diff --git a/dom/workers/ScriptLoader.cpp b/dom/workers/ScriptLoader.cpp index a6ae6b2b3..e5941c3c6 100644 --- a/dom/workers/ScriptLoader.cpp +++ b/dom/workers/ScriptLoader.cpp @@ -1040,14 +1040,16 @@ private: rv = NS_GetFinalChannelURI(channel, getter_AddRefs(finalURI)); NS_ENSURE_SUCCESS(rv, rv); - nsCString filename; - rv = finalURI->GetSpec(filename); - NS_ENSURE_SUCCESS(rv, rv); + if (principal->Subsumes(channelPrincipal)) { + nsCString filename; + rv = finalURI->GetSpec(filename); + NS_ENSURE_SUCCESS(rv, rv); - if (!filename.IsEmpty()) { - // This will help callers figure out what their script url resolved to in - // case of errors. - aLoadInfo.mURL.Assign(NS_ConvertUTF8toUTF16(filename)); + if (!filename.IsEmpty()) { + // This will help callers figure out what their script url resolved to in + // case of errors. + aLoadInfo.mURL.Assign(NS_ConvertUTF8toUTF16(filename)); + } } // Update the principal of the worker and its base URI if we just loaded the diff --git a/netwerk/sctp/src/netinet/sctp_input.c b/netwerk/sctp/src/netinet/sctp_input.c index 1301b430c..f469e0f5c 100755 --- a/netwerk/sctp/src/netinet/sctp_input.c +++ b/netwerk/sctp/src/netinet/sctp_input.c @@ -2517,6 +2517,27 @@ sctp_handle_cookie_echo(struct mbuf *m, int iphlen, int offset, /* cookie too small */ return (NULL); } +#if defined(__Userspace__) + /* + * Recover the AF_CONN addresses within the cookie. + * This needs to be done in the buffer provided for later processing + * of the cookie and in the mbuf chain for HMAC validation. + */ + if ((cookie->addr_type == SCTP_CONN_ADDRESS) && (src->sa_family == AF_CONN)) { + struct sockaddr_conn *sconnp = (struct sockaddr_conn *)src; + + memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *)); + m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, address), + (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); + } + if ((cookie->laddr_type == SCTP_CONN_ADDRESS) && (dst->sa_family == AF_CONN)) { + struct sockaddr_conn *sconnp = (struct sockaddr_conn *)dst; + + memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *)); + m_copyback(m, cookie_offset + offsetof(struct sctp_state_cookie, laddress), + (int)sizeof(void *), (caddr_t)&sconnp->sconn_addr); + } +#endif /* * split off the signature into its own mbuf (since it should not be * calculated in the sctp_hmac_m() call). diff --git a/netwerk/sctp/src/netinet/sctp_output.c b/netwerk/sctp/src/netinet/sctp_output.c index 49447fa9d..3f1a9525d 100755 --- a/netwerk/sctp/src/netinet/sctp_output.c +++ b/netwerk/sctp/src/netinet/sctp_output.c @@ -6492,6 +6492,27 @@ sctp_send_initiate_ack(struct sctp_inpcb *inp, struct sctp_tcb *stcb, (uint8_t *)inp->sctp_ep.secret_key[(int)(inp->sctp_ep.current_secret_number)], SCTP_SECRET_SIZE, m_cookie, sizeof(struct sctp_paramhdr), (uint8_t *)signature, SCTP_SIGNATURE_SIZE); +#if defined(__Userspace__) + /* + * Don't put AF_CONN addresses on the wire, in case this is critical + * for the application. However, they are protected by the HMAC and + * need to be reconstructed before checking the HMAC. + * Clearing is only done in the mbuf chain, since the local stc is + * not used anymore. + */ + if (stc.addr_type == SCTP_CONN_ADDRESS) { + const void *p = NULL; + + m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, address), + (int)sizeof(void *), (caddr_t)&p); + } + if (stc.laddr_type == SCTP_CONN_ADDRESS) { + const void *p = NULL; + + m_copyback(m_cookie, sizeof(struct sctp_paramhdr) + offsetof(struct sctp_state_cookie, laddress), + (int)sizeof(void *), (caddr_t)&p); + } +#endif /* * We sifa 0 here to NOT set IP_DF if its IPv4, we ignore the return * here since the timer will drive a retranmission. diff --git a/xpcom/io/Base64.cpp b/xpcom/io/Base64.cpp index 0f19b36b1..24f8ca395 100644 --- a/xpcom/io/Base64.cpp +++ b/xpcom/io/Base64.cpp @@ -101,35 +101,55 @@ EncodeInputStream_Encoder(nsIInputStream* aStream, uint32_t aCount, uint32_t* aWriteCount) { - NS_ASSERTION(aCount > 0, "Er, what?"); + MOZ_ASSERT(aCount > 0, "Er, what?"); EncodeInputStream_State* state = static_cast*>(aClosure); + // We consume the whole data always. + *aWriteCount = aCount; + // If we have any data left from last time, encode it now. uint32_t countRemaining = aCount; const unsigned char* src = (const unsigned char*)aFromSegment; if (state->charsOnStack) { + MOZ_ASSERT(state->charsOnStack == 1 || state->charsOnStack == 2); + + // Not enough data to compose a triple. + if (state->charsOnStack == 1 && countRemaining == 1) { + state->charsOnStack = 2; + state->c[1] = src[0]; + return NS_OK; + } + + uint32_t consumed = 0; unsigned char firstSet[4]; if (state->charsOnStack == 1) { firstSet[0] = state->c[0]; firstSet[1] = src[0]; - firstSet[2] = (countRemaining > 1) ? src[1] : '\0'; + firstSet[2] = src[1]; firstSet[3] = '\0'; + consumed = 2; } else /* state->charsOnStack == 2 */ { firstSet[0] = state->c[0]; firstSet[1] = state->c[1]; firstSet[2] = src[0]; firstSet[3] = '\0'; + consumed = 1; } Encode(firstSet, 3, state->buffer); state->buffer += 4; - countRemaining -= (3 - state->charsOnStack); - src += (3 - state->charsOnStack); + countRemaining -= consumed; + src += consumed; state->charsOnStack = 0; + + // Nothing is left. + if (!countRemaining) { + return NS_OK; + } } - // Encode the bulk of the + // Encode as many full triplets as possible. uint32_t encodeLength = countRemaining - countRemaining % 3; MOZ_ASSERT(encodeLength % 3 == 0, "Should have an exact number of triplets!"); @@ -138,9 +158,6 @@ EncodeInputStream_Encoder(nsIInputStream* aStream, src += encodeLength; countRemaining -= encodeLength; - // We must consume all data, so if there's some data left stash it - *aWriteCount = aCount; - if (countRemaining) { // We should never have a full triplet left at this point. MOZ_ASSERT(countRemaining < 3, "We should have encoded more!");