Closed Bug 800864 Opened 13 years ago Closed 13 years ago

Add some extra tests for same-compartment Location issues

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla19
Tracking Flags:
Tracking Status
firefox19 --- fixed
firefox-esr10 --- unaffected
firefox-esr17 --- unaffected
b2g18 --- unaffected

People

(Reporter: bholley, Assigned: bholley)

Details

(Keywords: sec-audit, Whiteboard: [adv-main19-])

Attachments

(1 file)

Extra tests. v1
2.54 KB, patch
bzbarsky
: review+
dveditz
: sec-approval+
Details | Diff | Splinter Review
When backporting bug 720619 to ESR10, I had to reinvent some stuff because the PUNCTURE machinery didn't exist back then. So I did a simple compartment principal subsumes check that generally worked. However, there's one rub. Because the Location object describes the outer window, not the inner, we can't just rely on the compartment principals in that case. I'm working up a testcase now.
Oh wait! Happy day! My belt-and-suspenders code paid off. In particular, I added code to invoke the policy enforcement trap for the wrapper even if the subsumes check succeeds: https://hg.mozilla.org/releases/mozilla-esr10/rev/863bac88c122#l1.23 In the case of a same-compartment location wrapper, this ends up throwing, because JSID_VOID isn't cross-origin accessible. So we're saved by this line here, ironically. > // Totally unexpected, but roll with it. This is safe.
Attached patch Extra tests. v1Splinter Review
Either way, we might as well get these tests in. Can't hurt. Flagging bz for review.
Attachment #670749 - Flags: review?(bzbarsky)
Comment on attachment 670749 [details] [diff] [review] Extra tests. v1 r=me
Attachment #670749 - Flags: review?(bzbarsky) → review+
Hmm. Mis-rated based on the later comments. Suggested security rating based on size of actual issue?
Keywords: sec-critical
Good point, Al. This doesn't change code, it just adds tests that we already pass. I guess that's kind of an audit.
Keywords: sec-audit
Flags: in-testsuite?
Is there anything left to do here besides land the patch, Bobby? You could probably also just put up the sec review requests and branch requests at the same time, as it should be okay for both (assuming you are sure it passes everywhere).
(In reply to Andrew McCreight [:mccr8] from comment #6) > Is there anything left to do here besides land the patch, Bobby? You could > probably also just put up the sec review requests and branch requests at the > same time, as it should be okay for both (assuming you are sure it passes > everywhere). IMO there's not really much to do here. The issue as-filed is invalid, but I wrote some useful tests in the mean time, which I'll land when I land all the other tests that are currently waiting for 16.0.2.
Comment on attachment 670749 [details] [diff] [review] Extra tests. v1 Now that the Location stuff has blown over, requesting sec-approval to land this patch on inbound. This should pass on all our releases.
Attachment #670749 - Flags: sec-approval?
Comment on attachment 670749 [details] [diff] [review] Extra tests. v1 sec-approval+ -- the majority of our users are on 16.0.2 now.
Attachment #670749 - Flags: sec-approval? → sec-approval+
Summary: ESR10 DefaultValue fix doesn't handle same-compartment Location issues → Add some extra tests for same-compartment Location issues
https://hg.mozilla.org/mozilla-central/rev/38a111dc16e2
Status: NEW → RESOLVED
Closed: 13 years ago
status-firefox19: --- → fixed
Flags: in-testsuite? → in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
Whiteboard: [adv-main19-]
Group: core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: