Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid…

Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability r=glob,a=sgreen

Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid…
02ce906f · Reed Loden · David Lawrence · cf3e8bc7 · 02ce906f
Commit 02ce906f authored Jul 24, 2014 by Reed Loden Committed by David Lawrence Jul 24, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

JSONRPC.pm Bugzilla/WebService/Server/JSONRPC.pm +3 -1

No files found.
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -80,7 +80,9 @@ sub response {
    # Implement JSONP.
    if (my $callback = $self->_bz_callback) {
        my $content = $response->content;
-        $response->content("$callback($content)");
+        # Prepend the JSONP response with /**/ in order to protect
+        # against possible encoding attacks (e.g., affecting Flash).
+        $response->content("/**/$callback($content)");
    }

    # Use $cgi->header properly instead of just printing text directly.