From c469554e9ee39c81cb4600e9efc4121d9b8c0afb Mon Sep 17 00:00:00 2001
From: Cameron Kaiser <classilla@floodgap.com>
Date: Sat, 18 Aug 2018 20:37:52 -0700
Subject: [PATCH] #512: our own fix for M1412081

---
 netwerk/base/nsURLHelperOSX.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/netwerk/base/nsURLHelperOSX.cpp b/netwerk/base/nsURLHelperOSX.cpp
index bcc0b257f..4ebef4a3c 100644
--- a/netwerk/base/nsURLHelperOSX.cpp
+++ b/netwerk/base/nsURLHelperOSX.cpp
@@ -206,6 +206,17 @@ net_GetFileFromURLSpec(const nsACString &aURL, nsIFile **result)
   if (bHFSPath)
     convertHFSPathtoPOSIX(path, path);
 
+  // TenFourFox issue 512 (our own fix for M1412081). Just disallow anything
+  // where path starts with /net/ since it looks like ../ paths have already
+  // been parsed. Not needed for Tiger, but doesn't hurt.
+  nsAutoCString lcPath;
+  lcPath.Append(path);
+  ToLowerCase(lcPath);
+  if (StringBeginsWith(lcPath, NS_LITERAL_CSTRING("/net/"))) {
+    fprintf(stderr, "Warning: TenFourFox blocking file:// access to potentially dangerous path %s.\n", path.get());
+    return NS_ERROR_FILE_INVALID_PATH;
+  }
+
   // assuming path is encoded in the native charset
   rv = localFile->InitWithNativePath(path);
   if (NS_FAILED(rv))