From: Simon Green <sgreen@redhat.com>
Date: Thu, 24 Jul 2014 17:34:12 +0000 (+0000)
Subject: Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf... 
X-Git-Tag: bugzilla-4.4.5~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac5bf59b76a016438386438c1c3d26b052cd88da;p=thirdparty%2Fbugzilla.git

Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
---

diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm
index 9f57104398..c2d1e8c745 100644
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -77,8 +77,9 @@ sub response {
     # Implement JSONP.
     if (my $callback = $self->_bz_callback) {
         my $content = $response->content;
-        $response->content("$callback($content)");
-
+        # Prepend the JSONP response with /**/ in order to protect
+        # against possible encoding attacks (e.g., affecting Flash).
+        $response->content("/**/$callback($content)");
     }
 
     # Use $cgi->header properly instead of just printing text directly.