[FIX]evalInSandbox creates URIs incorrectly, leading to bogus principals

RESOLVED FIXED in mozilla1.9alpha1

Status

()

P1
major
RESOLVED FIXED
12 years ago
12 years ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

Trunk
mozilla1.9alpha1
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

evalInSandbox creates URLs as follows:

        nsCOMPtr<nsIURL> iURL;
        nsCOMPtr<nsIStandardURL> stdUrl =
            do_CreateInstance(kStandardURLContractID, &rv);
        if (!stdUrl ||
            NS_FAILED(rv = stdUrl->Init(nsIStandardURL::URLTYPE_STANDARD, 80,
                                        codebase, nsnull, nsnull)) ||
           !(iURL = do_QueryInterface(stdUrl, &rv))) {

then calls GetCodebasePrincipal on the result.  It looks like this goes back to the original impl of evalInSandbox in bug 63027.

Is there a reason this isn't using newURI?  See <http://developer.mozilla.org/en/docs/Common_Pitfalls#How_to_create_a_URI_object> for more info.

Not marking security sensitive, but this setup can make same-origin checks actually succeed when they should be failing (e.g. between two sandboxes for the same non-host-based URI scheme), so we should really fix this unless there was a really good reason for the way it was done originally...  shaver, any chance you can recall why the code looks like this?
Assignee: dbradley → nobody
Created attachment 245877 [details] [diff] [review]
Fix

The import thing is just a safety fix I think we're missing... the rest of the changes are relevant to this patch.
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Attachment #245877 - Flags: superreview?(jst)
Attachment #245877 - Flags: review?(jst)
Priority: -- → P1
Summary: evalInSandbox creates URIs incorrectly, leading to bogus principals → [FIX]evalInSandbox creates URIs incorrectly, leading to bogus principals
Target Milestone: --- → mozilla1.9alpha
Comment on attachment 245877 [details] [diff] [review]
Fix

r+sr=jst
Attachment #245877 - Flags: superreview?(jst)
Attachment #245877 - Flags: superreview+
Attachment #245877 - Flags: review?(jst)
Attachment #245877 - Flags: review+
Fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED
Depends on: 361386
You need to log in before you can comment on or make changes to this bug.