Bug 88087 - giving about: pages loaded from chrome a principal other than

system, to prevent security attacks against these pages. r=bbaetz, sr=waterson
2001-07-20 07:09:59 +00:00 · 2001-07-20 07:09:59 +00:00 · 88259b1073
--- a/netwerk/protocol/about/src/nsAboutRedirector.cpp
+++ b/netwerk/protocol/about/src/nsAboutRedirector.cpp
@ -29,6 +29,7 @@
 #include "nsIURI.h"
 #include "nsXPIDLString.h"
 #include "plstr.h"
+#include "nsIScriptSecurityManager.h"

 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);

@ -53,10 +54,35 @@ nsAboutRedirector::NewChannel(nsIURI *aURI, nsIChannel **result)
    if (NS_FAILED(rv))
        return rv;

+    static const char kChromePrefix[] = "chrome:";
    for (int i = 0; i< kRedirTotal; i++) 
    {
        if (!PL_strcasecmp(path, kRedirMap[i][0]))
-            return ioService->NewChannel(kRedirMap[i][1], nsnull, result);
+        {
+            nsCOMPtr<nsIChannel> tempChannel;
+             rv = ioService->NewChannel(kRedirMap[i][1], nsnull, getter_AddRefs(tempChannel));
+             //-- If we're redirecting to a chrome URL, change the owner of the channel
+             //   to keep the page from getting unnecessary privileges.
+             if (NS_SUCCEEDED(rv) && result &&
+                 !PL_strncasecmp(kRedirMap[i][1], kChromePrefix, sizeof(kChromePrefix)-1))
+             {
+                  NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                  NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+                  if (NS_FAILED(rv))
+                      return rv;
+            
+                  nsCOMPtr<nsIPrincipal> principal;
+                  rv = securityManager->GetCodebasePrincipal(aURI, getter_AddRefs(principal));
+                  if (NS_FAILED(rv))
+                      return rv;
+            
+                  nsCOMPtr<nsISupports> owner = do_QueryInterface(principal);
+                  rv = tempChannel->SetOwner(owner);
+             }
+             *result = tempChannel.get();
+             NS_ADDREF(*result);
+             return rv;
+        }

    }
    NS_ASSERTION(0, "nsAboutRedirector called for unknown case");
--- a/xpfe/appshell/src/nsAbout.cpp
+++ b/xpfe/appshell/src/nsAbout.cpp
@ -26,6 +26,7 @@
 #include "nsCOMPtr.h"
 #include "nsIURI.h"
 #include "nsNetCID.h"
+#include "nsIScriptSecurityManager.h"

 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);

@ -40,7 +41,24 @@ nsAbout::NewChannel(nsIURI *aURI, nsIChannel **result)
    NS_WITH_SERVICE(nsIIOService, ioService, kIOServiceCID, &rv);
    if ( NS_FAILED(rv) )
        return rv;
-   	rv = ioService->NewChannel(kURI, nsnull, result);
+
+    nsCOMPtr<nsIChannel> tempChannel;
+   	rv = ioService->NewChannel(kURI, nsnull, getter_AddRefs(tempChannel));
+
+    NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+    NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    if (NS_FAILED(rv))
+        return rv;
+
+    nsCOMPtr<nsIPrincipal> principal;
+    rv = securityManager->GetCodebasePrincipal(aURI, getter_AddRefs(principal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    nsCOMPtr<nsISupports> owner = do_QueryInterface(principal);
+    rv = tempChannel->SetOwner(owner);
+    *result = tempChannel.get();
+    NS_ADDREF(*result);
    return rv;
 }