[tor-commits] [tor-browser/tor-browser-52.4.1esr-7.5-1] Bug 24052: Streamline handling of file:// resources

gk at torproject.org gk at torproject.org
Thu Nov 9 10:36:17 UTC 2017


commit c6e2b905b793c803c73b7d3e5a1a2926e34df8f2
Author: Georg Koppen <gk at torproject.org>
Date:   Fri Oct 27 20:40:57 2017 +0000

    Bug 24052: Streamline handling of file:// resources
    
    We should make sure restrictions regarding loading of file:// resources
    are adhered to more strictly, at least on *nix platforms.
    
    This is a workaround for
    https://bugzilla.mozilla.org/show_bug.cgi?id=1412081.
---
 netwerk/base/nsIOService.cpp                    | 8 ++++++++
 netwerk/protocol/file/nsFileProtocolHandler.cpp | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 0da79c18ae41..0cc67da7b18f 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
         // if calling newChannel2() fails we try to fall back to
         // creating a new channel by calling NewChannel().
         if (NS_FAILED(rv)) {
+#ifdef XP_UNIX
+        if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
+            return rv;
+        } else {
+#endif
             rv = handler->NewChannel(aURI, getter_AddRefs(channel));
             NS_ENSURE_SUCCESS(rv, rv);
             // The protocol handler does not implement NewChannel2, so
             // maybe we need to wrap the channel (see comment in MaybeWrap
             // function).
             channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo);
+#ifdef XP_UNIX
+        }
+#endif
         }
     }
 
diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp
index e55cb9d47460..c24c928b6f02 100644
--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp
+++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp
@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri,
                                    nsILoadInfo* aLoadInfo,
                                    nsIChannel** result)
 {
+#ifdef XP_UNIX
+    if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) {
+      if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
+        return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
+      }
+    }
+#endif
     nsFileChannel *chan = new nsFileChannel(uri);
     if (!chan)
         return NS_ERROR_OUT_OF_MEMORY;





More information about the tor-commits mailing list