Bug 239122 Liveconnect can be used to read any file on user's filesystem
enabling UniversalBrowserRead only during js calling applet r=jst, sr=brendan, a=chofmann
This commit is contained in:
Родитель
b29af615c1
Коммит
1da55256d2
|
@ -55,6 +55,8 @@
|
||||||
# include "prmon.h"
|
# include "prmon.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
JSBool JSIsCallingApplet = JS_FALSE;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* At certain times during initialization, there may be no JavaScript context
|
* At certain times during initialization, there may be no JavaScript context
|
||||||
* available to direct error reports to, in which case the error messages
|
* available to direct error reports to, in which case the error messages
|
||||||
|
@ -103,6 +105,7 @@ jclass jlClass; /* java.lang.Class */
|
||||||
jclass jlBoolean; /* java.lang.Boolean */
|
jclass jlBoolean; /* java.lang.Boolean */
|
||||||
jclass jlDouble; /* java.lang.Double */
|
jclass jlDouble; /* java.lang.Double */
|
||||||
jclass jlString; /* java.lang.String */
|
jclass jlString; /* java.lang.String */
|
||||||
|
jclass jaApplet; /* java.applet.Applet */
|
||||||
jclass njJSObject; /* netscape.javascript.JSObject */
|
jclass njJSObject; /* netscape.javascript.JSObject */
|
||||||
jclass njJSException; /* netscape.javascript.JSException */
|
jclass njJSException; /* netscape.javascript.JSException */
|
||||||
jclass njJSUtil; /* netscape.javascript.JSUtil */
|
jclass njJSUtil; /* netscape.javascript.JSUtil */
|
||||||
|
@ -261,6 +264,8 @@ init_java_VM_reflection(JSJavaVM *jsjava_vm, JNIEnv *jEnv)
|
||||||
LOAD_CLASS(java/lang/String, jlString);
|
LOAD_CLASS(java/lang/String, jlString);
|
||||||
LOAD_CLASS(java/lang/Void, jlVoid);
|
LOAD_CLASS(java/lang/Void, jlVoid);
|
||||||
|
|
||||||
|
LOAD_CLASS(java/applet/Applet, jaApplet);
|
||||||
|
|
||||||
LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass);
|
LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass);
|
||||||
LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass);
|
LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass);
|
||||||
LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass);
|
LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass);
|
||||||
|
@ -592,6 +597,7 @@ JSJ_DisconnectFromJavaVM(JSJavaVM *jsjava_vm)
|
||||||
UNLOAD_CLASS(java/lang/Double, jlDouble);
|
UNLOAD_CLASS(java/lang/Double, jlDouble);
|
||||||
UNLOAD_CLASS(java/lang/String, jlString);
|
UNLOAD_CLASS(java/lang/String, jlString);
|
||||||
UNLOAD_CLASS(java/lang/Void, jlVoid);
|
UNLOAD_CLASS(java/lang/Void, jlVoid);
|
||||||
|
UNLOAD_CLASS(java/applet/Applet, jaApplet);
|
||||||
UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject);
|
UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject);
|
||||||
UNLOAD_CLASS(netscape/javascript/JSException, njJSException);
|
UNLOAD_CLASS(netscape/javascript/JSException, njJSException);
|
||||||
UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil);
|
UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil);
|
||||||
|
@ -869,3 +875,10 @@ JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval v, jobject *vp)
|
||||||
}
|
}
|
||||||
return JS_FALSE;
|
return JS_FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
JS_EXPORT_API(JSBool)
|
||||||
|
JSJ_IsJSCallApplet()
|
||||||
|
{
|
||||||
|
return JSIsCallingApplet;
|
||||||
|
}
|
||||||
|
|
|
@ -654,6 +654,10 @@ JavaObject_getPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
|
||||||
java_obj = java_wrapper->java_obj;
|
java_obj = java_wrapper->java_obj;
|
||||||
field_val = method_val = JSVAL_VOID;
|
field_val = method_val = JSVAL_VOID;
|
||||||
|
|
||||||
|
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||||
|
JSIsCallingApplet = JS_TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
/* If a field member, get the value of the field */
|
/* If a field member, get the value of the field */
|
||||||
if (member_descriptor->field) {
|
if (member_descriptor->field) {
|
||||||
success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val);
|
success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val);
|
||||||
|
@ -777,6 +781,11 @@ JavaObject_setPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
|
||||||
}
|
}
|
||||||
|
|
||||||
java_obj = java_wrapper->java_obj;
|
java_obj = java_wrapper->java_obj;
|
||||||
|
|
||||||
|
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||||
|
JSIsCallingApplet = JS_TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp);
|
result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp);
|
||||||
jsj_ExitJava(jsj_env);
|
jsj_ExitJava(jsj_env);
|
||||||
return result;
|
return result;
|
||||||
|
|
|
@ -1375,9 +1375,9 @@ static JSBool
|
||||||
invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env,
|
invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env,
|
||||||
jobject java_class_or_instance,
|
jobject java_class_or_instance,
|
||||||
JavaClassDescriptor *class_descriptor,
|
JavaClassDescriptor *class_descriptor,
|
||||||
JavaMethodSpec *method,
|
JavaMethodSpec *method,
|
||||||
JSBool is_static_method,
|
JSBool is_static_method,
|
||||||
jsval *argv, jsval *vp)
|
jsval *argv, jsval *vp)
|
||||||
{
|
{
|
||||||
jvalue java_value;
|
