Restrict font loads to known MIME types.

2025-07-23 15:23:42 +01:00 · 2015-10-25 11:46:33 -04:00 · 2015-10-25 11:46:33 -04:00 · e17e553f04
commit e17e553f04
parent 1e81b8c133
6 changed files with 39 additions and 2 deletions
--- a/components/gfx/Cargo.toml
+++ b/components/gfx/Cargo.toml
@ -17,6 +17,7 @@ harfbuzz-sys = "0.1"
 lazy_static = "0.1"
 libc = "0.2"
 log = "0.3"
+mime = "0.1"
 rand = "0.3"
 rustc-serialize = "0.3"
 serde = "0.6"
--- a/components/gfx/font_cache_task.rs
+++ b/components/gfx/font_cache_task.rs
@ -5,6 +5,7 @@
 use font_template::{FontTemplate, FontTemplateDescriptor};
 use ipc_channel::ipc::{self, IpcReceiver, IpcSender};
 use ipc_channel::router::ROUTER;
+use mime::{TopLevel, SubLevel};
 use net_traits::{AsyncResponseTarget, LoadContext, PendingAsyncLoad, ResourceTask, ResponseAction};
 use platform::font_context::FontContextHandle;
 use platform::font_list::for_each_available_family;
@ -168,15 +169,31 @@ impl FontCache {
                            let channel_to_self = self.channel_to_self.clone();
                            let url = (*url).clone();
                            let bytes = Mutex::new(Vec::new());
+                            let response_valid = Mutex::new(false);
                            ROUTER.add_route(data_receiver.to_opaque(), box move |message| {
                                let response: ResponseAction = message.to().unwrap();
                                match response {
-                                    ResponseAction::HeadersAvailable(_) |
+                                    ResponseAction::HeadersAvailable(metadata) => {
+                                        let is_response_valid =
+                                            metadata.content_type.as_ref().map_or(false, |content_type| {
+                                                let mime = &content_type.0;
+                                                is_supported_font_type(&mime.0, &mime.1)
+                                            });
+                                        info!("{} font with MIME type {:?}",
+                                              if is_response_valid { "Loading" } else { "Ignoring" },
+                                              metadata.content_type);
+                                        *response_valid.lock().unwrap() = is_response_valid;
+                                    }
                                    ResponseAction::ResponseComplete(Err(_)) => {}
                                    ResponseAction::DataAvailable(new_bytes) => {
+                                        if *response_valid.lock().unwrap() {
                                            bytes.lock().unwrap().extend(new_bytes.into_iter())
                                        }
+                                    }
                                    ResponseAction::ResponseComplete(Ok(_)) => {
+                                        if !*response_valid.lock().unwrap() {
+                                            return;
+                                        }
                                        let mut bytes = bytes.lock().unwrap();
                                        let bytes = mem::replace(&mut *bytes, Vec::new());
                                        let command =
@ -369,3 +386,18 @@ impl FontCacheTask {
        response_port.recv().unwrap();
    }
 }
+
+// derived from http://stackoverflow.com/a/10864297/3830
+fn is_supported_font_type(toplevel: &TopLevel, sublevel: &SubLevel) -> bool {
+    match (toplevel, sublevel) {
+        (&TopLevel::Application, &SubLevel::Ext(ref ext)) => {
+            match &ext[..] {
+                //FIXME: once sniffing is enabled by default, we shouldn't need nonstandard
+                //       MIME types here.
+                "font-sfnt" | "x-font-ttf" | "x-font-truetype" | "x-font-opentype" => true,
+                _ => false,
+            }
+        }
+        _ => false,
+    }
+}
--- a/components/gfx/lib.rs
+++ b/components/gfx/lib.rs
@ -53,6 +53,7 @@ extern crate lazy_static;
 extern crate libc;
 #[macro_use]
 extern crate log;
+extern crate mime;
 extern crate msg;
 extern crate net_traits;
 #[macro_use]
--- a/components/servo/Cargo.lock
+++ b/components/servo/Cargo.lock
@ -623,6 +623,7 @@ dependencies = [
 "lazy_static 0.1.15 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "log 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mime 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "msg 0.0.1",
 "net_traits 0.0.1",
 "plugins 0.0.1",
--- a/ports/cef/Cargo.lock
+++ b/ports/cef/Cargo.lock
@ -590,6 +590,7 @@ dependencies = [
 "lazy_static 0.1.15 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "log 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mime 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "msg 0.0.1",
 "net_traits 0.0.1",
 "plugins 0.0.1",
--- a/ports/gonk/Cargo.lock
+++ b/ports/gonk/Cargo.lock
@ -580,6 +580,7 @@ dependencies = [
 "lazy_static 0.1.15 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "log 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "mime 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "msg 0.0.1",
 "net_traits 0.0.1",
 "plugins 0.0.1",