From 5785a7c36637a015c6e0506ad953c91ddc8362eb Mon Sep 17 00:00:00 2001 From: Cameron Kaiser Date: Sun, 17 May 2020 14:24:43 -0700 Subject: [PATCH] #602: CSP semantics update, fix wss: access --- dom/security/nsCSPParser.cpp | 3 ++- dom/security/nsCSPUtils.cpp | 37 +++++++++++++++++++++++++++++++++--- dom/security/nsCSPUtils.h | 12 +++++++++++- 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp index e606dd94b..d17609350 100644 --- a/dom/security/nsCSPParser.cpp +++ b/dom/security/nsCSPParser.cpp @@ -574,7 +574,8 @@ nsCSPParser::keywordSource() // Special case handling for 'self' which is not stored internally as a keyword, // but rather creates a nsCSPHostSrc using the selfURI if (CSP_IsKeyword(mCurToken, CSP_SELF)) { - return CSP_CreateHostSrcFromURI(mSelfURI); + // TenFourFox issue 602 + return CSP_CreateHostSrcFromURI(mSelfURI, /* aIsSelf */ true); } if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_INLINE)) { diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp index dcbffb594..0ac99f342 100644 --- a/dom/security/nsCSPUtils.cpp +++ b/dom/security/nsCSPUtils.cpp @@ -191,7 +191,7 @@ CSP_ContentTypeToDirective(nsContentPolicyType aType) } nsCSPHostSrc* -CSP_CreateHostSrcFromURI(nsIURI* aURI) +CSP_CreateHostSrcFromURI(nsIURI* aURI, bool aIsSelf) { // Create the host first nsCString host; @@ -211,6 +211,10 @@ CSP_CreateHostSrcFromURI(nsIURI* aURI) portStr.AppendInt(port); hostsrc->setPort(portStr); } + + // Mark if this came from 'self' originally (TenFourFox issue 602). + hostsrc->setCameFromSelf(aIsSelf); + return hostsrc; } @@ -303,6 +307,14 @@ permitsScheme(const nsAString& aEnforcementScheme, return true; } + // TenFourFox issue 602: allow loading wss if the enforcement scheme is TLS, + // or if we are promised an upgrade of ws. + if (aEnforcementScheme.EqualsASCII("https") && + (scheme.EqualsASCII("wss") || + (aUpgradeInsecure && !aReportOnly && scheme.EqualsASCII("ws")))) { + return true; + } + // Allow the load when enforcing upgrade-insecure-requests with the // promise the request gets upgraded from http to https and ws to wss. // See nsHttpChannel::Connect() and also WebSocket.cpp. Please note, @@ -316,6 +328,7 @@ permitsScheme(const nsAString& aEnforcementScheme, /* ===== nsCSPSrc ============================ */ nsCSPBaseSrc::nsCSPBaseSrc() + : mCameFromSelf(false) // TenFourFox issue 602 { } @@ -323,6 +336,18 @@ nsCSPBaseSrc::~nsCSPBaseSrc() { } +/* TenFourFox issue 602 */ +bool +nsCSPBaseSrc::getCameFromSelf() const +{ + return mCameFromSelf; +} +void +nsCSPBaseSrc::setCameFromSelf(bool aIsSelf) +{ + mCameFromSelf = aIsSelf; +} + // ::permits is only called for external load requests, therefore: // nsCSPKeywordSrc and nsCSPHashSource fall back to this base class // implementation which will never allow the load. @@ -338,8 +363,7 @@ nsCSPBaseSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected return false; } -// ::allows is only called for inlined loads, therefore: -// nsCSPSchemeSrc, nsCSPHostSrc fall back +// ::allows is only called for inlined loads, therefore externals fall back // to this base class implementation which will never allow the load. bool nsCSPBaseSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const @@ -534,6 +558,13 @@ nsCSPHostSrc::permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected return true; } +// TenFourFox issue 602. Called for inlined loads only. +bool +nsCSPHostSrc::allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const +{ + return getCameFromSelf(); +} + void nsCSPHostSrc::toString(nsAString& outStr) const { diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h index a0cd8bd15..480d66843 100644 --- a/dom/security/nsCSPUtils.h +++ b/dom/security/nsCSPUtils.h @@ -169,7 +169,8 @@ inline CSPKeyword CSP_KeywordToEnum(const nsAString& aKey) class nsCSPHostSrc; -nsCSPHostSrc* CSP_CreateHostSrcFromURI(nsIURI* aURI); +// TenFourFox issue 602 +nsCSPHostSrc* CSP_CreateHostSrcFromURI(nsIURI* aURI, bool aIsSelf = false); bool CSP_IsValidDirective(const nsAString& aDir); bool CSP_IsDirective(const nsAString& aValue, CSPDirective aDir); bool CSP_IsKeyword(const nsAString& aValue, enum CSPKeyword aKey); @@ -188,6 +189,12 @@ class nsCSPBaseSrc { bool aReportOnly, bool aUpgradeInsecure) const; virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const; virtual void toString(nsAString& outStr) const = 0; + +/* TenFourFox issue 602 */ + bool getCameFromSelf() const; + void setCameFromSelf(bool isSelf); + private: + bool mCameFromSelf; }; /* =============== nsCSPSchemeSrc ============ */ @@ -214,6 +221,9 @@ class nsCSPHostSrc : public nsCSPBaseSrc { bool permits(nsIURI* aUri, const nsAString& aNonce, bool aWasRedirected, bool aReportOnly, bool aUpgradeInsecure) const; +/* TenFourFox issue 602 */ + bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const; + void toString(nsAString& outStr) const; void setScheme(const nsAString& aScheme);