mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 4 changesets (bug 1583076) for causing build bustages on nsCSPService.cpp. CLOSED TREE 

Backed out changeset e3e31e1dfc13 (bug 1583076)
Backed out changeset 97e4bfbc5578 (bug 1583076)
Backed out changeset 6ccf5880c324 (bug 1583076)
Backed out changeset b4140efc183d (bug 1583076)
This commit is contained in:
Cosmin Sabou 2019-09-25 08:22:10 +03:00
Родитель f6c8016c29
Коммит 89350c28cd
7 изменённых файлов: 79 добавлений и 95 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

91
dom/security/nsCSPService.cpp
Просмотреть файл

@ -252,6 +252,35 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
nsCOMPtr<nsILoadInfo> loadInfo = oldChannel->LoadInfo();
// Check CSP navigate-to
// We need to enforce the CSP of the document that initiated the load,
// which is the CSP to inherit.
nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit();
if (cspToInherit) {
bool allowsNavigateTo = false;
rv = cspToInherit->GetAllowsNavigateTo(newUri, loadInfo,
true, /* aWasRedirected */
false, /* aEnforceWhitelist */
&allowsNavigateTo);
NS_ENSURE_SUCCESS(rv, rv);
if (!allowsNavigateTo) {
oldChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
return NS_OK;
}
}
// No need to continue processing if CSP is disabled or if the protocol
// is *not* subject to CSP.
// Please note, the correct way to opt-out of CSP using a custom
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
nsContentPolicyType policyType = loadInfo->InternalContentPolicyType();
if (!StaticPrefs::security_csp_enable() ||
!subjectToCSP(newUri, policyType)) {
return NS_OK;
}
/* Since redirecting channels don't call into nsIContentPolicy, we call our
* Content Policy implementation directly when redirects occur using the
* information set in the LoadInfo when channels are created.
@ -267,13 +296,12 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
return rv;
}
Maybe<nsresult> cancelCode;
rv = ConsultCSPForRedirect(originalUri, newUri, loadInfo, cancelCode);
if (cancelCode) {
oldChannel->Cancel(*cancelCode);
}
if (NS_FAILED(rv)) {
int16_t decision = nsIContentPolicy::ACCEPT;
rv = ConsultCSPForRedirect(originalUri, newUri, loadInfo, &decision);
if (NS_CP_REJECTED(decision)) {
autoCallback.DontCallback();
oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
return NS_BINDING_FAILED;
}
return rv;
@ -282,46 +310,17 @@ CSPService::AsyncOnChannelRedirect(nsIChannel* oldChannel,
nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
nsIURI* aNewURI,
nsILoadInfo* aLoadInfo,
Maybe<nsresult>& aCancelCode) {
// Check CSP navigate-to
// We need to enforce the CSP of the document that initiated the load,
// which is the CSP to inherit.
nsCOMPtr<nsIContentSecurityPolicy> cspToInherit =
aLoadInfo->GetCspToInherit();
if (cspToInherit) {
bool allowsNavigateTo = false;
nsresult rv = cspToInherit->GetAllowsNavigateTo(
aNewURI, aLoadInfo, true, /* aWasRedirected */
false, /* aEnforceWhitelist */
&allowsNavigateTo);
NS_ENSURE_SUCCESS(rv, rv);
if (!allowsNavigateTo) {
aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
return NS_OK;
}
}
// No need to continue processing if CSP is disabled or if the protocol
// is *not* subject to CSP.
// Please note, the correct way to opt-out of CSP using a custom
// protocolHandler is to set one of the nsIProtocolHandler flags
// that are whitelistet in subjectToCSP()
nsContentPolicyType policyType = aLoadInfo->InternalContentPolicyType();
if (!StaticPrefs::security_csp_enable() ||
!subjectToCSP(aNewURI, policyType)) {
return NS_OK;
}
int16_t* aDecision) {
nsCOMPtr<nsICSPEventListener> cspEventListener;
nsresult rv =
aLoadInfo->GetCspEventListener(getter_AddRefs(cspEventListener));
MOZ_ASSERT(NS_SUCCEEDED(rv));
NS_ENSURE_SUCCESS(rv, rv);
nsAutoString cspNonce;
rv = aLoadInfo->GetCspNonce(cspNonce);
MOZ_ASSERT(NS_SUCCEEDED(rv));
NS_ENSURE_SUCCESS(rv, rv);
nsContentPolicyType policyType = aLoadInfo->InternalContentPolicyType();
bool isPreload = nsContentUtils::IsPreloadType(policyType);
/* On redirect, if the content policy is a preload type, rejecting the preload
@ -331,7 +330,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
policyType =
nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(policyType);
int16_t decision = nsIContentPolicy::ACCEPT;
nsCOMPtr<nsISupports> requestContext = aLoadInfo->GetLoadingContext();
// 1) Apply speculative CSP for preloads
if (isPreload) {
@ -348,13 +346,12 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
aOriginalURI, // Original nsIURI
true, // aSendViolationReports
cspNonce, // nonce
&decision);
aDecision);
// if the preload policy already denied the load, then there
// is no point in checking the real policy
if (NS_CP_REJECTED(decision)) {
aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
return NS_BINDING_FAILED;
if (NS_CP_REJECTED(*aDecision)) {
return NS_OK;
}
}
}
@ -372,11 +369,7 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
aOriginalURI, // Original nsIURI
true, // aSendViolationReports
cspNonce, // nonce
&decision);
if (NS_CP_REJECTED(decision)) {
aCancelCode = Some(NS_ERROR_DOM_BAD_URI);
return NS_BINDING_FAILED;
}
aDecision);
}
return NS_OK;

