Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid…

Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid swf content type sniff vulnerability r=glob,a=sgreen

Bug 1036213 - (CVE-2014-1546) add '/**/' before jsonrpc.cgi callback to avoid…
ac5bf59b · Simon Green · David Lawrence · 5d245202 · ac5bf59b
Commit ac5bf59b authored Jul 24, 2014 by Simon Green Committed by David Lawrence Jul 24, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

JSONRPC.pm Bugzilla/WebService/Server/JSONRPC.pm +3 -2

No files found.
--- a/Bugzilla/WebService/Server/JSONRPC.pm
+++ b/Bugzilla/WebService/Server/JSONRPC.pm
@@ -77,8 +77,9 @@ sub response {
    # Implement JSONP.
    if (my $callback = $self->_bz_callback) {
        my $content = $response->content;
-        $response->content("$callback($content)");
-
+        # Prepend the JSONP response with /**/ in order to protect
+        # against possible encoding attacks (e.g., affecting Flash).
+        $response->content("/**/$callback($content)");
    }

    # Use $cgi->header properly instead of just printing text directly.