[tor-commits] [tor-browser/tor-browser-52.4.1esr-7.5-1] Bug 24052: Streamline handling of file:// resources
gk at torproject.org
gk at torproject.org
Thu Nov 9 10:36:17 UTC 2017
commit c6e2b905b793c803c73b7d3e5a1a2926e34df8f2
Author: Georg Koppen <gk at torproject.org>
Date: Fri Oct 27 20:40:57 2017 +0000
Bug 24052: Streamline handling of file:// resources
We should make sure restrictions regarding loading of file:// resources
are adhered to more strictly, at least on *nix platforms.
This is a workaround for
https://bugzilla.mozilla.org/show_bug.cgi?id=1412081.
---
netwerk/base/nsIOService.cpp | 8 ++++++++
netwerk/protocol/file/nsFileProtocolHandler.cpp | 7 +++++++
2 files changed, 15 insertions(+)
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index 0da79c18ae41..0cc67da7b18f 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -789,12 +789,20 @@ nsIOService::NewChannelFromURIWithProxyFlagsInternal(nsIURI* aURI,
// if calling newChannel2() fails we try to fall back to
// creating a new channel by calling NewChannel().
if (NS_FAILED(rv)) {
+#ifdef XP_UNIX
+ if (rv == NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
+ return rv;
+ } else {
+#endif
rv = handler->NewChannel(aURI, getter_AddRefs(channel));
NS_ENSURE_SUCCESS(rv, rv);
// The protocol handler does not implement NewChannel2, so
// maybe we need to wrap the channel (see comment in MaybeWrap
// function).
channel = nsSecCheckWrapChannel::MaybeWrap(channel, aLoadInfo);
+#ifdef XP_UNIX
+ }
+#endif
}
}
diff --git a/netwerk/protocol/file/nsFileProtocolHandler.cpp b/netwerk/protocol/file/nsFileProtocolHandler.cpp
index e55cb9d47460..c24c928b6f02 100644
--- a/netwerk/protocol/file/nsFileProtocolHandler.cpp
+++ b/netwerk/protocol/file/nsFileProtocolHandler.cpp
@@ -188,6 +188,13 @@ nsFileProtocolHandler::NewChannel2(nsIURI* uri,
nsILoadInfo* aLoadInfo,
nsIChannel** result)
{
+#ifdef XP_UNIX
+ if (aLoadInfo && aLoadInfo->TriggeringPrincipal()) {
+ if (aLoadInfo->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
+ return NS_ERROR_FILE_TARGET_DOES_NOT_EXIST;
+ }
+ }
+#endif
nsFileChannel *chan = new nsFileChannel(uri);
if (!chan)
return NS_ERROR_OUT_OF_MEMORY;
More information about the tor-commits
mailing list