From 02ce906f56b0c127136fbdb7eaeef4012168a990 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Thu, 24 Jul 2014 17:37:40 +0000
Subject: Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback
 to avoid swf content type sniff vulnerability r=glob,a=sgreen

---
 Bugzilla/WebService/Server/JSONRPC.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/WebService')

diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index 5290caa5d..177e2618d 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -80,7 +80,9 @@ sub response {
     # Implement JSONP.
     if (my $callback = $self->_bz_callback) {
         my $content = $response->content;
-        $response->content("$callback($content)");
+        # Prepend the JSONP response with /**/ in order to protect
+        # against possible encoding attacks (e.g., affecting Flash).
+        $response->content("/**/$callback($content)");
     }
 
     # Use $cgi->header properly instead of just printing text directly.
-- 
cgit v1.2.3-24-g4f1b