[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog libbase/rc.h server/StreamProvi...
From: |
Sandro Santilli |
Subject: |
[Gnash-commit] gnash ChangeLog libbase/rc.h server/StreamProvi... |
Date: |
Sat, 20 Oct 2007 07:06:17 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/10/20 07:06:17
Modified files:
. : ChangeLog
libbase : rc.h
server : StreamProvider.cpp URLAccessManager.cpp
URLAccessManager.h impl.cpp
testsuite/actionscript.all: XML.as
Log message:
* libbase/rc.h: add a "local sandboxes" configuration.
This is not yet allowed to be set in .gnashrc, but
can be set by internal calls.
* server/StreamProvider.cpp: check security also in
the local resource case.
* server/URLAccessManager.{cpp,h}: check local resources
against the sandboxes list of RcInitFile.
* server/impl.cpp (set_base_url): push base url to
the local sandboxes.
* testsuite/actionscript.all/XML.as: add (failing) test for
XML.onData.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.4651&r2=1.4652
http://cvs.savannah.gnu.org/viewcvs/gnash/libbase/rc.h?cvsroot=gnash&r1=1.31&r2=1.32
http://cvs.savannah.gnu.org/viewcvs/gnash/server/StreamProvider.cpp?cvsroot=gnash&r1=1.20&r2=1.21
http://cvs.savannah.gnu.org/viewcvs/gnash/server/URLAccessManager.cpp?cvsroot=gnash&r1=1.19&r2=1.20
http://cvs.savannah.gnu.org/viewcvs/gnash/server/URLAccessManager.h?cvsroot=gnash&r1=1.7&r2=1.8
http://cvs.savannah.gnu.org/viewcvs/gnash/server/impl.cpp?cvsroot=gnash&r1=1.121&r2=1.122
http://cvs.savannah.gnu.org/viewcvs/gnash/testsuite/actionscript.all/XML.as?cvsroot=gnash&r1=1.40&r2=1.41
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.4651
retrieving revision 1.4652
diff -u -b -r1.4651 -r1.4652
--- ChangeLog 20 Oct 2007 06:00:12 -0000 1.4651
+++ ChangeLog 20 Oct 2007 07:05:16 -0000 1.4652
@@ -1,5 +1,19 @@
2007-10-20 Sandro Santilli <address@hidden>
+ * libbase/rc.h: add a "local sandboxes" configuration.
+ This is not yet allowed to be set in .gnashrc, but
+ can be set by internal calls.
+ * server/StreamProvider.cpp: check security also in
+ the local resource case.
+ * server/URLAccessManager.{cpp,h}: check local resources
+ against the sandboxes list of RcInitFile.
+ * server/impl.cpp (set_base_url): push base url to
+ the local sandboxes.
+ * testsuite/actionscript.all/XML.as: add (failing) test for
+ XML.onData.
+
+2007-10-20 Sandro Santilli <address@hidden>
+
* server/URLAccessManager.{cpp,h}, server/asobj/xmlsocket.cpp
Don't expose allowHost w/out port, rename allowHost (with port)
to allowXMLSocket.
Index: libbase/rc.h
===================================================================
RCS file: /sources/gnash/gnash/libbase/rc.h,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -b -r1.31 -r1.32
--- libbase/rc.h 8 Oct 2007 12:56:27 -0000 1.31
+++ libbase/rc.h 20 Oct 2007 07:05:16 -0000 1.32
@@ -112,6 +112,27 @@
/// Set the number of seconds of inactivity before timing out streams
downloads
void setStreamsTimeout(double x) { _streamsTimeout = x; }
+ typedef std::vector<std::string> PathList;
+
+ /// Return the list of directories to be used as the 'local' sandbox
+ //
+ /// Local sendbox is the set of resources on the filesystem we want to
+ /// give the current movie access to.
+ ///
+ const PathList& getLocalSandboxPath() const { return _localSandboxPath; }
+
+ /// Add a directory to the local sandbox list
+ void addLocalSandboxPath(const std::string& dir)
+ {
+ _localSandboxPath.push_back(dir);
+ }
+
+ /// Set the local sandbox list
+ void setLocalSandboxPath(const PathList& path)
+ {
+ _localSandboxPath = path;
+ }
+
void dump();
private:
@@ -163,6 +184,10 @@
/// The number of seconds of inactivity triggering download timeout
double _streamsTimeout;
+ /// Local sendbox: the set of resources on the filesystem we want to
+ /// give the current movie access to.
