From 5e7412c90a15611c9c910c2304cc8fdb03ebd4f0 Mon Sep 17 00:00:00 2001
From: Georg Koppen <gk@torproject.org>
Date: Thu, 27 Jul 2017 07:31:38 +0000
Subject: [PATCH] Bug 23044: Don't allow GIO supported protocols by default

---
 browser/app/profile/000-tor-browser.js  | 3 +++
 extensions/gio/nsGIOProtocolHandler.cpp | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index e5b5e334c0e6a..3bba1e6cad712 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -209,6 +209,9 @@ pref("network.protocol-handler.warn-external.mailto", true);
 pref("network.protocol-handler.warn-external.news", true);
 pref("network.protocol-handler.warn-external.nntp", true);
 pref("network.protocol-handler.warn-external.snews", true);
+// Make sure we don't have any GIO supported protocols (defense in depth
+// measure)
+pref("network.gio.supported-protocols", "");
 pref("plugin.disable", true); // Disable to search plugins on first start
 pref("plugins.click_to_play", true);
 pref("plugin.state.flash", 1);
diff --git a/extensions/gio/nsGIOProtocolHandler.cpp b/extensions/gio/nsGIOProtocolHandler.cpp
index a378e87008212..5f6b2a0a2a577 100644
--- a/extensions/gio/nsGIOProtocolHandler.cpp
+++ b/extensions/gio/nsGIOProtocolHandler.cpp
@@ -922,16 +922,16 @@ nsGIOProtocolHandler::InitSupportedProtocolsPref(nsIPrefBranch *prefs)
   // Get user preferences to determine which protocol is supported.
   // Gvfs/GIO has a set of supported protocols like obex, network, archive,
   // computer, dav, cdda, gphoto2, trash, etc. Some of these seems to be
-  // irrelevant to process by browser. By default accept only smb and sftp
-  // protocols so far.
+  // irrelevant to process by browser. By default accept none.
   nsresult rv = prefs->GetCharPref(MOZ_GIO_SUPPORTED_PROTOCOLS,
                                    getter_Copies(mSupportedProtocols));
   if (NS_SUCCEEDED(rv)) {
     mSupportedProtocols.StripWhitespace();
     ToLowerCase(mSupportedProtocols);
   }
-  else
-    mSupportedProtocols.AssignLiteral("smb:,sftp:"); // use defaults
+  else {
+    mSupportedProtocols.AssignLiteral(""); // use none by default
+  }
 
   LOG(("gio: supported protocols \"%s\"\n", mSupportedProtocols.get()));
 }
-- 
GitLab