diff options
| author |   Simon Green <sgreen@redhat.com> | 2014-07-24 17:09:33 +0000 |
|---|---|---|
| committer |   David Lawrence <dkl@mozilla.com> | 2014-07-24 17:09:33 +0000 |
| commit | 8498827e67b036379dd6c341f45e7713a2e129bc (patch) | |
| tree | 21f22fd5fa750e672704c72041e9498b9b103f71 | |
| parent | Bump version to 4.0.14 (diff) | |
| download | bugzilla-8498827e67b036379dd6c341f45e7713a2e129bc.tar.gz bugzilla-8498827e67b036379dd6c341f45e7713a2e129bc.tar.bz2 bugzilla-8498827e67b036379dd6c341f45e7713a2e129bc.zip | |
Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability
r=glob,a=sgreen
| -rw-r--r-- | Bugzilla/WebService/Server/JSONRPC.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Bugzilla/WebService/Server/JSONRPC.pm b/Bugzilla/WebService/Server/JSONRPC.pm index 5ee341b4b..90334fc7f 100644 --- a/Bugzilla/WebService/Server/JSONRPC.pm +++ b/Bugzilla/WebService/Server/JSONRPC.pm @@ -91,8 +91,9 @@ sub response { # Implement JSONP. if (my $callback = $self->_bz_callback) { my $content = $response->content; - $response->content("$callback($content)"); - + # Prepend the JSONP response with /**/ in order to protect + # against possible encoding attacks (e.g., affecting Flash). + $response->content("/**/$callback($content)"); } # Use $cgi->header properly instead of just printing text directly. |