+ PathList _localSandboxPath;
+
void expandPath(std::string& path); //path string operations
static bool extractSetting(bool *var, const char *pattern,
Index: server/StreamProvider.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/StreamProvider.cpp,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -b -r1.20 -r1.21
--- server/StreamProvider.cpp 1 Jul 2007 10:54:19 -0000 1.20
+++ server/StreamProvider.cpp 20 Oct 2007 07:06:16 -0000 1.21
@@ -65,11 +65,20 @@
std::string path = url.path();
if ( path == "-" )
{
+ // TODO: only allow this as the *very first* call ?
+ // Rationale is a movie might request load of
+ // standar input, being a security issue.
+ // Note also that the FB gui will use stdin
+ // for key events.
+ //
FILE *newin = fdopen(dup(0), "rb");
return new tu_file(newin, true); // close by dtor
}
else
{
+ // check security here !!
+ if ( ! URLAccessManager::allow(url) ) return NULL;
+
FILE *newin = fopen(path.c_str(), "rb");
if (!newin) {
return NULL;
Index: server/URLAccessManager.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/URLAccessManager.cpp,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -b -r1.19 -r1.20
--- server/URLAccessManager.cpp 20 Oct 2007 06:00:13 -0000 1.19
+++ server/URLAccessManager.cpp 20 Oct 2007 07:06:16 -0000 1.20
@@ -23,6 +23,7 @@
#include "URL.h"
#include "log.h"
#include "StringPredicates.h" // for case-insensitive host match
+#include "gnash.h" // for get_base_url
#include "rc.h" // for rcfile
#include <cerrno> // for errno :)
@@ -193,6 +194,67 @@
return true;
}
+static bool
+pathIsUnderDir(const std::string& path, const std::string& dir)
+{
+ size_t dirLen = dir.length();
+ if ( dirLen > path.length() ) return false; // can't contain it, right ?
+
+ // Path must be equal to dir for the whole dir length
+ //
+ // TODO: this is pretty lame, can do better with some normalization
+ // we'd need a generic splitPathInComponents.. maybe as a static
+ // public method of gnash::URL ?
+ //
+ if ( path.compare(0, dirLen, dir) ) return false;
+
+ return true;
+}
+
+/// Return true if we allow load of the local resource, false otherwise.
+//
+static bool
+local_check(const std::string& path)
+{
+// GNASH_REPORT_FUNCTION;
+
+ assert( ! path.empty() );
+
+ // Don't allow local access if base url is a network resource
+ // TODO: let user override this behaviour using the .gnashrc file
+ const URL& baseUrl = get_base_url();
+ if ( baseUrl.protocol() != "file" )
+ {
+ log_security("Load of file %s forbidden (base url %s is not a local
resource).",
+ path.c_str(), baseUrl.str().c_str());
+ return false;
+ }
+
+ RcInitFile& rcfile = RcInitFile::getDefaultInstance();
+
+ typedef RcInitFile::PathList PathList;
+ const PathList& sandbox = rcfile.getLocalSandboxPath();
+
+ for (PathList::const_iterator i=sandbox.begin(), e=sandbox.end();
+ i!=e; ++i)
+ {
+ const std::string& dir = *i;
+ if ( pathIsUnderDir(path, dir) )
+ {
+ log_security("Load of file %s granted (under local sandbox %s).",
+ path.c_str(), dir.c_str());
+ return true;
+ }
+ }
+
+ // TODO: dump local sandboxes here ? (or maybe send the info to the GUI
properties
+ // view
+ log_security("Load of file %s forbidden (not under local sandboxes).",
+ path.c_str());
+ return false;
+
+}
+
/// Return true if we allow load from host, false otherwise.
//
/// This function will check for localhost/localdomain (if requested)
@@ -287,9 +349,12 @@
std::string host = url.hostname();
- // always allow from local host
- if (host.size() == 0) {
- return true;
+ // Local resources can be accessed only if they are
+ // in a directory listed as local sandbox
+ if (host.size() == 0)
+ {
+ assert(host.protocol() == "file");
+ return local_check(url.path());
}
return host_check(host);
}
Index: server/URLAccessManager.h
===================================================================
RCS file: /sources/gnash/gnash/server/URLAccessManager.h,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- server/URLAccessManager.h 20 Oct 2007 06:00:13 -0000 1.7
+++ server/URLAccessManager.h 20 Oct 2007 07:06:17 -0000 1.8
@@ -36,7 +36,7 @@
/// Return true if access to given url is allowed, false otherwise.