6
dom/security/nsCSPService.h
Просмотреть файл

@ -34,13 +34,9 @@ class CSPService : public nsIContentPolicy, public nsIChannelEventSink {
const nsACString& aMimeTypeGuess,
int16_t* aDecision);
// Static helper to check CSP when doing a channel redirect.
// Returns the results to returns from
// AsyncOnChannelRedirect/nsIAsyncVerifyRedirectCallback. Optionally returns
// an nsresult to Cancel the old channel with.
static nsresult ConsultCSPForRedirect(nsIURI* aOriginalURI, nsIURI* aNewURI,
nsILoadInfo* aLoadInfo,
Maybe<nsresult>& aCancelCode);
int16_t* aDecision);
protected:
virtual ~CSPService();

3
ipc/glue/BackgroundUtils.cpp
Просмотреть файл

@ -738,8 +738,7 @@ nsresult LoadInfoArgsToLoadInfo(
Maybe<mozilla::ipc::CSPInfo> cspToInheritInfo =
loadInfoArgs.cspToInheritInfo();
if (cspToInheritInfo.isSome()) {
nsCOMPtr<Document> doc = do_QueryInterface(aLoadingContext);
cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), doc);
cspToInherit = CSPInfoToCSP(cspToInheritInfo.ref(), nullptr);
}
RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(

34
netwerk/ipc/DocumentChannelChild.cpp
Просмотреть файл

@ -255,8 +255,12 @@ IPCResult DocumentChannelChild::RecvRedirectToRealChannel(
const uint32_t& aRedirectFlags, const Maybe<uint32_t>& aContentDisposition,
const Maybe<nsString>& aContentDispositionFilename,
RedirectToRealChannelResolver&& aResolve) {
nsCOMPtr<nsILoadInfo> originalLoadInfo;
RefPtr<dom::Document> loadingDocument;
mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
GetLoadInfo(getter_AddRefs(originalLoadInfo));
if (originalLoadInfo) {
originalLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
}
nsCOMPtr<nsILoadInfo> loadInfo;
nsresult rv = LoadInfoArgsToLoadInfo(aLoadInfo, loadingDocument,
@ -400,30 +404,30 @@ DocumentChannelChild::OnRedirectVerifyCallback(nsresult aStatusCode) {
}
IPCResult DocumentChannelChild::RecvConfirmRedirect(
const LoadInfoArgs& aLoadInfo, nsIURI* aNewUri,
ConfirmRedirectResolver&& aResolve) {
nsIURI* aNewUri, ConfirmRedirectResolver&& aResolve) {
// This is effectively the same as AsyncOnChannelRedirect, except since we're
// not propagating the redirect into this process, we don't have an nsIChannel
// for the redirection and we have to do the checks manually.
// This just checks CSP thus far, hopefully there's not much else needed.
RefPtr<dom::Document> loadingDocument;
mLoadInfo->GetLoadingDocument(getter_AddRefs(loadingDocument));
nsCOMPtr<nsILoadInfo> loadInfo;
MOZ_ALWAYS_SUCCEEDS(LoadInfoArgsToLoadInfo(Some(aLoadInfo), loadingDocument,
getter_AddRefs(loadInfo)));
nsCOMPtr<nsIURI> originalUri;
nsresult rv = GetOriginalURI(getter_AddRefs(originalUri));
if (NS_FAILED(rv)) {
aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(NS_BINDING_FAILED,
Some(rv)));
aResolve(rv);
return IPC_OK();
}
Maybe<nsresult> cancelCode;
rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, loadInfo,
cancelCode);
aResolve(Tuple<const nsresult&, const Maybe<nsresult>&>(rv, cancelCode));
int16_t decision = nsIContentPolicy::ACCEPT;
rv = CSPService::ConsultCSPForRedirect(originalUri, aNewUri, mLoadInfo,
&decision);
if (NS_FAILED(rv)) {
aResolve(rv);
return IPC_OK();
}
if (NS_CP_REJECTED(decision)) {
aResolve(NS_BINDING_FAILED);
} else {
aResolve(NS_OK);
}
return IPC_OK();
}

