Bug 239122 Liveconnect can be used to read any file on user's filesystem

enabling UniversalBrowserRead only during js calling applet
r=jst, sr=brendan, a=chofmann
This commit is contained in:
kyle.yuan%sun.com 2004-04-06 03:15:55 +00:00
Родитель b29af615c1
Коммит 1da55256d2
7 изменённых файлов: 50 добавлений и 4 удалений

Просмотреть файл

@ -55,6 +55,8 @@
# include "prmon.h" # include "prmon.h"
#endif #endif
JSBool JSIsCallingApplet = JS_FALSE;
/* /*
* At certain times during initialization, there may be no JavaScript context * At certain times during initialization, there may be no JavaScript context
* available to direct error reports to, in which case the error messages * available to direct error reports to, in which case the error messages
@ -103,6 +105,7 @@ jclass jlClass; /* java.lang.Class */
jclass jlBoolean; /* java.lang.Boolean */ jclass jlBoolean; /* java.lang.Boolean */
jclass jlDouble; /* java.lang.Double */ jclass jlDouble; /* java.lang.Double */
jclass jlString; /* java.lang.String */ jclass jlString; /* java.lang.String */
jclass jaApplet; /* java.applet.Applet */
jclass njJSObject; /* netscape.javascript.JSObject */ jclass njJSObject; /* netscape.javascript.JSObject */
jclass njJSException; /* netscape.javascript.JSException */ jclass njJSException; /* netscape.javascript.JSException */
jclass njJSUtil; /* netscape.javascript.JSUtil */ jclass njJSUtil; /* netscape.javascript.JSUtil */
@ -261,6 +264,8 @@ init_java_VM_reflection(JSJavaVM *jsjava_vm, JNIEnv *jEnv)
LOAD_CLASS(java/lang/String, jlString); LOAD_CLASS(java/lang/String, jlString);
LOAD_CLASS(java/lang/Void, jlVoid); LOAD_CLASS(java/lang/Void, jlVoid);
LOAD_CLASS(java/applet/Applet, jaApplet);
LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass); LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass);
LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass); LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass);
LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass); LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass);
@ -592,6 +597,7 @@ JSJ_DisconnectFromJavaVM(JSJavaVM *jsjava_vm)
UNLOAD_CLASS(java/lang/Double, jlDouble); UNLOAD_CLASS(java/lang/Double, jlDouble);
UNLOAD_CLASS(java/lang/String, jlString); UNLOAD_CLASS(java/lang/String, jlString);
UNLOAD_CLASS(java/lang/Void, jlVoid); UNLOAD_CLASS(java/lang/Void, jlVoid);
UNLOAD_CLASS(java/applet/Applet, jaApplet);
UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject); UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject);
UNLOAD_CLASS(netscape/javascript/JSException, njJSException); UNLOAD_CLASS(netscape/javascript/JSException, njJSException);
UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil); UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil);
@ -869,3 +875,10 @@ JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval v, jobject *vp)
} }
return JS_FALSE; return JS_FALSE;
} }
JS_EXPORT_API(JSBool)
JSJ_IsJSCallApplet()
{
return JSIsCallingApplet;
}

Просмотреть файл

@ -654,6 +654,10 @@ JavaObject_getPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
java_obj = java_wrapper->java_obj; java_obj = java_wrapper->java_obj;
field_val = method_val = JSVAL_VOID; field_val = method_val = JSVAL_VOID;
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
JSIsCallingApplet = JS_TRUE;
}
/* If a field member, get the value of the field */ /* If a field member, get the value of the field */
if (member_descriptor->field) { if (member_descriptor->field) {
success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val); success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val);
@ -777,6 +781,11 @@ JavaObject_setPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
} }
java_obj = java_wrapper->java_obj; java_obj = java_wrapper->java_obj;
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
JSIsCallingApplet = JS_TRUE;
}
result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp); result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp);
jsj_ExitJava(jsj_env); jsj_ExitJava(jsj_env);
return result; return result;

Просмотреть файл

@ -1375,9 +1375,9 @@ static JSBool
invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env, invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env,
jobject java_class_or_instance, jobject java_class_or_instance,
JavaClassDescriptor *class_descriptor, JavaClassDescriptor *class_descriptor,
JavaMethodSpec *method, JavaMethodSpec *method,
JSBool is_static_method, JSBool is_static_method,
jsval *argv, jsval *vp) jsval *argv, jsval *vp)
{ {
jvalue java_value; jvalue java_value;
jvalue *jargv; jvalue *jargv;
@ -1803,6 +1803,10 @@ jsj_JavaInstanceMethodWrapper(JSContext *cx, JSObject *obj,
if (!jEnv) if (!jEnv)
return JS_FALSE; return JS_FALSE;
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
JSIsCallingApplet = JS_TRUE;
}
/* Try to find an instance method with the given name first */ /* Try to find an instance method with the given name first */
member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id); member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id);
if (member_descriptor) if (member_descriptor)

