Closed
Bug 1058836
Opened 10 years ago
Closed 10 years ago
nsMixedContentBlocker.cpp doens't always set the content policy Decision when returning
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: tanvi, Assigned: tanvi)
Details
Attachments
(1 file, 1 obsolete file)
|
4.49 KB,
patch
|
tanvi
:
review+
|
Details | Diff | Splinter Review |
nsMixedContentBlocker.cpp sometimes returns without setting the aDecision parameter: http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#342 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#346 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#593 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#613 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#615 It must use the default decision, which is probably accept. Otherwise the blocker wouldn't work today. In most of these cases, the decision is accept. For the others, we return an error.
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → tanvi
|
|
Assignee | |
Comment 1•10 years ago
|
||
|
||
Comment 2•10 years ago
|
||
(In reply to Tanvi Vyas [:tanvi] from comment #1) > Created attachment 8479312 [details] [diff] [review] > Set aDecision parameter in MCB Probably set it to ACCEPT here as well: http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsMixedContentBlocker.cpp#592
|
|
Assignee | |
Comment 3•10 years ago
|
||
Comment on attachment 8479312 [details] [diff] [review] Set aDecision parameter in MCB Compiles and passes mixed content mochitests. Asking for review and then will push to try afterwards.
Attachment #8479312 -
Flags: review?(bugs)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8479312 [details] [diff] [review] Set aDecision parameter in MCB The code is a bit error prone. I wonder if we could somehow ensure that the out param is set to some value, maybe using a stack variable.
Attachment #8479312 -
Flags: review?(bugs) → review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
Revised patch to address smaug's comment - now we set a default aDecision of REJECT_REQUEST or block at the beginning of ShouldLoad(). Carrying over r+ and I pushed to try: https://tbpl.mozilla.org/?tree=Try&rev=255cfe85898e
Attachment #8479312 -
Attachment is obsolete: true
Attachment #8480778 -
Flags: review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
Try looks good. This is ready to push but inbound is closed, so marking as checkin-needed.
Keywords: checkin-needed
|
|
Assignee | |
Comment 7•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/c7eccf7c09f1
Keywords: checkin-needed
|
||
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/c7eccf7c09f1
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla34
You need to log in
before you can comment on or make changes to this bug.
Description
•