Protect against someone calling XPCSafeJSObjectWrapper.prototype(). bug 375164, r+sr=brendan

This commit is contained in:
mrbkap%gmail.com 2007-04-10 16:04:43 +00:00
Родитель 0727e0b9c5
Коммит 1aa2b29971
1 изменённых файлов: 8 добавлений и 1 удалений

Просмотреть файл

@ -1,5 +1,5 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 sw=2 et tw=80: */
/* vim: set ts=2 sw=2 et tw=78: */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
@ -842,6 +842,13 @@ XPC_SJOW_Call(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
JSObject *funToCall = GetUnsafeObject(cx, JSVAL_TO_OBJECT(argv[-2]));
if (!funToCall) {
// Someone has called XPCSafeJSObjectWrapper.prototype() causing
// us to find a safe object wrapper without an unsafeObject as
// its parent. That call shouldn't do anything, so bail here.
return JS_TRUE;
}
// Check that the caller can access the unsafe object on which the
// call is being made, and the actual function we're about to call.
if (!CanCallerAccess(cx, unsafeObj) || !CanCallerAccess(cx, funToCall)) {