Просмотреть файл

@ -301,6 +301,7 @@ extern jclass jlClass; /* java.lang.Class */
extern jclass jlBoolean; /* java.lang.Boolean */ extern jclass jlBoolean; /* java.lang.Boolean */
extern jclass jlDouble; /* java.lang.Double */ extern jclass jlDouble; /* java.lang.Double */
extern jclass jlString; /* java.lang.String */ extern jclass jlString; /* java.lang.String */
extern jclass jaApplet; /* java.applet.Applet */
extern jclass njJSObject; /* netscape.javascript.JSObject */ extern jclass njJSObject; /* netscape.javascript.JSObject */
extern jclass njJSException; /* netscape.javascript.JSException */ extern jclass njJSException; /* netscape.javascript.JSException */
extern jclass njJSUtil; /* netscape.javascript.JSUtil */ extern jclass njJSUtil; /* netscape.javascript.JSUtil */
@ -352,6 +353,12 @@ extern jfieldID njJSException_filename; /* netscape.javascript.JSExceptio
extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */ extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */
extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */ extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */
/*
* XXX, bug 146458,
* whether we are doing a liveconnect call from javascript to java applet
*/
extern JSBool JSIsCallingApplet;
/**************** Java <==> JS conversions and Java types *******************/ /**************** Java <==> JS conversions and Java types *******************/
extern JSBool extern JSBool
jsj_ComputeJavaClassSignature(JSContext *cx, jsj_ComputeJavaClassSignature(JSContext *cx,

Просмотреть файл

@ -470,7 +470,10 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
return NULL; return NULL;
} }
JS_ASSERT((jsj_env->recursion_depth == 0) || (jsj_env->cx == cx)); /* simultaneous calls from different JSContext are not allowed */
if ((jsj_env->recursion_depth > 0) && (jsj_env->cx != cx))
return NULL;
jsj_env->recursion_depth++; jsj_env->recursion_depth++;
/* bug #60018: prevent dangling pointer to JSContext */ /* bug #60018: prevent dangling pointer to JSContext */
@ -485,6 +488,7 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
extern void extern void
jsj_ExitJava(JSJavaThreadState *jsj_env) jsj_ExitJava(JSJavaThreadState *jsj_env)
{ {
JSIsCallingApplet = JS_FALSE;
if (jsj_env) { if (jsj_env) {
JS_ASSERT(jsj_env->recursion_depth > 0); JS_ASSERT(jsj_env->recursion_depth > 0);
if (--jsj_env->recursion_depth == 0) if (--jsj_env->recursion_depth == 0)

Просмотреть файл

@ -299,6 +299,9 @@ JSJ_ConvertJavaObjectToJSValue(JSContext *cx, jobject java_obj, jsval *vp);
JS_EXPORT_API(JSBool) JS_EXPORT_API(JSBool)
JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp); JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp);
JS_EXPORT_API(JSBool)
JSJ_IsJSCallApplet();
JS_END_EXTERN_C JS_END_EXTERN_C
#endif /* _JSJAVA_H */ #endif /* _JSJAVA_H */

Просмотреть файл

@ -50,6 +50,7 @@
#include "nsCSecurityContext.h" #include "nsCSecurityContext.h"
#include "nsIScriptContext.h" #include "nsIScriptContext.h"
#include "jvmmgr.h" #include "jvmmgr.h"
#include "jsjava.h"
// For GetOrigin() // For GetOrigin()
@ -87,7 +88,12 @@ nsCSecurityContext::Implies(const char* target, const char* action, PRBool *bAll
// |m_HasUniversalBrowserReadCapability| into the out parameter // |m_HasUniversalBrowserReadCapability| into the out parameter
// once Java's origin checking code is fixed. // once Java's origin checking code is fixed.
// See bug 146458 for details. // See bug 146458 for details.
*bAllowedAccess = PR_TRUE; if (JSJ_IsJSCallApplet()) {
*bAllowedAccess = PR_TRUE;
}
else {
*bAllowedAccess = m_HasUniversalBrowserReadCapability;
}
} else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) { } else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) {
*bAllowedAccess = m_HasUniversalJavaCapability; *bAllowedAccess = m_HasUniversalJavaCapability;
} else { } else {