Closed
Bug 1206151
Opened 10 years ago
Closed 10 years ago
Rely on loadInfo->GetSecurityMode() rather than loadInfo->GetEnforceSecurit() within packagedAppService
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file)
|
1.17 KB,
patch
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → mozilla
|
|
Assignee | |
Comment 1•10 years ago
|
||
There is no channel redirect and we should rather rely on GetSecurityMode() than GetEnforceSecurity(). I missed that when reviewing Bug 1196021.
Attachment #8663036 -
Flags: review?(jonas)
How did we get to this piece of code if no-one called AsyncOpen/AsyncOpen2 on a channel?
Comment on attachment 8663036 [details] [diff] [review]
bug_1206151_packagedappservice.patch
Review of attachment 8663036 [details] [diff] [review]:
-----------------------------------------------------------------
Please ask Valentine for review if we actually want to land this.
Attachment #8663036 -
Flags: review?(jonas)
|
|
Assignee | |
Comment 4•10 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #3)
> Comment on attachment 8663036 [details] [diff] [review]
> bug_1206151_packagedappservice.patch
>
> Review of attachment 8663036 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> Please ask Valentine for review if we actually want to land this.
I think this actually became INVALID after chatting with you on IRC. But let me confirm with Valentin.
Valentin, GetResource is called from within nsHttpChannel::BeginConnect(). If I understand the flow of execution correctly, then this means that the channel already was openend using ::AsyncOpen2(), in which case we would have set the EnforeSecurityFlag here [2] and all good. If that is indeed the case then we can close this bug as INVALID. Otherwise we have to dig a little deeper and make sure that GetResource can not bypass any security checks.
[1] http://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/http/nsHttpChannel.cpp#5248
[2] http://mxr.mozilla.org/mozilla-central/source/dom/security/nsContentSecurityManager.cpp#304
Flags: needinfo?(valentin.gosu)
|
||
Comment 5•10 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #4)
> Valentin, GetResource is called from within nsHttpChannel::BeginConnect().
> If I understand the flow of execution correctly, then this means that the
> channel already was openend using ::AsyncOpen2(), in which case we would
> have set the EnforeSecurityFlag here [2] and all good. If that is indeed the
> case then we can close this bug as INVALID. Otherwise we have to dig a
> little deeper and make sure that GetResource can not bypass any security
> checks.
>
You are correct. Currently that is the only call to getResource, and technically the newly created channel will also call AsyncOpen2 if the calling one did so too.
Flags: needinfo?(valentin.gosu)
|
|
Assignee | |
Comment 6•10 years ago
|
||
(In reply to Valentin Gosu [:valentin] from comment #5)
> You are correct. Currently that is the only call to getResource, and
> technically the newly created channel will also call AsyncOpen2 if the
> calling one did so too.
Ok, because the loadInfo is copied from the outer channel to the inner channel. So all good then. Closing as INVALID. Thanks!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•