Date: 04 May 2002 01:25:46 -0400 From: Joe Marcus Clarke <marcus@FreeBSD.org> To: Trevor Johnson <trevor@jpj.net> Cc: Martin Blapp <mbr@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org, gnome@FreeBSD.org Subject: Re: cvs commit: ports/www/mozilla Makefile Message-ID: <1020489946.279.11.camel@gyros.marcuscom.com> In-Reply-To: <1020485590.279.8.camel@gyros.marcuscom.com> References: <20020503201627.M2148-100000@blues.jpj.net> <1020485590.279.8.camel@gyros.marcuscom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-jZHronSFbexPApOaXgiR Content-Type: text/plain Content-Transfer-Encoding: 7bit On Sat, 2002-05-04 at 00:13, Joe Marcus Clarke wrote: > On Fri, 2002-05-03 at 20:17, Trevor Johnson wrote: > > On Fri, 3 May 2002, Martin Blapp wrote: > > > > > mbr 2002/05/03 07:57:34 PDT > > > > > > Modified files: > > > www/mozilla Makefile > > > Log: > > > Mark forbidden because of security bug. > > > > > > Approved by: no response from: maintainer > > > > > > Revision Changes Path > > > 1.98 +2 -0 ports/www/mozilla/Makefile > > > > What about mozilla-embedded and galeon? > > mozilla-embedded is covered by the FORBIDDEN message in mozilla. Galeon > is also (though indirectly). I'm looking at trying to correct the seg > fault when the patch is applied. Hopefully, we can get all the ports > unFORBIDDEN soon. Speak of the devil ;-). I think this patch corrects not only the security hole, but also the resulting seg fault from the initial patch. Please test if you can, and let me know. It worked for me. Joe > > Joe > > > -- > > Trevor Johnson > > > > > -- > PGP Key: http://www.marcuscom.com/pgp.asc --=-jZHronSFbexPApOaXgiR Content-Disposition: attachment; filename=patch-security_fix Content-Transfer-Encoding: quoted-printable Content-Type: text/x-patch; name=patch-security_fix; charset=ISO8859-1 Index: uriloader/base/nsDocLoader.cpp =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/mozilla/uriloader/base/nsDocLoader.cpp,v retrieving revision 3.251 diff -u -r3.251 nsDocLoader.cpp --- uriloader/base/nsDocLoader.cpp 17 Apr 2002 03:48:37 -0000 3.251 +++ uriloader/base/nsDocLoader.cpp 30 Apr 2002 19:02:19 -0000 @@ -1263,6 +1263,7 @@ rv =3D aNewChannel->GetURI(getter_AddRefs(newURI)); if (NS_FAILED(rv)) return rv; =20 +#ifdef HTTP_DOESNT_CALL_CHECKLOADURI // verify that this is a legal redirect nsCOMPtr<nsIScriptSecurityManager> securityManager =3D=20 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); @@ -1270,6 +1271,7 @@ rv =3D securityManager->CheckLoadURI(oldURI, newURI, nsIScriptSecurityManager::DISALLOW_= FROM_MAIL); if (NS_FAILED(rv)) return rv; +#endif =20 nsLoadFlags loadFlags =3D 0; PRInt32 stateFlags =3D nsIWebProgressListener::STATE_REDIRECTING | Index: netwerk/protocol/http/src/Makefile.in =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/Makefile.in,v retrieving revision 1.56 diff -u -r1.56 Makefile.in --- netwerk/protocol/http/src/Makefile.in 19 Apr 2002 22:25:18 -0000 1.56 +++ netwerk/protocol/http/src/Makefile.in 30 Apr 2002 19:02:19 -0000 @@ -36,6 +36,8 @@ intl \ exthandler \ caps \ + xpconnect \ + js \ $(NULL) =20 CPPSRCS =3D \ Index: netwerk/protocol/http/src/nsHttpChannel.cpp =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp,v retrieving revision 1.114 diff -u -r1.114 nsHttpChannel.cpp --- netwerk/protocol/http/src/nsHttpChannel.cpp 26 Apr 2002 22:50:50 -0000 = 1.114 +++ netwerk/protocol/http/src/nsHttpChannel.cpp 30 Apr 2002 19:02:19 -0000 @@ -34,6 +34,7 @@ #include "nsISupportsPrimitives.h" #include "nsIURL.h" #include "nsIMIMEService.h" +#include "nsIScriptSecurityManager.h" #include "nsCExternalHandlerService.h" #include "nsMimeTypes.h" #include "nsNetUtil.h" @@ -1465,6 +1466,15 @@ rv =3D ioService->NewURI(nsDependentCString(location), nsnull, mUR= I, getter_AddRefs(newURI)); if (NS_FAILED(rv)) return rv; + + // verify that this is a legal redirect + nsCOMPtr<nsIScriptSecurityManager> securityManager =3D=20 + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); + if (securityManager) { + rv =3D securityManager->CheckLoadURI(mURI, newURI, + nsIScriptSecurityManager::D= ISALLOW_FROM_MAIL); + if (NS_FAILED(rv)) return rv; + } =20 // Kill the current cache entry if we are redirecting // back to ourself. --- htmlparser/src/CNavDTD.cpp.orig Sat May 4 00:32:17 2002 +++ htmlparser/src/CNavDTD.cpp Sat May 4 01:14:59 2002 @@ -473,14 +473,14 @@ =20 nsresult result =3D NS_OK; =20 - if (aTokenizer && mSink && aParser) { + if (aTokenizer && aParser) { nsITokenizer* oldTokenizer =3D mTokenizer; =20 mTokenizer =3D aTokenizer; mParser =3D (nsParser*)aParser; mTokenAllocator =3D mTokenizer->GetTokenAllocator(); =20 - + if (mSink) { if (mBodyContext->GetCount() =3D=3D 0) { CStartToken* theToken=3Dnsnull; if(ePlainText=3D=3DmDocType) { @@ -537,6 +537,7 @@ } }//while mTokenizer =3D oldTokenizer; + } } =20 return result; --=-jZHronSFbexPApOaXgiR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-gnome" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1020489946.279.11.camel>