From d7fadcdef94399e14ad9ad8318ebc7131b78a75a Mon Sep 17 00:00:00 2001 From: FranklinDM Date: Mon, 23 May 2022 21:58:07 +0800 Subject: Issue #1909 - Guard against empty update manifest URL When installing an incompatible add-on, the add-ons manager checks first if a newer and compatible version of that add-on is available by sending a request either to the AUS or the provided update URL in the manifest. If there's no update URL in the manifest and if the application does not provide an add-on update URL via preferences, the add-ons manager will error out and fail to notify that the said add-on is incompatible. This commit addresses that by: (a) preventing substitutions on the update manifest URL - this throws an error if it's empty; and (b) failing early in the add-on update checker if the update manifest URL is empty and sends out an error notification --- toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm | 8 ++++++++ toolkit/mozapps/extensions/internal/XPIProvider.jsm | 6 +++++- 2 files changed, 13 insertions(+), 1 deletion(-) (limited to 'toolkit') diff --git a/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm b/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm index 0dfb7cd109..7eb8c9b9d5 100644 --- a/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm +++ b/toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm @@ -611,6 +611,14 @@ function UpdateParser(aId, aUpdateKey, aUrl, aObserver) { let requireBuiltIn = Services.prefs.getBoolPref(PREF_UPDATE_REQUIREBUILTINCERTS, true); logger.debug("Requesting " + aUrl); + + if (!aUrl) { + logger.warn("Request failed: empty update manifest URL"); + this._doneAt = new Error("UP_emptyManifestURL"); + this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR); + return; + } + try { this.request = new ServiceRequest(); this.request.open("GET", this.url, true); diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index dbb1a18dd1..d266ab6fac 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -6129,7 +6129,11 @@ function UpdateChecker(aAddon, aListener, aReason, aAppVersion, aPlatformVersion if ("onUpdateAvailable" in this.listener) aReason |= UPDATE_TYPE_NEWVERSION; - let url = escapeAddonURI(aAddon, updateURL, aReason, aAppVersion); + // Don't perform substitutions on the update URL if we still don't + // have one at this point. + let url = updateURL ? + escapeAddonURI(aAddon, url, aReason, aAppVersion) : + updateURL; this._parser = AddonUpdateChecker.checkForUpdates(aAddon.id, aAddon.updateKey, url, this); } -- cgit v1.2.3