jvalue java_value;
|
||||||
jvalue *jargv;
|
jvalue *jargv;
|
||||||
|
@ -1803,6 +1803,10 @@ jsj_JavaInstanceMethodWrapper(JSContext *cx, JSObject *obj,
|
||||||
if (!jEnv)
|
if (!jEnv)
|
||||||
return JS_FALSE;
|
return JS_FALSE;
|
||||||
|
|
||||||
|
if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) {
|
||||||
|
JSIsCallingApplet = JS_TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
/* Try to find an instance method with the given name first */
|
/* Try to find an instance method with the given name first */
|
||||||
member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id);
|
member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id);
|
||||||
if (member_descriptor)
|
if (member_descriptor)
|
||||||
|
|
|
@ -301,6 +301,7 @@ extern jclass jlClass; /* java.lang.Class */
|
||||||
extern jclass jlBoolean; /* java.lang.Boolean */
|
extern jclass jlBoolean; /* java.lang.Boolean */
|
||||||
extern jclass jlDouble; /* java.lang.Double */
|
extern jclass jlDouble; /* java.lang.Double */
|
||||||
extern jclass jlString; /* java.lang.String */
|
extern jclass jlString; /* java.lang.String */
|
||||||
|
extern jclass jaApplet; /* java.applet.Applet */
|
||||||
extern jclass njJSObject; /* netscape.javascript.JSObject */
|
extern jclass njJSObject; /* netscape.javascript.JSObject */
|
||||||
extern jclass njJSException; /* netscape.javascript.JSException */
|
extern jclass njJSException; /* netscape.javascript.JSException */
|
||||||
extern jclass njJSUtil; /* netscape.javascript.JSUtil */
|
extern jclass njJSUtil; /* netscape.javascript.JSUtil */
|
||||||
|
@ -352,6 +353,12 @@ extern jfieldID njJSException_filename; /* netscape.javascript.JSExceptio
|
||||||
extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */
|
extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */
|
||||||
extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */
|
extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* XXX, bug 146458,
|
||||||
|
* whether we are doing a liveconnect call from javascript to java applet
|
||||||
|
*/
|
||||||
|
extern JSBool JSIsCallingApplet;
|
||||||
|
|
||||||
/**************** Java <==> JS conversions and Java types *******************/
|
/**************** Java <==> JS conversions and Java types *******************/
|
||||||
extern JSBool
|
extern JSBool
|
||||||
jsj_ComputeJavaClassSignature(JSContext *cx,
|
jsj_ComputeJavaClassSignature(JSContext *cx,
|
||||||
|
|
|
@ -470,7 +470,10 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
JS_ASSERT((jsj_env->recursion_depth == 0) || (jsj_env->cx == cx));
|
/* simultaneous calls from different JSContext are not allowed */
|
||||||
|
if ((jsj_env->recursion_depth > 0) && (jsj_env->cx != cx))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
jsj_env->recursion_depth++;
|
jsj_env->recursion_depth++;
|
||||||
|
|
||||||
/* bug #60018: prevent dangling pointer to JSContext */
|
/* bug #60018: prevent dangling pointer to JSContext */
|
||||||
|
@ -485,6 +488,7 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp)
|
||||||
extern void
|
extern void
|
||||||
jsj_ExitJava(JSJavaThreadState *jsj_env)
|
jsj_ExitJava(JSJavaThreadState *jsj_env)
|
||||||
{
|
{
|
||||||
|
JSIsCallingApplet = JS_FALSE;
|
||||||
if (jsj_env) {
|
if (jsj_env) {
|
||||||
JS_ASSERT(jsj_env->recursion_depth > 0);
|
JS_ASSERT(jsj_env->recursion_depth > 0);
|
||||||
if (--jsj_env->recursion_depth == 0)
|
if (--jsj_env->recursion_depth == 0)
|
||||||
|
|
|
@ -299,6 +299,9 @@ JSJ_ConvertJavaObjectToJSValue(JSContext *cx, jobject java_obj, jsval *vp);
|
||||||
JS_EXPORT_API(JSBool)
|
JS_EXPORT_API(JSBool)
|
||||||
JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp);
|
JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp);
|
||||||
|
|
||||||
|
JS_EXPORT_API(JSBool)
|
||||||
|
JSJ_IsJSCallApplet();
|
||||||
|
|
||||||
JS_END_EXTERN_C
|
JS_END_EXTERN_C
|
||||||
|
|
||||||
#endif /* _JSJAVA_H */
|
#endif /* _JSJAVA_H */
|
||||||
|
|
|
@ -50,6 +50,7 @@
|
||||||
#include "nsCSecurityContext.h"
|
#include "nsCSecurityContext.h"
|
||||||
#include "nsIScriptContext.h"
|
#include "nsIScriptContext.h"
|
||||||
#include "jvmmgr.h"
|
#include "jvmmgr.h"
|
||||||
|
#include "jsjava.h"
|
||||||
|
|
||||||
// For GetOrigin()
|
// For GetOrigin()
|
||||||
|
|
||||||
|
@ -87,7 +88,12 @@ nsCSecurityContext::Implies(const char* target, const char* action, PRBool *bAll
|
||||||
// |m_HasUniversalBrowserReadCapability| into the out parameter
|
// |m_HasUniversalBrowserReadCapability| into the out parameter
|
||||||
// once Java's origin checking code is fixed.
|
// once Java's origin checking code is fixed.
|
||||||
// See bug 146458 for details.
|
// See bug 146458 for details.
|
||||||
*bAllowedAccess = PR_TRUE;
|
if (JSJ_IsJSCallApplet()) {
|
||||||
|
*bAllowedAccess = PR_TRUE;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
*bAllowedAccess = m_HasUniversalBrowserReadCapability;
|
||||||
|
}
|
||||||
} else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) {
|
} else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) {
|
||||||
*bAllowedAccess = m_HasUniversalJavaCapability;
|
*bAllowedAccess = m_HasUniversalJavaCapability;
|
||||||
} else {
|
} else {
|
||||||
|
|
Загрузка…
Ссылка в новой задаче