commit cc60be8eee7b39138adb44c09d0905f8fb7fb0c9 Author: Mike Perry mikeperry-git@torproject.org Date: Wed Feb 11 14:52:15 2015 -0800

fixup! Bug 12430: Disable external jar: via preference

Actually, we should block remote JARs before the load. --- modules/libjar/nsJARChannel.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/libjar/nsJARChannel.cpp b/modules/libjar/nsJARChannel.cpp index f958554..6fcdac8 100644 --- a/modules/libjar/nsJARChannel.cpp +++ b/modules/libjar/nsJARChannel.cpp @@ -764,6 +764,12 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx) if (NS_FAILED(rv)) return rv;

+ // Check preferences to see if all remote jar support should be disabled + if (!mJarFile && Preferences::GetBool("network.jar.block-remote-files", true)) { + mIsUnsafe = true; + return NS_ERROR_UNSAFE_CONTENT_TYPE; + } + // These variables must only be set if we're going to trigger an // OnStartRequest, either from AsyncRead or OnDownloadComplete. // @@ -898,7 +904,8 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader, mContentDisposition = NS_GetContentDispositionFromHeader(mContentDispositionHeader, this); }

- // here we check preferences to see if all remote jar support should be disabled + // This is a defense-in-depth check for the preferences to see if all remote jar + // support should be disabled. This check may not be needed. if (Preferences::GetBool("network.jar.block-remote-files", true)) { mIsUnsafe = true; status = NS_ERROR_UNSAFE_CONTENT_TYPE;