Closed
Bug 1161507
Opened 9 years ago
Closed 9 years ago
BroadcastChannel should use origin+appId+IsInBrowserElement as key in b2g
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla40
People
(Reporter: baku, Assigned: baku)
References
Details
Attachments
(1 file)
13.41 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
Jonas, do you mind to take a look at this patch?
Attachment #8601441 -
Flags: review?(jonas)
Comment on attachment 8601441 [details] [diff] [review] bc.patch Review of attachment 8601441 [details] [diff] [review]: ----------------------------------------------------------------- ::: dom/broadcastchannel/BroadcastChannelParent.cpp @@ +32,5 @@ > { > AssertIsOnBackgroundThread(); > mService->RegisterActor(this); > + > + if (aPrincipalInfo.type() ==PrincipalInfo::TContentPrincipalInfo) { You should verify that the app-id received from the child process is an appid that's actually running in the child. And not an attempt of the child to try to snoop what's happening in other apps. The best way to do that is to convert the PrincipalInfo to an nsIPrincipal and then calling AssertAppPrincipal: http://mxr.mozilla.org/mozilla-central/source/dom/ipc/AppProcessChecker.h#101 Once you do that, you can also get the origin from the nsIPrincipal, and there's no need to pass the aOrigin separately. That way you'll also get additional security checks once we start enforcing that certain origins will only run in certain child processes and check that in the AssertAppPrincipal function.
Assignee | ||
Comment 2•9 years ago
|
||
We don't do this check in the BroadcastChannelParent but here: http://mxr.mozilla.org/mozilla-central/source/ipc/glue/BackgroundParentImpl.cpp#309
Attachment #8601441 -
Flags: review?(jonas) → review+
Assignee | ||
Comment 4•9 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=360f6ee28925
Comment 5•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e7f7dc49cf08
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
Updated•9 years ago
|
status-b2g-master:
--- → fixed
Proposing that we backport this along with 1148033.
status-b2g-v2.2:
--- → ?
Assignee | ||
Comment 7•9 years ago
|
||
Comment on attachment 8601441 [details] [diff] [review] bc.patch [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 966439 / BroadcastChannel API User impact if declined: in B2G, broadcastChannel can send messages to the wrong origin. Testing completed: yes, a mochitest is included Risk to taking this patch (and alternatives if risky): none String or UUID changes made by this patch: none
Attachment #8601441 -
Flags: approval-mozilla-b2g37?
Updated•9 years ago
|
Attachment #8601441 -
Flags: approval-mozilla-b2g37?
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•