forked from mirrors/gecko-dev
d98a83f672
Bug 1659438 introduced an exported function `GetDependentModulePaths` in firefox.exe so that our sandboxBroker can easily access the shared section whose handle is owned by firefox.exe. This patch disallows `GetDependentModulePaths` to be called from someone other than xul.dll in order to harden the attack to tamper our shared section. This cannot prevent all possible attacks, but it's better than nothing. Differential Revision: https://phabricator.services.mozilla.com/D97377
30 lines
925 B
C++
30 lines
925 B
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "mozilla/LoaderAPIInterfaces.h"
|
|
|
|
#include "freestanding/CheckForCaller.h"
|
|
#include "freestanding/LoaderPrivateAPI.h"
|
|
|
|
namespace mozilla {
|
|
|
|
extern "C" MOZ_EXPORT nt::LoaderAPI* GetNtLoaderAPI(
|
|
nt::LoaderObserver* aNewObserver) {
|
|
const bool isCallerMozglue =
|
|
CheckForAddress(RETURN_ADDRESS(), L"mozglue.dll");
|
|
MOZ_ASSERT(isCallerMozglue);
|
|
if (!isCallerMozglue) {
|
|
return nullptr;
|
|
}
|
|
|
|
freestanding::EnsureInitialized();
|
|
freestanding::LoaderPrivateAPI& api = freestanding::gLoaderPrivateAPI;
|
|
api.SetObserver(aNewObserver);
|
|
|
|
return &api;
|
|
}
|
|
|
|
} // namespace mozilla
|