Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf...

author Reed Loden <reed@reedloden.com>

Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)

committer David Lawrence <dkl@mozilla.com>

Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)
author Reed Loden <reed@reedloden.com>
Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)
committer David Lawrence <dkl@mozilla.com>
Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm

index 5290caa5d08e858d0116bfa2864878cfa02a83cc..177e2618dda32ba1cf2f2a572fc3769e471559b5 100644 (file)
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -80,7 +80,9 @@ sub response {
      # Implement JSONP.
      if (my $callback = $self->_bz_callback) {
          my $content = $response->content;
-        $response->content("$callback($content)");
+        # Prepend the JSONP response with /**/ in order to protect
+        # against possible encoding attacks (e.g., affecting Flash).
+        $response->content("/**/$callback($content)");
      }
  
      # Use $cgi->header properly instead of just printing text directly.
author	Reed Loden <reed@reedloden.com>
	Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)
committer	David Lawrence <dkl@mozilla.com>
	Thu, 24 Jul 2014 17:37:40 +0000 (17:37 +0000)