Last Comment Bug 336303 - [FIX]nsPrincipal::GetOrigin should dig into nested URIs
: [FIX]nsPrincipal::GetOrigin should dig into nested URIs
: fixed1.8.0.15, verified1.8.1.13
Product: Core
Classification: Components
Component: Security (show other bugs)
: Trunk
: x86 Linux
: P2 normal (vote)
: mozilla1.9alpha1
Assigned To: Boris Zbarsky [:bz] (TPAC)
Depends on: 334407
Blocks: 327241 CVE-2008-1195
  Show dependency treegraph
Reported: 2006-05-02 13:41 PDT by Boris Zbarsky [:bz] (TPAC)
Modified: 2008-03-25 09:27 PDT (History)
11 users (show)
dveditz: blocking1.8.1.13+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Proposed fix (6.33 KB, patch)
2006-05-02 14:24 PDT, Boris Zbarsky [:bz] (TPAC)
dveditz: review+
Details | Diff | Splinter Review
Er, yes. ;) (4.77 KB, patch)
2006-05-04 07:11 PDT, Boris Zbarsky [:bz] (TPAC)
jst: superreview+
Details | Diff | Splinter Review
With all parts really there (7.17 KB, patch)
2006-05-11 17:04 PDT, Boris Zbarsky [:bz] (TPAC)
no flags Details | Diff | Splinter Review
1.8 branch version (6.79 KB, patch)
2008-03-09 00:45 PST, Daniel Veditz [:dveditz]
bzbarsky: review+
bzbarsky: superreview+
samuel.sidler+old: approval1.8.1.13+
Details | Diff | Splinter Review

Description Boris Zbarsky [:bz] (TPAC) 2006-05-02 13:41:45 PDT
That would allow us to remove the "ugly manual de-nesting of jar: in
Comment 1 Boris Zbarsky [:bz] (TPAC) 2006-05-02 14:24:54 PDT
Created attachment 220558 [details] [diff] [review]
Proposed fix

I checked the GetOrigin callers.  All except for GetCodebasePrincipal are just fine with this change; I believe GetCodebasePrincipal is fine too.
Comment 2 Daniel Veditz [:dveditz] 2006-05-03 23:29:32 PDT
Comment on attachment 220558 [details] [diff] [review]
Proposed fix

presumably there's a caps/include/nsPrincipal.h patch that adds the mOrigin member?

Comment 3 Boris Zbarsky [:bz] (TPAC) 2006-05-04 07:11:18 PDT
Created attachment 220780 [details] [diff] [review]
Er, yes.  ;)
Comment 4 Johnny Stenback (:jst, 2006-05-11 16:18:54 PDT
Comment on attachment 220780 [details] [diff] [review]
Er, yes.  ;)

Comment 5 Boris Zbarsky [:bz] (TPAC) 2006-05-11 17:04:12 PDT
Created attachment 221764 [details] [diff] [review]
With all parts really there
Comment 6 Boris Zbarsky [:bz] (TPAC) 2006-05-11 19:55:56 PDT
Comment 7 Daniel Veditz [:dveditz] 2008-03-09 00:45:12 PST
Created attachment 308264 [details] [diff] [review]
1.8 branch version
Comment 8 Boris Zbarsky [:bz] (TPAC) 2008-03-09 10:46:08 PDT
Comment on attachment 308264 [details] [diff] [review]
1.8 branch version

Looks good. r+sr=bzbarsky
Comment 9 Samuel Sidler (old account; do not CC) 2008-03-09 22:25:46 PDT
Comment on attachment 308264 [details] [diff] [review]
1.8 branch version

Approved for a=ss
Comment 10 Daniel Veditz [:dveditz] 2008-03-09 22:43:07 PDT
Fix checked into 1.8 branch
Comment 11 Daniel Veditz [:dveditz] 2008-03-09 23:03:00 PDT
qa: this can be tested with the test case in bug 402995
Comment 12 Christopher Aillon (sabbatical, not receiving bugmail) 2008-03-20 12:16:23 PDT
Comment on attachment 308264 [details] [diff] [review]
1.8 branch version

a=caillon for the 1.8.0 branch
Comment 13 Al Billings [:abillings] 2008-03-21 16:25:16 PDT
I verified bug 402995 using Firefox on Ubuntu 7.10 with JRE 1.6.0_03-b05.
I then validated the fix for 402995 using Mozilla/5.0 (X11; U; Linux i686; en-US;
rv: Gecko/2008031115 Firefox/, which is the RC1 for
The bug no longer reproduces in either of the jar: versions. 

Marking as verified for
Comment 14 Reed Loden [:reed] (use needinfo?) 2008-03-22 00:48:43 PDT

Checking in caps/include/nsPrincipal.h;
/cvsroot/mozilla/caps/include/nsPrincipal.h,v  <--  nsPrincipal.h
new revision:; previous revision: 1.17
Checking in caps/src/nsPrincipal.cpp;
/cvsroot/mozilla/caps/src/nsPrincipal.cpp,v  <--  nsPrincipal.cpp
new revision:; previous revision:
Checking in caps/src/nsScriptSecurityManager.cpp;
/cvsroot/mozilla/caps/src/nsScriptSecurityManager.cpp,v  <--  nsScriptSecurityManager.cpp
new revision:; previous revision:

Note You need to log in before you can comment on or make changes to this bug.