Bug 732413: make DISALLOW_INHERIT_PRINCIPAL flag passed to checkLoadURI...

Bug 732413: make DISALLOW_INHERIT_PRINCIPAL flag passed to checkLoadURI effective even when the source principal is the system principal, r=bz --HG-- rename : caps/tests/mochitest/test_bug470804.html => caps/tests/mochitest/test_disallowInheritPrincipal.html extra : transplant_source : %CD%A3%DD%8Aa%DC%1F%BE%F8%0DB%BE%86%3FQ%D8%95%88%9E%CA

Bug 732413: make DISALLOW_INHERIT_PRINCIPAL flag passed to checkLoadURI...
0dfb0173 · Gavin Sharp · 9005b231 · 0dfb0173 · 0dfb0173 · 0dfb0173
Commit 0dfb0173 authored 13 years ago by Gavin Sharp
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -1400,11 +1400,21 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
    NS_ENSURE_ARG_POINTER(aPrincipal);
    NS_ENSURE_ARG_POINTER(aTargetURI);

+    // If DISALLOW_INHERIT_PRINCIPAL is set, we prevent loading of URIs which
+    // would do such inheriting. That would be URIs that do not have their own
+    // security context. We do this even for the system principal.
+    if (aFlags & nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL) {
+        nsresult rv =
+            DenyAccessIfURIHasFlags(aTargetURI,
+                                    nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT);
+        NS_ENSURE_SUCCESS(rv, rv);
+    }
+
    if (aPrincipal == mSystemPrincipal) {
        // Allow access
        return NS_OK;
    }
-    
+
    nsCOMPtr<nsIURI> sourceURI;
    aPrincipal->GetURI(getter_AddRefs(sourceURI));
    if (!sourceURI) {
@@ -1421,16 +1431,6 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
        NS_ENSURE_SUCCESS(rv, rv);
    }

-    // If DISALLOW_INHERIT_PRINCIPAL is set, we prevent loading of URIs which
-    // would do such inheriting.  That would be URIs that do not have their own
-    // security context.
-    if (aFlags & nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL) {
-        nsresult rv =
-            DenyAccessIfURIHasFlags(aTargetURI,
-                                    nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT);
-        NS_ENSURE_SUCCESS(rv, rv);
-    }
-
    // If either URI is a nested URI, get the base URI
    nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(sourceURI);
    nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);

--- a/caps/tests/mochitest/Makefile.in
+++ b/caps/tests/mochitest/Makefile.in
@@ -48,8 +48,9 @@ include $(topsrcdir)/config/rules.mk
 _TEST_FILES = 	test_bug423375.html \
                test_bug246699.html \
                test_bug292789.html \
-		test_bug470804.html \
-		$(NULL)
+                test_bug470804.html \
+                test_disallowInheritPrincipal.html \
+                $(NULL)

 test_bug292789.html : % : %.in
 	$(PYTHON) $(topsrcdir)/config/Preprocessor.py \

--- a/caps/tests/mochitest/test_disallowInheritPrincipal.html
+++ b/caps/tests/mochitest/test_disallowInheritPrincipal.html
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=732413
+-->
+<head>
+  <title>Test for Bug 732413</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=732413">Mozilla Bug 732413</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for Bug 732413
+    Passing DISALLOW_INHERIT_PRINCIPAL flag should be effective even if
+    aPrincipal is the system principal.
+ **/
+
+netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect');
+const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
+var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
+                       .getService(nsIScriptSecurityManager);
+var sysPrincipal = secMan.getSystemPrincipal();
+isnot(sysPrincipal, undefined, "Should have a principal");
+isnot(sysPrincipal, null, "Should have a non-null principal");
+is(secMan.isSystemPrincipal(sysPrincipal), true,
+   "Should have system principal here");
+
+
+var ioService = Components.classes["@mozilla.org/network/io-service;1"].
+                getService(Components.interfaces.nsIIOService);
+var inheritingURI = ioService.newURI("javascript:1+1", null, null);
+
+// First try a normal call to checkLoadURIWithPrincipal
+try {
+  secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
+                                   nsIScriptSecurityManager.STANDARD);
+  ok(true, "checkLoadURI allowed the load");
+} catch (e) {
+  ok(false, "checkLoadURI failed unexpectedly: " + e);
+}
+
+// Now call checkLoadURIWithPrincipal with DISALLOW_INHERIT_PRINCIPAL
+try {
+  secMan.checkLoadURIWithPrincipal(sysPrincipal, inheritingURI,
+                                   nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
+  ok(false, "checkLoadURI allowed the load unexpectedly");
+} catch (e) {
+  ok(true, "checkLoadURI prevented load of principal-inheriting URI");
+}
+
+</script>
+</pre>
+</body>
+</html>