Merge remote-tracking branch 'origin/custom' into ia32

ia32
roytam1 1 month ago
commit b204058ce7
  1. 18
      dom/base/nsTreeSanitizer.cpp
  2. 4
      dom/base/nsTreeSanitizer.h
  3. 6
      dom/media/mediasource/TrackBuffersManager.cpp
  4. 20
      modules/libpref/init/all.js
  5. 5
      netwerk/base/nsPACMan.cpp
  6. 7
      security/nss/lib/softoken/legacydb/lginit.c
  7. 15
      security/nss/lib/util/secasn1d.c
  8. 6
      xpcom/glue/nsTArray.h

@ -1185,7 +1185,8 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
continue;
}
if (IsURL(aURLs, attrLocal)) {
if (SanitizeURL(aElement, attrNs, attrLocal)) {
bool fragmentOnly = aElement->IsSVGElement(nsGkAtoms::use);
if (SanitizeURL(aElement, attrNs, attrLocal, fragmentOnly)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.
--ac;
@ -1239,7 +1240,8 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
// else not allowed
} else if (aAllowXLink && kNameSpaceID_XLink == attrNs) {
if (nsGkAtoms::href == attrLocal) {
if (SanitizeURL(aElement, attrNs, attrLocal)) {
bool fragmentOnly = aElement->IsSVGElement(nsGkAtoms::use);
if (SanitizeURL(aElement, attrNs, attrLocal, fragmentOnly)) {
// in case the attribute removal shuffled the attribute order, start
// the loop again.
--ac;
@ -1273,7 +1275,8 @@ nsTreeSanitizer::SanitizeAttributes(mozilla::dom::Element* aElement,
bool
nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
int32_t aNamespace,
nsIAtom* aLocalName)
nsIAtom* aLocalName,
bool aFragmentOnly)
{
nsAutoString value;
aElement->GetAttr(aNamespace, aLocalName, value);
@ -1282,6 +1285,15 @@ nsTreeSanitizer::SanitizeURL(mozilla::dom::Element* aElement,
static const char* kWhitespace = "\n\r\t\b";
const nsAString& v =
nsContentUtils::TrimCharsInSet(kWhitespace, value);
// Fragment-only url cannot be harmful.
if (!v.IsEmpty() && v.First() == u'#') {
return false;
}
// if we allow only same-document fragment URLs, stop and remove here
if (aFragmentOnly) {
aElement->UnsetAttr(aNamespace, aLocalName, false);
return true;
}
nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
uint32_t flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;

@ -143,11 +143,13 @@ class MOZ_STACK_CLASS nsTreeSanitizer {
* @param aElement the element whose attribute to possibly modify
* @param aNamespace the namespace of the URL attribute
* @param aLocalName the local name of the URL attribute
* @param aFragmentOnly allows same-document references only
* @return true if the attribute was removed and false otherwise
*/
bool SanitizeURL(mozilla::dom::Element* aElement,
int32_t aNamespace,
nsIAtom* aLocalName);
nsIAtom* aLocalName,
bool aFragmentOnly = false);
/**
* Checks a style rule for the presence of the 'binding' CSS property and

@ -22,15 +22,15 @@
extern mozilla::LogModule* GetMediaSourceLog();
#define MSE_DEBUG(arg, ...) MOZ_LOG(GetMediaSourceLog(), mozilla::LogLevel::Debug, ("TrackBuffersManager(%p:%s)::%s: " arg, this, mType.get(), __func__, ##__VA_ARGS__))
#define MSE_DEBUGV(arg, ...) MOZ_LOG(GetMediaSourceLog(), mozilla::LogLevel::Verbose, ("TrackBuffersManager(%p:%s)::%s: " arg, this, mType.get(), __func__, ##__VA_ARGS__))
#define MSE_DEBUG(arg, ...) MOZ_LOG(GetMediaSourceLog(), mozilla::LogLevel::Debug, ("TrackBuffersManager(%p)::%s: " arg, this,__func__, ##__VA_ARGS__))
#define MSE_DEBUGV(arg, ...) MOZ_LOG(GetMediaSourceLog(), mozilla::LogLevel::Verbose, ("TrackBuffersManager(%p)::%s: " arg, this, __func__, ##__VA_ARGS__))
mozilla::LogModule* GetMediaSourceSamplesLog()
{
static mozilla::LazyLogModule sLogModule("MediaSourceSamples");
return sLogModule;
}
#define SAMPLE_DEBUG(arg, ...) MOZ_LOG(GetMediaSourceSamplesLog(), mozilla::LogLevel::Debug, ("TrackBuffersManager(%p:%s)::%s: " arg, this, mType.get(), __func__, ##__VA_ARGS__))
#define SAMPLE_DEBUG(arg, ...) MOZ_LOG(GetMediaSourceSamplesLog(), mozilla::LogLevel::Debug, ("TrackBuffersManager(%p)::%s: " arg, this, __func__, ##__VA_ARGS__))
namespace mozilla {

