aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/icecat-CVE-2015-7197.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7197.patch')
-rw-r--r--gnu/packages/patches/icecat-CVE-2015-7197.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7197.patch b/gnu/packages/patches/icecat-CVE-2015-7197.patch
new file mode 100644
index 0000000000..1763341ff7
--- /dev/null
+++ b/gnu/packages/patches/icecat-CVE-2015-7197.patch
@@ -0,0 +1,70 @@
+From a522e727bff0fb69cb0d34c2d2ad89168d15158d Mon Sep 17 00:00:00 2001
+From: Ehsan Akhgari <ehsan@mozilla.com>
+Date: Sat, 12 Sep 2015 17:38:51 -0400
+Subject: [PATCH] Bug 1204269 - Use the worker private in order to determine
+ the origin of the entry settings object for workers; r=smaug a=me
+
+---
+ dom/base/WebSocket.cpp | 46 ++++++++++++++++++++++++++--------------------
+ 1 file changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/dom/base/WebSocket.cpp b/dom/base/WebSocket.cpp
+index ea91232..26b94d0 100644
+--- a/dom/base/WebSocket.cpp
++++ b/dom/base/WebSocket.cpp
+@@ -1503,26 +1503,32 @@ WebSocketImpl::Init(JSContext* aCx,
+ !Preferences::GetBool("network.websocket.allowInsecureFromHTTPS",
+ false)) {
+ // Confirmed we are opening plain ws:// and want to prevent this from a
+- // secure context (e.g. https). Check the principal's uri to determine if
+- // we were loaded from https.
+- nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
+- if (globalObject) {
+- nsCOMPtr<nsIPrincipal> principal(globalObject->PrincipalOrNull());
+- if (principal) {
+- nsCOMPtr<nsIURI> uri;
+- principal->GetURI(getter_AddRefs(uri));
+- if (uri) {
+- bool originIsHttps = false;
+- aRv = uri->SchemeIs("https", &originIsHttps);
+- if (NS_WARN_IF(aRv.Failed())) {
+- return;
+- }
+-
+- if (originIsHttps) {
+- aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+- return;
+- }
+- }
++ // secure context (e.g. https).
++ nsCOMPtr<nsIPrincipal> principal;
++ nsCOMPtr<nsIURI> originURI;
++ if (mWorkerPrivate) {
++ // For workers, retrieve the URI from the WorkerPrivate
++ principal = mWorkerPrivate->GetPrincipal();
++ } else {
++ // Check the principal's uri to determine if we were loaded from https.
++ nsCOMPtr<nsIGlobalObject> globalObject(GetEntryGlobal());
++ if (globalObject) {
++ principal = globalObject->PrincipalOrNull();
++ }
++ }
++
++ if (principal) {
++ principal->GetURI(getter_AddRefs(originURI));
++ }
++ if (originURI) {
++ bool originIsHttps = false;
++ aRv = originURI->SchemeIs("https", &originIsHttps);
++ if (NS_WARN_IF(aRv.Failed())) {
++ return;
++ }
++ if (originIsHttps) {
++ aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
++ return;
+ }
+ }
+ }
+--
+2.5.0
+
generated by cgit