From b61fddd9d49a4edff37a4cfcbf65bf448367a2eb Mon Sep 17 00:00:00 2001 From: Arthur Edelstein Date: Tue, 1 Apr 2014 17:35:37 -0700 Subject: [PATCH] prevent BrowserFeedWriter and sidebar exceptions from leaking absolute TBB path. Trac #9308 --- js/xpconnect/src/XPCConvert.cpp | 6 +++++- js/xpconnect/src/XPCStack.cpp | 13 ++++++++++--- netwerk/base/public/nsNetUtil.h | 11 +++++++++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/js/xpconnect/src/XPCConvert.cpp b/js/xpconnect/src/XPCConvert.cpp index a94a519..1420de9 100644 --- a/js/xpconnect/src/XPCConvert.cpp +++ b/js/xpconnect/src/XPCConvert.cpp @@ -1318,10 +1318,14 @@ XPCConvert::JSErrorToXPCException(const char* message, const PRUnichar* uclinebuf = static_cast(report->uclinebuf); + const char* filename = report->filename; + data = new nsScriptError(); data->InitWithWindowID( bestMessage, - NS_ConvertASCIItoUTF16(report->filename), + // If the filename URI represents a local file, we redact it to + // avoid sharing the file's location on disk with client-side JS. + NS_ConvertASCIItoUTF16(NS_URIIsLocalFile(filename) ? "" : filename), uclinebuf ? nsDependentString(uclinebuf) : EmptyString(), report->lineno, report->uctokenptr - report->uclinebuf, report->flags, diff --git a/js/xpconnect/src/XPCStack.cpp b/js/xpconnect/src/XPCStack.cpp index db30556..cad7505 100644 --- a/js/xpconnect/src/XPCStack.cpp +++ b/js/xpconnect/src/XPCStack.cpp @@ -106,14 +106,15 @@ XPCJSStackFrame::CreateStack(JSContext* cx, XPCJSStackFrame** stack) JSAutoCompartment ac(cx, desc->frames[i].script); const char* filename = JS_GetScriptFilename(cx, desc->frames[i].script); - if (filename) { + // If the filename URI represents a local file, we redact it to + // avoid sharing the file's location on disk with client-side JS. + if (filename && !NS_URIIsLocalFile(filename)) { self->mFilename = (char*) nsMemory::Clone(filename, sizeof(char)*(strlen(filename)+1)); + self->mLineno = desc->frames[i].lineno; } - self->mLineno = desc->frames[i].lineno; - JSFunction* fun = desc->frames[i].fun; if (fun) { JS::RootedString funid(cx, JS_GetFunctionDisplayId(fun)); @@ -156,6 +157,12 @@ XPCJSStackFrame::CreateStackFrameLocation(uint32_t aLanguage, else failed = true; + // If the filename URI represents a local file, we redact it to + // avoid sharing the file's location on disk with client-side JS. + if (NS_URIIsLocalFile(aFilename)) { + failed = true; + } + if (!failed) { self->mLanguage = aLanguage; self->mLineno = aLineNumber; diff --git a/netwerk/base/public/nsNetUtil.h b/netwerk/base/public/nsNetUtil.h index 5d78203..e2fcfc6 100644 --- a/netwerk/base/public/nsNetUtil.h +++ b/netwerk/base/public/nsNetUtil.h @@ -1876,6 +1876,17 @@ NS_URIIsLocalFile(nsIURI *aURI) isFile; } +// Returns true if the passed url uses the file://, chrome://, resource:// +// or other local protocol. Returns false f the passed string is not a url, +// or is a protocol such as http:// or ftp://. +inline bool +NS_URIIsLocalFile(const char* url) { + nsCOMPtr urlObject; + nsresult rv = NS_NewURI(getter_AddRefs(urlObject), url); + if (NS_FAILED(rv)) return false; + return NS_URIIsLocalFile(urlObject); +} + // When strict file origin policy is enabled, SecurityCompareURIs will fail for // file URIs that do not point to the same local file. This call provides an // alternate file-specific origin check that allows target files that are -- 1.8.3.4 (Apple Git-47)