3
netwerk/ipc/DocumentChannelChild.h
Просмотреть файл

@ -82,8 +82,7 @@ class DocumentChannelChild final : public PDocumentChannelChild,
const nsCString& aLists, const nsCString& aFullHash);
mozilla::ipc::IPCResult RecvConfirmRedirect(
const LoadInfoArgs& aLoadInfo, nsIURI* aNewUri,
ConfirmRedirectResolver&& aResolve);
nsIURI* aNewUri, ConfirmRedirectResolver&& aResolve);
void DoFailedAsyncOpen(const nsresult& aStatusCode);

35
netwerk/ipc/DocumentChannelParent.cpp
Просмотреть файл

@ -240,8 +240,8 @@ void DocumentChannelParent::FinishReplacementChannelSetup(bool aSucceeded) {
newChannel->Cancel(NS_BINDING_ABORTED);
}
}
// Release all previously registered channels, they are no longer needed to
// be kept in the registrar from this moment.
// Release all previously registered channels, they are no longer needed to be
// kept in the registrar from this moment.
registrar->DeregisterChannels(mRedirectChannelId);
mRedirectChannelId = 0;
@ -801,31 +801,24 @@ DocumentChannelParent::AsyncOnChannelRedirect(
// process so that it can send events. Send a message to
// our content process to ask CSP if we should allow this
// redirect, and wait for confirmation.
nsCOMPtr<nsILoadInfo> loadInfo = aOldChannel->LoadInfo();
Maybe<LoadInfoArgs> loadInfoArgs;
MOZ_ALWAYS_SUCCEEDS(ipc::LoadInfoToLoadInfoArgs(loadInfo, &loadInfoArgs));
MOZ_ASSERT(loadInfoArgs.isSome());
nsCOMPtr<nsIURI> newUri;
nsresult rv = aNewChannel->GetURI(getter_AddRefs(newUri));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIAsyncVerifyRedirectCallback> callback(aCallback);
nsCOMPtr<nsIChannel> oldChannel(aOldChannel);
SendConfirmRedirect(*loadInfoArgs, newUri)
->Then(
GetCurrentThreadSerialEventTarget(), __func__,
[callback,
oldChannel](const Tuple<nsresult, Maybe<nsresult>>& aResult) {
if (Get<1>(aResult)) {
oldChannel->Cancel(*Get<1>(aResult));
}
callback->OnRedirectVerifyCallback(Get<0>(aResult));
},
[callback, oldChannel](const mozilla::ipc::ResponseRejectReason) {
oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
callback->OnRedirectVerifyCallback(NS_BINDING_ABORTED);
});
SendConfirmRedirect(newUri)->Then(
GetCurrentThreadSerialEventTarget(), __func__,
[callback, oldChannel](nsresult aRv) {
if (NS_FAILED(aRv)) {
oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
}
callback->OnRedirectVerifyCallback(aRv);
},
[callback, oldChannel](const mozilla::ipc::ResponseRejectReason) {
oldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
callback->OnRedirectVerifyCallback(NS_BINDING_ABORTED);
});
// Clear out our nsIParentChannel functions, since a normal parent
// channel would actually redirect and not have those values on the new one.

2
netwerk/ipc/PDocumentChannel.ipdl
Просмотреть файл

@ -75,7 +75,7 @@ child:
uint32_t? aContentDisposition,
nsString? aContentDispositionFilename) returns(nsresult rv);
async ConfirmRedirect(LoadInfoArgs aLoadInfo, nsIURI aNewURI) returns(nsresult rv, nsresult? cancelCode);
async ConfirmRedirect(nsIURI aNewURI) returns(nsresult rv);
// Tell child to delete channel (all IPDL deletes must be done from child to
// avoid races: see bug 591708).