//
-/// Will use rc file for whitelist/blacklist.
+/// Will use rc file for whitelist/blacklist and localSendbox.
///
bool allow(const URL& url);
Index: server/impl.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/impl.cpp,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -b -r1.121 -r1.122
--- server/impl.cpp 21 Sep 2007 13:40:31 -0000 1.121
+++ server/impl.cpp 20 Oct 2007 07:06:17 -0000 1.122
@@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
//
-/* $Id: impl.cpp,v 1.121 2007/09/21 13:40:31 cmusick Exp $ */
+/* $Id: impl.cpp,v 1.122 2007/10/20 07:06:17 strk Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -93,7 +93,20 @@
// can call this only once during a single run
assert(!globals::baseurl.get());
globals::baseurl.reset(new URL(url));
- log_msg(_("Base url set to: %s"), globals::baseurl->str().c_str());
+ log_debug(_("Base url set to: %s"), globals::baseurl->str().c_str());
+
+ // If base url is a local file, we push the local file's directory
+ // to the list of local sandboxes
+ if ( url.protocol() == "file" )
+ {
+ RcInitFile& rcfile = RcInitFile::getDefaultInstance();
+
+ const std::string& path = url.path();
+
+ size_t lastSlash = path.find_last_of('/');
+ rcfile.addLocalSandboxPath(path.substr(0, lastSlash+1));
+ log_debug(_("Dir %s appended to local sandboxes"),
url.path().c_str());
+ }
}
const URL&
Index: testsuite/actionscript.all/XML.as
===================================================================
RCS file: /sources/gnash/gnash/testsuite/actionscript.all/XML.as,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -b -r1.40 -r1.41
--- testsuite/actionscript.all/XML.as 2 Oct 2007 13:17:30 -0000 1.40
+++ testsuite/actionscript.all/XML.as 20 Oct 2007 07:06:17 -0000 1.41
@@ -20,7 +20,7 @@
// compile this test case with Ming makeswf, and then
// execute it like this gnash -1 -r 0 -v out.swf
-rcsid="$Id: XML.as,v 1.40 2007/10/02 13:17:30 strk Exp $";
+rcsid="$Id: XML.as,v 1.41 2007/10/20 07:06:17 strk Exp $";
#include "check.as"
//#include "dejagnu.as"
@@ -30,7 +30,8 @@
check(XML);
-#if OUTPUT_VERSION >= 6
+#if OUTPUT_VERSION >= 6 // {
+
check(! XML.prototype.hasOwnProperty("appendChild") );
check(! XML.prototype.hasOwnProperty("cloneNode") );
check(! XML.prototype.hasOwnProperty("hasChildNodes") );
@@ -93,7 +94,8 @@
check(! XMLNode.hasOwnProperty("removeNode") );
check(! XMLNode.hasOwnProperty("toString") );
check(! XMLNode.hasOwnProperty("cloneNode") );
-#endif
+
+#endif // OUTPUT_VERSION >= 6 }
check(XML.prototype instanceof XMLNode);
@@ -614,6 +616,12 @@
//--------------------------------------------------------------------
myxml = new XML;
+
+xcheck_equals(typeof(myxml.onData), 'function');
+#if OUTPUT_VERSION > 5
+check(myxml.onData != XML.prototype.parseXML);
+#endif
+
myxml.onLoad = function(success)
{
note("myxml.onLoad("+success+") called");
@@ -758,10 +766,10 @@
// NOTE: tests inside onLoad are not counted here as onLoad handler
// should execute later !
// Gnash fails executing onLoad immediately
- xcheck_totals(228);
+ xcheck_totals(229);
#else
// NOTE: tests inside onLoad are not counted here as onLoad handler
// should execute later !
// Gnash fails executing onLoad immediately
- xcheck_totals(291);
+ xcheck_totals(293);
#endif
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] gnash ChangeLog libbase/rc.h server/StreamProvi...,
Sandro Santilli <=