summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorSimon Green <sgreen@redhat.com>2014-07-24 19:26:23 +0200
committerDavid Lawrence <dkl@mozilla.com>2014-07-24 19:26:23 +0200
commitf0760dd1c4ce87bf7fa5f8ce70cc7c8a45041a6b (patch)
tree9806496e071f5b25004214bb26c33ceadcd3fdab /Bugzilla
parent26728e3c1659d7831e5a05ae26f929854ab7796c (diff)
downloadbugzilla-f0760dd1c4ce87bf7fa5f8ce70cc7c8a45041a6b.tar.gz
bugzilla-f0760dd1c4ce87bf7fa5f8ce70cc7c8a45041a6b.tar.xz
Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/WebService/Server/JSONRPC.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index cec1c29ea..373aa4fe0 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -91,8 +91,9 @@ sub response {
# Implement JSONP.
if (my $callback = $self->_bz_callback) {
my $content = $response->content;
- $response->content("$callback($content)");
-
+ # Prepend the JSONP response with /**/ in order to protect
+ # against possible encoding attacks (e.g., affecting Flash).
+ $response->content("/**/$callback($content)");
}
# Use $cgi->header properly instead of just printing text directly.