diff options
author | Reed Loden <reed@reedloden.com> | 2014-07-24 19:37:40 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2014-07-24 19:37:40 +0200 |
commit | 02ce906f56b0c127136fbdb7eaeef4012168a990 (patch) | |
tree | 618632cc7fd881f48fb4cb203700f6a2ab59bc2c | |
parent | cf3e8bc724148ac85f838b35b0b0bd72fa5f349f (diff) | |
download | bugzilla-02ce906f56b0c127136fbdb7eaeef4012168a990.tar.gz bugzilla-02ce906f56b0c127136fbdb7eaeef4012168a990.tar.xz |
Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
-rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 5290caa5d..177e2618d 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -80,7 +80,9 @@ sub response { # Implement JSONP. if (my $callback = $self->_bz_callback) { my $content = $response->content; - $response->content("$callback($content)"); + # Prepend the JSONP response with /**/ in order to protect + # against possible encoding attacks (e.g., affecting Flash). + $response->content("/**/$callback($content)"); } # Use $cgi->header properly instead of just printing text directly. |