [tor-browser/tor-browser-52.2.0esr-7.5-1] Bug 23044: Don't allow GIO supported protocols by default

gk at torproject.org gk at torproject.org
Thu Jul 27 21:21:40 UTC 2017 

commit a96f898e0da42de751a5e1367a9899cc96fadb1f
Author: Georg Koppen <gk at torproject.org>
Date:   Thu Jul 27 07:31:38 2017 +0000

    Bug 23044: Don't allow GIO supported protocols by default
---
 browser/app/profile/000-tor-browser.js  | 3 +++
 extensions/gio/nsGIOProtocolHandler.cpp | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index aaeba630422d..3edaad88f59e 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -210,6 +210,9 @@ pref("network.protocol-handler.warn-external.mailto", true);
 pref("network.protocol-handler.warn-external.news", true);
 pref("network.protocol-handler.warn-external.nntp", true);
 pref("network.protocol-handler.warn-external.snews", true);
+// Make sure we don't have any GIO supported protocols (defense in depth
+// measure)
+pref("network.gio.supported-protocols", "");
 pref("plugin.disable", true); // Disable to search plugins on first start
 pref("plugins.click_to_play", true);
 pref("plugin.state.flash", 1);
diff --git a/extensions/gio/nsGIOProtocolHandler.cpp b/extensions/gio/nsGIOProtocolHandler.cpp
index a378e8700821..5f6b2a0a2a57 100644
--- a/extensions/gio/nsGIOProtocolHandler.cpp
+++ b/extensions/gio/nsGIOProtocolHandler.cpp
@@ -922,16 +922,16 @@ nsGIOProtocolHandler::InitSupportedProtocolsPref(nsIPrefBranch *prefs)
   // Get user preferences to determine which protocol is supported.
   // Gvfs/GIO has a set of supported protocols like obex, network, archive,
   // computer, dav, cdda, gphoto2, trash, etc. Some of these seems to be
-  // irrelevant to process by browser. By default accept only smb and sftp
-  // protocols so far.
+  // irrelevant to process by browser. By default accept none.
   nsresult rv = prefs->GetCharPref(MOZ_GIO_SUPPORTED_PROTOCOLS,
                                    getter_Copies(mSupportedProtocols));
   if (NS_SUCCEEDED(rv)) {
     mSupportedProtocols.StripWhitespace();
     ToLowerCase(mSupportedProtocols);
   }
-  else
-    mSupportedProtocols.AssignLiteral("smb:,sftp:"); // use defaults
+  else {
+    mSupportedProtocols.AssignLiteral(""); // use none by default
+  }
 
   LOG(("gio: supported protocols \"%s\"\n", mSupportedProtocols.get()));
 }

More information about the tor-commits mailing list