Closed Bug 336303 Opened 19 years ago Closed 19 years ago

[FIX]nsPrincipal::GetOrigin should dig into nested URIs

Categories

(Core :: Security, defect, P2)

Product:
Core
Component:
Security
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

(Keywords: fixed1.8.0.15, verified1.8.1.13)

Attachments

(2 files, 2 obsolete files)

With all parts really there
7.17 KB, patch
Details | Diff | Splinter Review
1.8 branch version
6.79 KB, patch
bzbarsky
: review+
bzbarsky
: superreview+
samuel.sidler+old
: approval1.8.1.13+
caillon
: approval1.8.0.next+
Details | Diff | Splinter Review
That would allow us to remove the "ugly manual de-nesting of jar: in nsScriptSecurityManager::LookupPolicy".
Blocks: 327241
Depends on: 334407
Attached patch Proposed fix (obsolete) — Splinter Review
I checked the GetOrigin callers. All except for GetCodebasePrincipal are just fine with this change; I believe GetCodebasePrincipal is fine too.
Attachment #220558 - Flags: superreview?(jst)
Attachment #220558 - Flags: review?(dveditz)
Priority: -- → P2
Summary: nsPrincipal::GetOrigin should dig into nested URIs → [FIX]nsPrincipal::GetOrigin should dig into nested URIs
Target Milestone: --- → mozilla1.9alpha
Comment on attachment 220558 [details] [diff] [review] Proposed fix presumably there's a caps/include/nsPrincipal.h patch that adds the mOrigin member? r=dveditz
Attachment #220558 - Flags: review?(dveditz) → review+
Attached patch Er, yes. ;) (obsolete) — Splinter Review
Attachment #220558 - Attachment is obsolete: true
Attachment #220780 - Flags: superreview?(jst)
Attachment #220558 - Flags: superreview?(jst)
Comment on attachment 220780 [details] [diff] [review] Er, yes. ;) sr=jst
Attachment #220780 - Flags: superreview?(jst) → superreview+
Attachment #220780 - Attachment is obsolete: true
Fixed.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Blocks: CVE-2008-1195
Flags: blocking1.8.1.13+
Attachment #308264 - Flags: superreview?(bzbarsky)
Attachment #308264 - Flags: review?(bzbarsky)
Attachment #308264 - Flags: approval1.8.1.13?
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version Looks good. r+sr=bzbarsky
Attachment #308264 - Flags: superreview?(bzbarsky)
Attachment #308264 - Flags: superreview+
Attachment #308264 - Flags: review?(bzbarsky)
Attachment #308264 - Flags: review+
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version Approved for 1.8.1.13. a=ss
Attachment #308264 - Flags: approval1.8.1.13? → approval1.8.1.13+
Fix checked into 1.8 branch
Flags: blocking1.8.0.15?
Keywords: fixed1.8.1.13
qa: this can be tested with the test case in bug 402995
Flags: blocking1.8.0.15? → blocking1.8.0.15+
Comment on attachment 308264 [details] [diff] [review] 1.8 branch version a=caillon for the 1.8.0 branch
Attachment #308264 - Flags: approval1.8.0.15? → approval1.8.0.15+
I verified bug 402995 using Firefox 2.0.0.12 on Ubuntu 7.10 with JRE 1.6.0_03-b05. I then validated the fix for 402995 using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/2008031115 Firefox/2.0.0.13, which is the RC1 for 2.0.0.13. The bug no longer reproduces in either of the jar: versions. Marking as verified for 1.8.1.13
Keywords: fixed1.8.1.13verified1.8.1.13
MOZILLA_1_8_0_BRANCH: Checking in caps/include/nsPrincipal.h; /cvsroot/mozilla/caps/include/nsPrincipal.h,v <-- nsPrincipal.h new revision: 1.17.10.1; previous revision: 1.17 done Checking in caps/src/nsPrincipal.cpp; /cvsroot/mozilla/caps/src/nsPrincipal.cpp,v <-- nsPrincipal.cpp new revision: 1.37.2.1.2.2; previous revision: 1.37.2.1.2.1 done Checking in caps/src/nsScriptSecurityManager.cpp; /cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v <-- nsScriptSecurityManager.cpp new revision: 1.266.2.7.2.13; previous revision: 1.266.2.7.2.12 done
Keywords: fixed1.8.0.15
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: