$OpenBSD$ index d687d5a..3587358 100644 --- caps/src/nsScriptSecurityManager.cpp.orig Fri Feb 20 15:40:36 2015 +++ caps/src/nsScriptSecurityManager.cpp Fri Feb 20 15:40:36 2015 @@ -32,6 +32,7 @@ #include "nsTextFormatter.h" #include "nsIStringBundle.h" #include "nsNetUtil.h" +#include "nsIEffectiveTLDService.h" #include "nsIProperties.h" #include "nsDirectoryServiceDefs.h" #include "nsIFile.h" @@ -583,6 +584,35 @@ DenyAccessIfURIHasFlags(nsIURI* aURI, uint32_t aURIFlags) return NS_OK; } +static bool +EqualOrSubdomain(nsIURI* aProbeArg, nsIURI* aBase) +{ + // Make a clone of the incoming URI, because we're going to mutate it. + nsCOMPtr probe; + nsresult rv = aProbeArg->Clone(getter_AddRefs(probe)); + NS_ENSURE_SUCCESS(rv, false); + + nsCOMPtr tldService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + NS_ENSURE_TRUE(tldService, false); + while (true) { + if (nsScriptSecurityManager::SecurityCompareURIs(probe, aBase)) { + return true; + } + + nsAutoCString host, newHost; + nsresult rv = probe->GetHost(host); + NS_ENSURE_SUCCESS(rv, false); + + rv = tldService->GetNextSubDomain(host, newHost); + if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) { + return false; + } + NS_ENSURE_SUCCESS(rv, false); + rv = probe->SetHost(newHost); + NS_ENSURE_SUCCESS(rv, false); + } +} + NS_IMETHODIMP nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, nsIURI *aTargetURI, @@ -783,7 +813,7 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, // Allow domains that were whitelisted in the prefs. In 99.9% of cases, // this array is empty. for (size_t i = 0; i < mFileURIWhitelist.Length(); ++i) { - if (SecurityCompareURIs(mFileURIWhitelist[i], sourceURI)) { + if (EqualOrSubdomain(sourceURI, mFileURIWhitelist[i])) { return NS_OK; } } @@ -1303,11 +1333,11 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) nsresult nsScriptSecurityManager::Init() { - InitPrefs(); - nsresult rv = CallGetService(NS_IOSERVICE_CONTRACTID, &sIOService); NS_ENSURE_SUCCESS(rv, rv); + InitPrefs(); + nsCOMPtr bundleService = mozilla::services::GetStringBundleService(); if (!bundleService) @@ -1478,7 +1508,15 @@ nsScriptSecurityManager::AddSitesToFileURIWhitelist(const nsCString& aSiteList) { // Grab the current site. bound = SkipUntil(aSiteList, base); - auto site = Substring(aSiteList, base, bound - base); + nsAutoCString site(Substring(aSiteList, base, bound - base)); + + // Check if the URI is schemeless. If so, add both http and https. + nsAutoCString unused; + if (NS_FAILED(sIOService->ExtractScheme(site, unused))) { + AddSitesToFileURIWhitelist(NS_LITERAL_CSTRING("http://") + site); + AddSitesToFileURIWhitelist(NS_LITERAL_CSTRING("https://") + site); + continue; + } // Convert it to a URI and add it to our list. nsCOMPtr uri;