Skip to content

Commit

Permalink
Bug 1781116 - QuotaManager needs to deal with SQLite path canonicaliz…
Browse files Browse the repository at this point in the history
…ation/symlink piercing; r=asuth,dom-storage-reviewers

Depends on D171440

Differential Revision: https://phabricator.services.mozilla.com/D171869
  • Loading branch information
janvarga committed Mar 7, 2023
1 parent 1866e77 commit c0343f9
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 2 deletions.
9 changes: 8 additions & 1 deletion modules/libpref/init/StaticPrefList.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3415,7 +3415,7 @@
value: false
mirror: always

#ifdef XP_WIN
#if defined(XP_WIN)
# Preference that is used to set nsILocalFileWin::useDOSDevicePathSyntax
# attribute for all local file instances created by QuotaManager and its
# clients. The value of this preference is cached so changing the preference
Expand All @@ -3433,6 +3433,13 @@
type: RelaxedAtomicBool
value: true
mirror: always
#elif defined(XP_UNIX)
# Preference that is used to enable the overriding of Unix xFullPathname
# implementation in QuotaVFS.
- name: dom.quotaManager.overrideXFullPathnameUnix
type: RelaxedAtomicBool
value: true
mirror: always
#endif

# How many times we should retry directory removal or renaming if access was
Expand Down
58 changes: 57 additions & 1 deletion storage/QuotaVFS.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,12 @@
#include "mozilla/dom/quota/PersistenceType.h"
#include "mozilla/dom/quota/QuotaManager.h"
#include "mozilla/dom/quota/QuotaObject.h"
#include "mozilla/dom/quota/ResultExtensions.h"
#include "nsDirectoryServiceDefs.h"
#include "nsEscape.h"
#include "mozilla/StaticPrefs_storage.h"

#ifdef XP_WIN
#if defined(XP_WIN) || defined(XP_UNIX)
# include "mozilla/StaticPrefs_dom.h"
#endif

Expand Down Expand Up @@ -428,6 +430,60 @@ int QuotaFullPathname(sqlite3_vfs* vfs, const char* zName, int nOut,
}
zOut[index] = '\0';

return SQLITE_OK;
}
#elif defined(XP_UNIX)
// SQLite canonicalizes (resolves path components) file paths on Unix which
// doesn't work well with file path sanity checks in quota manager. This is
// especially a problem on mac where /var is a symlink to /private/var.
// Since QuotaVFS is used only by quota clients which never access databases
// outside of PROFILE/storage, we override Unix xFullPathname with own
// implementation that doesn't do any canonicalization.

if (StaticPrefs::dom_quotaManager_overrideXFullPathnameUnix()) {
if (nOut < 0) {
// Match the return code used by SQLite's xFullPathname implementation
// here and below.
return SQLITE_CANTOPEN;
}

QM_TRY_INSPECT(
const auto& path, ([&zName]() -> Result<nsString, nsresult> {
NS_ConvertUTF8toUTF16 name(zName);

if (name.First() == '/') {
return name;
}

QM_TRY_INSPECT(const auto& file,
MOZ_TO_RESULT_INVOKE_TYPED(nsCOMPtr<nsIFile>,
NS_GetSpecialDirectory,
NS_OS_CURRENT_WORKING_DIR));

QM_TRY(MOZ_TO_RESULT(file->Append(name)));

QM_TRY_RETURN(
MOZ_TO_RESULT_INVOKE_MEMBER_TYPED(nsString, file, GetPath));
}()),
SQLITE_CANTOPEN);

QM_TRY_INSPECT(const auto& quotaFile, QM_NewLocalFile(path),
SQLITE_CANTOPEN);

QM_TRY_INSPECT(
const auto& quotaPath,
MOZ_TO_RESULT_INVOKE_MEMBER_TYPED(nsString, quotaFile, GetPath),
SQLITE_CANTOPEN);

NS_ConvertUTF16toUTF8 sqlitePath(quotaPath);

if (sqlitePath.Length() > (unsigned int)nOut) {
return SQLITE_CANTOPEN;
}

nsCharTraits<char>::copy(zOut, sqlitePath.get(), sqlitePath.Length());
zOut[sqlitePath.Length()] = '\0';

return SQLITE_OK;
}
#endif
Expand Down

0 comments on commit c0343f9

Please sign in to comment.