Bug 480430 followup -- wrap for different-scope bug same-origin chrome wrappers since we have code that depends on it.

2009-03-03 20:26:13 -08:00 · 2009-03-03 20:26:13 -08:00 · 209b129774
--- a/js/src/xpconnect/src/nsXPConnect.cpp
+++ b/js/src/xpconnect/src/nsXPConnect.cpp
@ -2362,9 +2362,10 @@ nsXPConnect::GetWrapperForObject(JSContext* aJSContext,

    *_retval = OBJECT_TO_JSVAL(aObject);

-    PRBool sameOrigin = xpc_SameOrigin(objectscope, xpcscope);
+    JSBool sameOrigin;
+    JSBool sameScope = xpc_SameScope(objectscope, xpcscope, &sameOrigin);
    if(STOBJ_IS_SYSTEM(aObject) ||
-       (sameOrigin &&
+       (sameScope &&
        (!XPC_XOW_ClassNeedsXOW(STOBJ_GET_CLASS(aObject)->name) ||
         (aFilenameFlags & JSFILENAME_SYSTEM))))
        return NS_OK;
@ -2373,23 +2374,26 @@ nsXPConnect::GetWrapperForObject(JSContext* aJSContext,

    if(aFilenameFlags & JSFILENAME_PROTECTED)
    {
-        NS_ASSERTION(!sameOrigin, "Bad filename flags");
        wrappedObj = XPCNativeWrapper::GetNewOrUsed(aJSContext, wrapper,
                                                    aPrincipal);
    }
    else if(aFilenameFlags & JSFILENAME_SYSTEM)
    {
-        NS_ASSERTION(!sameOrigin, "Bad filename flags");
        jsval val = OBJECT_TO_JSVAL(aObject);
        if(XPC_SJOW_Construct(aJSContext, nsnull, 1, &val, &val))
            wrappedObj = JSVAL_TO_OBJECT(val);
    }
-    else
+    else if (!sameOrigin)
    {
        jsval val = OBJECT_TO_JSVAL(aObject);
        if(XPC_XOW_WrapObject(aJSContext, aScope, &val, wrapper))
            wrappedObj = JSVAL_TO_OBJECT(val);
    }
+    else
+    {
+        // Different scopes, but same origin, return the original object.
+        return NS_OK;
+    }

    if(!wrappedObj)
        return NS_ERROR_FAILURE;
--- a/js/src/xpconnect/src/xpcconvert.cpp
+++ b/js/src/xpconnect/src/xpcconvert.cpp
@ -1156,8 +1156,9 @@ XPCConvert::NativeInterface2JSObject(XPCCallContext& ccx,
            JSObject *flat = wrapper->GetFlatJSObject();
            jsval v = OBJECT_TO_JSVAL(flat);

+            JSBool sameOrigin;
            if (allowNativeWrapper &&
-                !xpc_SameOrigin(wrapper->GetScope(), xpcscope))
+                !xpc_SameScope(wrapper->GetScope(), xpcscope, &sameOrigin))
            {
                // Cross scope access detected. Check if chrome code
                // is accessing non-chrome objects, and if so, wrap
@ -1218,6 +1219,7 @@ XPCConvert::NativeInterface2JSObject(XPCCallContext& ccx,
                        strongWrapper = wrapper;

                    JSObject *destObj = nsnull;
+                    JSBool triedWrapping = JS_FALSE;
                    if(flags & JSFILENAME_PROTECTED)
                    {
 #ifdef DEBUG_XPCNativeWrapper
@ -1256,6 +1258,7 @@ XPCConvert::NativeInterface2JSObject(XPCCallContext& ccx,
                        destObj =
                            XPCNativeWrapper::GetNewOrUsed(ccx, wrapper,
                                                           objPrincipal);
+                        triedWrapping = JS_TRUE;
                    }
                    else if (flags & JSFILENAME_SYSTEM)
                    {
@ -1266,17 +1269,20 @@ XPCConvert::NativeInterface2JSObject(XPCCallContext& ccx,

                        if(XPC_SJOW_Construct(ccx, nsnull, 1, &v, &v))
                            destObj = JSVAL_TO_OBJECT(v);
+                        triedWrapping = JS_TRUE;
                    }
-                    else
+                    else if (!sameOrigin)
                    {
                        // Reaching across scopes from content code. Wrap
                        // the new object in a XOW.
                        if (XPC_XOW_WrapObject(ccx, scope, &v))
                            destObj = JSVAL_TO_OBJECT(v);
+                        triedWrapping = JS_TRUE;
                    }

-                    return destObj &&
-                           CreateHolderIfNeeded(ccx, destObj, d, dest);
+                    if(triedWrapping)
+                        return destObj &&
+                               CreateHolderIfNeeded(ccx, destObj, d, dest);
                }
            }

--- a/js/src/xpconnect/src/xpcinlines.h
+++ b/js/src/xpconnect/src/xpcinlines.h
@ -729,21 +729,24 @@ xpc_NewSystemInheritingJSObject(JSContext *cx, JSClass *clasp, JSObject *proto,
 }

 inline JSBool
-xpc_SameOrigin(XPCWrappedNativeScope *objectscope, XPCWrappedNativeScope *xpcscope)
+xpc_SameScope(XPCWrappedNativeScope *objectscope, XPCWrappedNativeScope *xpcscope,
+              JSBool *sameOrigin)
 {
-    if(objectscope == xpcscope)
+    if (objectscope == xpcscope)
+    {
+        *sameOrigin = JS_TRUE;
        return JS_TRUE;
+    }

    nsIPrincipal *objectprincipal = objectscope->GetPrincipal();
    nsIPrincipal *xpcprincipal = xpcscope->GetPrincipal();
-    PRBool sameOrigin;
    if(!objectprincipal || !xpcprincipal ||
-       NS_FAILED(objectprincipal->Equals(xpcprincipal, &sameOrigin)))
+       NS_FAILED(objectprincipal->Equals(xpcprincipal, sameOrigin)))
    {
-        return JS_FALSE;
+        *sameOrigin = JS_FALSE;
    }

-    return sameOrigin;
+    return JS_FALSE;
 }

 inline jsval
--- a/js/src/xpconnect/src/xpcprivate.h
+++ b/js/src/xpconnect/src/xpcprivate.h
@ -4068,7 +4068,9 @@ xpc_NewSystemInheritingJSObject(JSContext *cx, JSClass *clasp, JSObject *proto,
                                JSObject *parent);

 inline JSBool
-xpc_SameOrigin(XPCWrappedNativeScope *objectscope, XPCWrappedNativeScope *xpcscope);
+xpc_SameScope(XPCWrappedNativeScope *objectscope,
+              XPCWrappedNativeScope *xpcscope,
+              JSBool *sameOrigin);

 nsISupports *
 XPC_GetIdentityObject(JSContext *cx, JSObject *obj);