Macintosh-SW/tenfourfox
1
0
Fork 0
mirror of https://github.com/classilla/tenfourfox.git synced 2025-04-12 16:37:15 +00:00
Code Issues Projects Releases Wiki Activity

#512: our own fix for M1412081

Browse Source
This commit is contained in:
Cameron Kaiser 2018-08-18 20:37:52 -07:00
parent 5f47da2304
commit c469554e9e
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
netwerk/base/nsURLHelperOSX.cpp
View File

@ -206,6 +206,17 @@ net_GetFileFromURLSpec(const nsACString &aURL, nsIFile **result)
if (bHFSPath)
convertHFSPathtoPOSIX(path, path);
// TenFourFox issue 512 (our own fix for M1412081). Just disallow anything
// where path starts with /net/ since it looks like ../ paths have already
// been parsed. Not needed for Tiger, but doesn't hurt.
nsAutoCString lcPath;
lcPath.Append(path);
ToLowerCase(lcPath);
if (StringBeginsWith(lcPath, NS_LITERAL_CSTRING("/net/"))) {
fprintf(stderr, "Warning: TenFourFox blocking file:// access to potentially dangerous path %s.\n", path.get());
return NS_ERROR_FILE_INVALID_PATH;
}
// assuming path is encoded in the native charset
rv = localFile->InitWithNativePath(path);
if (NS_FAILED(rv))