зеркало из https://github.com/mozilla/pjs.git
Protect against someone calling XPCSafeJSObjectWrapper.prototype(). bug 375164, r+sr=brendan
This commit is contained in:
Родитель
0727e0b9c5
Коммит
1aa2b29971
|
@ -1,5 +1,5 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=2 sw=2 et tw=80: */
|
||||
/* vim: set ts=2 sw=2 et tw=78: */
|
||||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
|
@ -842,6 +842,13 @@ XPC_SJOW_Call(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
|
|||
|
||||
JSObject *funToCall = GetUnsafeObject(cx, JSVAL_TO_OBJECT(argv[-2]));
|
||||
|
||||
if (!funToCall) {
|
||||
// Someone has called XPCSafeJSObjectWrapper.prototype() causing
|
||||
// us to find a safe object wrapper without an unsafeObject as
|
||||
// its parent. That call shouldn't do anything, so bail here.
|
||||
return JS_TRUE;
|
||||
}
|
||||
|
||||
// Check that the caller can access the unsafe object on which the
|
||||
// call is being made, and the actual function we're about to call.
|
||||
if (!CanCallerAccess(cx, unsafeObj) || !CanCallerAccess(cx, funToCall)) {
|
||||
|
|
Загрузка…
Ссылка в новой задаче