forked from mirrors/gecko-dev
Bug 1905843, prevent unexpected use of result site origin, a=diannaS
Original Revision: https://phabricator.services.mozilla.com/D215496 Differential Revision: https://phabricator.services.mozilla.com/D222921
This commit is contained in:
Olli Pettay
parent
677d8613eb
commit
a63d71ea6b
3 changed files with 68 additions and 2 deletions
|
|
@ -81,8 +81,6 @@ class nsScriptSecurityManager final : public nsIScriptSecurityManager {
|
||||||
bool aFromPrivateWindow,
|
bool aFromPrivateWindow,
|
||||||
uint64_t aInnerWindowID = 0);
|
uint64_t aInnerWindowID = 0);
|
||||||
|
|
||||||
static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
|
|
||||||
|
|
||||||
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
|
static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
|
||||||
|
|
||||||
void DeactivateDomainPolicy();
|
void DeactivateDomainPolicy();
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@
|
||||||
#include "nsNetUtil.h"
|
#include "nsNetUtil.h"
|
||||||
#include "nsReadableUtils.h"
|
#include "nsReadableUtils.h"
|
||||||
#include "nsSandboxFlags.h"
|
#include "nsSandboxFlags.h"
|
||||||
|
#include "nsScriptSecurityManager.h"
|
||||||
#include "nsIXPConnect.h"
|
#include "nsIXPConnect.h"
|
||||||
|
|
||||||
#include "mozilla/BasePrincipal.h"
|
#include "mozilla/BasePrincipal.h"
|
||||||
|
|
@ -1431,6 +1432,9 @@ nsresult nsContentSecurityManager::doContentSecurityCheck(
|
||||||
rv = CheckAllowLoadByTriggeringRemoteType(aChannel);
|
rv = CheckAllowLoadByTriggeringRemoteType(aChannel);
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
rv = CheckForIncoherentResultPrincipal(aChannel);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
// if dealing with a redirected channel then we have already installed
|
// if dealing with a redirected channel then we have already installed
|
||||||
// streamlistener and redirect proxies and so we are done.
|
// streamlistener and redirect proxies and so we are done.
|
||||||
if (loadInfo->GetInitialSecurityCheckDone()) {
|
if (loadInfo->GetInitialSecurityCheckDone()) {
|
||||||
|
|
@ -1713,3 +1717,66 @@ nsContentSecurityManager::PerformSecurityCheck(
|
||||||
inAndOutListener.forget(outStreamListener);
|
inAndOutListener.forget(outStreamListener);
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
nsresult nsContentSecurityManager::CheckForIncoherentResultPrincipal(
|
||||||
|
nsIChannel* aChannel) {
|
||||||
|
nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
|
||||||
|
ExtContentPolicyType contentPolicyType =
|
||||||
|
loadInfo->GetExternalContentPolicyType();
|
||||||
|
if (contentPolicyType != ExtContentPolicyType::TYPE_DOCUMENT &&
|
||||||
|
contentPolicyType != ExtContentPolicyType::TYPE_SUBDOCUMENT &&
|
||||||
|
contentPolicyType != ExtContentPolicyType::TYPE_OBJECT) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
nsCOMPtr<nsIPrincipal> resultOrPrecursor;
|
||||||
|
nsresult rv = nsScriptSecurityManager::GetScriptSecurityManager()
|
||||||
|
->GetChannelResultPrincipalIfNotSandboxed(
|
||||||
|
aChannel, getter_AddRefs(resultOrPrecursor));
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
NS_ENSURE_STATE(resultOrPrecursor);
|
||||||
|
|
||||||
|
if (nsCOMPtr<nsIPrincipal> precursor =
|
||||||
|
resultOrPrecursor->GetPrecursorPrincipal()) {
|
||||||
|
resultOrPrecursor = precursor;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!resultOrPrecursor->GetIsContentPrincipal()) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
nsAutoCString resultSiteOriginNoSuffix;
|
||||||
|
rv = resultOrPrecursor->GetSiteOriginNoSuffix(resultSiteOriginNoSuffix);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
nsCOMPtr<nsIURI> resultSiteOriginURI;
|
||||||
|
NS_NewURI(getter_AddRefs(resultSiteOriginURI), resultSiteOriginNoSuffix);
|
||||||
|
NS_ENSURE_STATE(resultSiteOriginURI);
|
||||||
|
|
||||||
|
nsCOMPtr<nsIURI> channelURI;
|
||||||
|
aChannel->GetURI(getter_AddRefs(channelURI));
|
||||||
|
NS_ENSURE_STATE(channelURI);
|
||||||
|
|
||||||
|
nsCOMPtr<nsIPrincipal> channelUriPrincipal =
|
||||||
|
BasePrincipal::CreateContentPrincipal(channelURI, {});
|
||||||
|
NS_ENSURE_STATE(channelUriPrincipal);
|
||||||
|
|
||||||
|
nsAutoCString channelUriSiteOrigin;
|
||||||
|
rv = channelUriPrincipal->GetSiteOriginNoSuffix(channelUriSiteOrigin);
|
||||||
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
|
nsCOMPtr<nsIURI> channelSiteOriginURI;
|
||||||
|
NS_NewURI(getter_AddRefs(channelSiteOriginURI), channelUriSiteOrigin);
|
||||||
|
NS_ENSURE_STATE(channelSiteOriginURI);
|
||||||
|
|
||||||
|
if (nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(
|
||||||
|
resultSiteOriginURI, channelSiteOriginURI) ||
|
||||||
|
(!net::SchemeIsHTTP(resultSiteOriginURI) &&
|
||||||
|
!net::SchemeIsHTTPS(resultSiteOriginURI) &&
|
||||||
|
(net::SchemeIsHTTP(channelSiteOriginURI) ||
|
||||||
|
net::SchemeIsHTTPS(channelSiteOriginURI)))) {
|
||||||
|
return NS_ERROR_CONTENT_BLOCKED;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -87,6 +87,7 @@ class nsContentSecurityManager : public nsIContentSecurityManager,
|
||||||
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
|
static nsresult CheckAllowLoadInPrivilegedAboutContext(nsIChannel* aChannel);
|
||||||
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
|
static nsresult CheckChannelHasProtocolSecurityFlag(nsIChannel* aChannel);
|
||||||
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
|
static bool CrossOriginEmbedderPolicyAllowsCredentials(nsIChannel* aChannel);
|
||||||
|
static nsresult CheckForIncoherentResultPrincipal(nsIChannel* aChannel);
|
||||||
|
|
||||||
virtual ~nsContentSecurityManager() = default;
|
virtual ~nsContentSecurityManager() = default;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue