Bug 1418535: Block a11y instntiation if no known ATs are present and known bad DLLs are; r=jimm

MozReview-Commit-ID: FtoEamY9P8r
2017-11-20 14:15:15 -07:00 · 2017-11-20 14:15:15 -07:00 · f72d7494e0
--- a/accessible/windows/msaa/Compatibility.cpp
+++ b/accessible/windows/msaa/Compatibility.cpp
@ -161,11 +161,12 @@ DetectInSendMessageExCompat(PEXCEPTION_POINTERS aExceptionInfo)

 uint32_t Compatibility::sConsumers = Compatibility::UNKNOWN;

-void
-Compatibility::Init()
+/**
+ * This function is safe to call multiple times.
+ */
+/* static */ void
+Compatibility::InitConsumers()
 {
-  // Note we collect some AT statistics/telemetry here for convenience.
-
  HMODULE jawsHandle = ::GetModuleHandleW(L"jhook");
  if (jawsHandle)
    sConsumers |= (IsModuleVersionLessThan(jawsHandle, 19, 0)) ?
@ -202,7 +203,21 @@ Compatibility::Init()

  // If we have a known consumer remove the unknown bit.
  if (sConsumers != Compatibility::UNKNOWN)
-    sConsumers ^= Compatibility::UNKNOWN;
+    sConsumers &= ~Compatibility::UNKNOWN;
+}
+
+/* static */ bool
+Compatibility::HasKnownNonUiaConsumer()
+{
+  InitConsumers();
+  return sConsumers & ~(Compatibility::UNKNOWN | UIAUTOMATION);
+}
+
+void
+Compatibility::Init()
+{
+  // Note we collect some AT statistics/telemetry here for convenience.
+  InitConsumers();

 #ifdef MOZ_CRASHREPORTER
  CrashReporter::
--- a/accessible/windows/msaa/Compatibility.h
+++ b/accessible/windows/msaa/Compatibility.h
@ -57,11 +57,18 @@ public:
   */
  static void Init();

+  /**
+   * return true if a known, non-UIA a11y consumer is present
+   */
+  static bool HasKnownNonUiaConsumer();
+
 private:
  Compatibility();
  Compatibility(const Compatibility&);
  Compatibility& operator = (const Compatibility&);

+  static void InitConsumers();
+
  /**
   * List of detected consumers of a11y (used for statistics/telemetry and compat)
   */
--- a/accessible/windows/msaa/LazyInstantiator.cpp
+++ b/accessible/windows/msaa/LazyInstantiator.cpp
@ -8,6 +8,7 @@

 #include "MainThreadUtils.h"
 #include "mozilla/a11y/Accessible.h"
+#include "mozilla/a11y/Compatibility.h"
 #include "mozilla/a11y/Platform.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/mscom/MainThreadRuntime.h"
@ -230,6 +231,38 @@ LazyInstantiator::GetClientExecutableName(const DWORD aClientTid,
  return NS_SUCCEEDED(rv);
 }

+/**
+ * This is the blocklist for known "bad" DLLs that instantiate a11y.
+ */
+static const wchar_t* gBlockedInprocDlls[] = {
+  L"dtvhooks.dll",  // RealPlayer, bug 1418535
+  L"dtvhooks64.dll" // RealPlayer, bug 1418535
+};
+
+/**
+ * Check for the presence of any known "bad" injected DLLs that may be trying
+ * to instantiate a11y.
+ *
+ * @return true to block a11y instantiation, otherwise false to continue
+ */
+bool
+LazyInstantiator::IsBlockedInjection()
+{
+  if (Compatibility::HasKnownNonUiaConsumer()) {
+    // If we already see a known AT, don't block a11y instantiation
+    return false;
+  }
+
+  for (size_t index = 0, len = ArrayLength(gBlockedInprocDlls); index < len;
+       ++index) {
+    if (::GetModuleHandleW(gBlockedInprocDlls[index])) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 /**
 * Given a remote client's thread ID, determine whether we should proceed with
 * a11y instantiation. This is where telemetry should be gathered and any
@ -243,8 +276,9 @@ LazyInstantiator::ShouldInstantiate(const DWORD aClientTid)
  if (!aClientTid) {
    // aClientTid == 0 implies that this is either an in-process call, or else
    // we failed to retrieve information about the remote caller.
-    // We should always default to instantiating a11y in this case.
-    return true;
+    // We should always default to instantiating a11y in this case, provided
+    // that we don't see any known bad injected DLLs.
+    return !IsBlockedInjection();
  }

  nsCOMPtr<nsIFile> clientExe;
@ -256,7 +290,8 @@ LazyInstantiator::ShouldInstantiate(const DWORD aClientTid)
    return true;
  }

-  // Blocklist checks should go here. return false if we should not instantiate.
+  // Blocklist checks for external clients should go here.
+  // return false if we should not instantiate.
  /*
  if (ClientShouldBeBlocked(clientExe)) {
    return false;
--- a/accessible/windows/msaa/LazyInstantiator.h
+++ b/accessible/windows/msaa/LazyInstantiator.h
@ -83,6 +83,7 @@ private:
  explicit LazyInstantiator(HWND aHwnd);
  ~LazyInstantiator();

+  bool IsBlockedInjection();
  bool ShouldInstantiate(const DWORD aClientTid);

  bool GetClientExecutableName(const DWORD aClientTid, nsIFile** aOutClientExe);