Bug 1725766 - Disallow view-source URI to open external apps, r=necko-reviewers,dragana,valentin

Differential Revision: https://phabricator.services.mozilla.com/D123825

Bug 1725766 - Disallow view-source URI to open external apps, r=necko-reviewers,dragana,valentin
1956da36 · Kershaw Chang · b4ac64ed · 1956da36 · 1956da36 · 1956da36
Commit 1956da36 authored 3 years ago by Kershaw Chang
--- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
+++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp
@@ -10,6 +10,7 @@
 #include "nsContentSecurityManager.h"
 #include "nsContentUtils.h"
 #include "nsHttpChannel.h"
+#include "nsIExternalProtocolHandler.h"
 #include "nsIHttpHeaderVisitor.h"
 #include "nsIIOService.h"
 #include "nsIInputStreamChannel.h"
@@ -44,6 +45,26 @@ NS_INTERFACE_MAP_BEGIN(nsViewSourceChannel)
  NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIViewSourceChannel)
 NS_INTERFACE_MAP_END

+static nsresult WillUseExternalProtocolHandler(nsIIOService* aIOService,
+                                               const char* aScheme) {
+  nsCOMPtr<nsIProtocolHandler> handler;
+  nsresult rv =
+      aIOService->GetProtocolHandler(aScheme, getter_AddRefs(handler));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIExternalProtocolHandler> externalHandler =
+      do_QueryInterface(handler);
+  // We should not allow view-source to open any external app.
+  if (externalHandler) {
+    NS_WARNING(nsPrintfCString("blocking view-source:%s:", aScheme).get());
+    return NS_ERROR_MALFORMED_URI;
+  }
+
+  return NS_OK;
+}
+
 nsresult nsViewSourceChannel::Init(nsIURI* uri, nsILoadInfo* aLoadInfo) {
  mOriginalURI = uri;

@@ -64,6 +85,11 @@ nsresult nsViewSourceChannel::Init(nsIURI* uri, nsILoadInfo* aLoadInfo) {
    return NS_ERROR_INVALID_ARG;
  }

+  rv = WillUseExternalProtocolHandler(pService, scheme.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
  nsCOMPtr<nsIURI> newChannelURI;
  rv = pService->NewURI(path, nullptr, nullptr, getter_AddRefs(newChannelURI));
  NS_ENSURE_SUCCESS(rv, rv);
@@ -1121,6 +1147,22 @@ nsViewSourceChannel::AsyncOnChannelRedirect(
  rv = newChannel->GetOriginalURI(getter_AddRefs(newChannelOrigURI));
  NS_ENSURE_SUCCESS(rv, rv);

+  nsAutoCString scheme;
+  rv = newChannelOrigURI->GetScheme(scheme);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIIOService> ioService(do_GetIOService(&rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = WillUseExternalProtocolHandler(ioService, scheme.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
  nsCOMPtr<nsIURI> newChannelUpdatedOrigURI;
  rv = BuildViewSourceURI(newChannelOrigURI,
                          getter_AddRefs(newChannelUpdatedOrigURI));

--- a/netwerk/test/unit/test_bug1725766.js
+++ b/netwerk/test/unit/test_bug1725766.js
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+let hserv = Cc["@mozilla.org/uriloader/handler-service;1"].getService(
+  Ci.nsIHandlerService
+);
+let handlerInfo;
+const testScheme = "x-moz-test";
+
+function setup() {
+  var handler = Cc["@mozilla.org/uriloader/web-handler-app;1"].createInstance(
+    Ci.nsIWebHandlerApp
+  );
+  handler.name = testScheme;
+  handler.uriTemplate = "http://test.mozilla.org/%s";
+
+  var extps = Cc[
+    "@mozilla.org/uriloader/external-protocol-service;1"
+  ].getService(Ci.nsIExternalProtocolService);
+  handlerInfo = extps.getProtocolHandlerInfo(testScheme);
+  handlerInfo.possibleApplicationHandlers.appendElement(handler);
+
+  hserv.store(handlerInfo);
+  Assert.ok(extps.externalProtocolHandlerExists(testScheme));
+}
+
+setup();
+registerCleanupFunction(() => {
+  hserv.remove(handlerInfo);
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function viewsourceExternalProtocol() {
+  Assert.throws(
+    () => makeChan(`view-source:${testScheme}:foo.example.com`),
+    /NS_ERROR_MALFORMED_URI/
+  );
+});
+
+add_task(async function viewsourceExternalProtocolRedirect() {
+  let httpserv = new HttpServer();
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
+    response.setHeader("Location", `${testScheme}:foo@bar.com`, false);
+
+    var body = "Moved\n";
+    response.bodyOutputStream.write(body, body.length);
+  });
+  httpserv.start(-1);
+
+  let chan = makeChan(
+    `view-source:http://127.0.0.1:${httpserv.identity.primaryPort}/`
+  );
+  let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE);
+  Assert.equal(req.status, Cr.NS_ERROR_MALFORMED_URI);
+  await httpserv.stop();
+});
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@@ -538,3 +538,5 @@ run-sequentially = node server exceptions dont replay well
 [test_http3_direct_proxy.js]
 skip-if = tsan || os =='android'
 run-sequentially = node server exceptions dont replay well
+[test_bug1725766.js]
+skip-if = os == "android" # skip because of bug 1589327