From: Reed Loden Date: Thu, 24 Jul 2014 17:37:40 +0000 (+0000) Subject: Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf... X-Git-Tag: bugzilla-4.5.5~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=02ce906f56b0c127136fbdb7eaeef4012168a990;p=thirdparty%2Fbugzilla.git Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability r=glob,a=sgreen --- diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 5290caa5d0..177e2618dd 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -80,7 +80,9 @@ sub response { # Implement JSONP. if (my $callback = $self->_bz_callback) { my $content = $response->content; - $response->content("$callback($content)"); + # Prepend the JSONP response with /**/ in order to protect + # against possible encoding attacks (e.g., affecting Flash). + $response->content("/**/$callback($content)"); } # Use $cgi->header properly instead of just printing text directly.