diff options
author | FranklinDM <mrmineshafter17@gmail.com> | 2022-05-30 15:59:23 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2022-05-30 15:59:43 -0500 |
commit | 765406f5323117079d8d3de5b414f32c34757a9a (patch) | |
tree | c5d7e0ccb15d8bb8903cc0f75b24cd004c60b447 | |
parent | 8510f335c3ff39c207d8cb906da3eb91cd73d75a (diff) | |
download | aura-central-765406f5323117079d8d3de5b414f32c34757a9a.tar.gz |
[Components:Addons] Guard against empty update manifest URL
When installing an incompatible add-on, the add-ons manager checks first if a newer and compatible version of that add-on is available by sending a request either to the AUS or the provided update URL in the manifest.
If there's no update URL in the manifest and if the application does not provide an add-on update URL via preferences, the add-ons manager will error out and fail to notify that the said add-on is incompatible.
This commit addresses that by:
(a) preventing substitutions on the update manifest URL - this throws an error if it's empty; and
(b) failing early in the add-on update checker if the update manifest URL is empty and sends out an error notification
-rw-r--r-- | components/addons/src/AddonUpdateChecker.jsm | 8 | ||||
-rw-r--r-- | components/addons/src/XPIProvider.jsm | 6 |
2 files changed, 13 insertions, 1 deletions
diff --git a/components/addons/src/AddonUpdateChecker.jsm b/components/addons/src/AddonUpdateChecker.jsm index 0001f921a..596ac9dd4 100644 --- a/components/addons/src/AddonUpdateChecker.jsm +++ b/components/addons/src/AddonUpdateChecker.jsm @@ -590,6 +590,14 @@ function UpdateParser(aId, aUpdateKey, aUrl, aObserver) { let requireBuiltIn = Services.prefs.getBoolPref(PREF_UPDATE_REQUIREBUILTINCERTS, true); logger.debug("Requesting " + aUrl); + + if (!aUrl) { + logger.warn("Request failed: empty update manifest URL"); + this._doneAt = new Error("UP_emptyManifestURL"); + this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR); + return; + } + try { this.request = new ServiceRequest(); this.request.open("GET", this.url, true); diff --git a/components/addons/src/XPIProvider.jsm b/components/addons/src/XPIProvider.jsm index 4d203b573..c5dcc7f9c 100644 --- a/components/addons/src/XPIProvider.jsm +++ b/components/addons/src/XPIProvider.jsm @@ -6098,7 +6098,11 @@ function UpdateChecker(aAddon, aListener, aReason, aAppVersion, aPlatformVersion if ("onUpdateAvailable" in this.listener) aReason |= UPDATE_TYPE_NEWVERSION; - let url = escapeAddonURI(aAddon, updateURL, aReason, aAppVersion); + // Don't perform substitutions on the update URL if we still don't + // have one at this point. + let url = updateURL ? + escapeAddonURI(aAddon, url, aReason, aAppVersion) : + updateURL; this._parser = AddonUpdateChecker.checkForUpdates(aAddon.id, aAddon.updateKey, url, this); } |