@ -1360,26 +1360,30 @@ pref("network.protocol-handler.external-default", true); // OK to load
pref("network.protocol-handler.warn-external-default", true); // warn before load
// Prevent using external protocol handlers for these schemes
pref("network.protocol-handler.external.afp", false);
pref("network.protocol-handler.external.data", false);
pref("network.protocol-handler.external.disk", false);
pref("network.protocol-handler.external.disks", false);
pref("network.protocol-handler.external.hcp", false);
pref("network.protocol-handler.external.vbscript", false);
pref("network.protocol-handler.external.javascript", false);
pref("network.protocol-handler.external.data", false);
pref("network.protocol-handler.external.ie.http", false);
pref("network.protocol-handler.external.iehistory", false);
pref("network.protocol-handler.external.ierss", false);
pref("network.protocol-handler.external.mk", false);
pref("network.protocol-handler.external.ms-help", false);
pref("network.protocol-handler.external.mk", false);
pref("network.protocol-handler.external.moz-icon", false);
pref("network.protocol-handler.external.res", false);
pref("network.protocol-handler.external.shell", false);
pref("network.protocol-handler.external.vbscript", false);
pref("network.protocol-handler.external.vnd.ms.radio", false);
#ifdef XP_WIN
pref("network.protocol-handler.external.ms-help", false);
pref("network.protocol-handler.external.ms-msdt", false);
pref("network.protocol-handler.external.search", false);
pref("network.protocol-handler.external.search-ms", false);
#endif
#ifdef XP_MACOSX
pref("network.protocol-handler.external.help", false);
#endif
pref("network.protocol-handler.external.disk", false);
pref("network.protocol-handler.external.disks", false);
pref("network.protocol-handler.external.afp", false);
pref("network.protocol-handler.external.moz-icon", false);
// Don't allow external protocol handlers for common typos
pref("network.protocol-handler.external.ttp", false); // http

@ -474,6 +474,11 @@ nsPACMan::StartLoading()
void
nsPACMan::OnLoadFailure()
{
// We have to clear the loader to indicate that we are currently not loading PAC.
if (mLoader) {
mLoader = nullptr;
}
int32_t minInterval = 5; // 5 seconds
int32_t maxInterval = 300; // 5 minutes

@ -515,6 +515,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues,
SECITEM_HashCompare, NULL, 0);
if (lgdb_p->hashTable == NULL) {
PR_DestroyLock(lgdb_p->dbLock);
goto loser;
}
@ -546,12 +547,6 @@ loser:
PORT_Free(sdb);
}
if (lgdb_p) {
if (lgdb_p->dbLock) {
PR_DestroyLock(lgdb_p->dbLock);
}
if (lgdb_p->hashTable) {
PL_HashTableDestroy(lgdb_p->hashTable);
}
PORT_Free(lgdb_p);
}
return error;

@ -1114,7 +1114,7 @@ sec_asn1d_prepare_for_contents(sec_asn1d_state *state)
* inspection, too) then move this code into the switch statement
* below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
*/
PORT_Assert(state->underlying_kind == SEC_ASN1_SET_OF || state->underlying_kind == SEC_ASN1_SEQUENCE_OF || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC) || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC));
PORT_Assert(state->underlying_kind == SEC_ASN1_SET_OF || state->underlying_kind == SEC_ASN1_SEQUENCE_OF || state->underlying_kind == (SEC_ASN1_SET_OF | SEC_ASN1_DYNAMIC) || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC));
if (state->contents_length != 0 || state->indefinite) {
const SEC_ASN1Template *subt;
@ -2463,7 +2463,18 @@ sec_asn1d_parse_end_of_contents(sec_asn1d_state *state,
if (state->pending == 0) {
state->place = afterEndOfContents;
state->endofcontents = PR_TRUE;
/* These end-of-contents octets either terminate a SEQUENCE, a GROUP,
* or a constructed string. The SEQUENCE case is unique in that the
* state parses its own end-of-contents octets and therefore should not
* have its `endofcontents` flag set. We identify the SEQUENCE case by
* checking whether the child state's template is pointing at a
* template terminator (see `sec_asn1d_next_in_sequence`).
*/
if (state->child && state->child->theTemplate->kind == 0) {
state->endofcontents = PR_FALSE;
} else {
state->endofcontents = PR_TRUE;
}
}
return len;

@ -2018,6 +2018,12 @@ auto
nsTArray_Impl<E, Alloc>::ReplaceElementsAt(index_type aStart, size_type aCount,
const Item* aArray, size_type aArrayLen) -> elem_type*
{
if (MOZ_UNLIKELY(aStart > Length())) {
InvalidArrayIndex_CRASH(aStart, Length());
}
if (MOZ_UNLIKELY(aCount > Length() - aStart)) {
InvalidArrayIndex_CRASH(aStart + aCount, Length());
}
// Adjust memory allocation up-front to catch errors.
if (!ActualAlloc::Successful(this->template EnsureCapacity<ActualAlloc>(
Length() + aArrayLen - aCount, sizeof(elem_type)))) {

Loading…
Cancel
Save