Bug 1741600 - Fix ExpandedPrincipal and nsCSPContext leaks triggered by ApplyAddonContentScriptCSP. r=ckerschb,robwu

This patch is meant to be a proposed short run fix to prevent ApplyAddonContentScriptCSP from leaking the ExpandedPrincipal and nsCSPContext instance because they keep a reference to each other. This patch prevent that leak by creating a clone of the ExpandedPrincipal and then use that cloned instance in the call to nsCSPContext::SetRequestContextWithPrincipal. Once Bug 1548468 will move the CSP off the ExpandedPrincipal class, cloning the expanded principal to prevent that leak should not be necessary anymore. Differential Revision: https://phabricator.services.mozilla.com/D132144
2021-11-26 15:51:13 +00:00 · 2021-11-26 15:51:13 +00:00 · 635e7a7358
--- a/caps/ExpandedPrincipal.cpp
+++ b/caps/ExpandedPrincipal.cpp
@ -51,7 +51,7 @@ ExpandedPrincipal::ExpandedPrincipal(
 ExpandedPrincipal::~ExpandedPrincipal() = default;

 already_AddRefed<ExpandedPrincipal> ExpandedPrincipal::Create(
-    nsTArray<nsCOMPtr<nsIPrincipal>>& aAllowList,
+    const nsTArray<nsCOMPtr<nsIPrincipal>>& aAllowList,
    const OriginAttributes& aAttrs) {
  // We force the principals to be sorted by origin so that ExpandedPrincipal
  // origins can have a canonical form.
--- a/caps/ExpandedPrincipal.h
+++ b/caps/ExpandedPrincipal.h
@ -22,7 +22,7 @@ class ExpandedPrincipal : public nsIExpandedPrincipal,
                          public mozilla::BasePrincipal {
 public:
  static already_AddRefed<ExpandedPrincipal> Create(
-      nsTArray<nsCOMPtr<nsIPrincipal>>& aAllowList,
+      const nsTArray<nsCOMPtr<nsIPrincipal>>& aAllowList,
      const mozilla::OriginAttributes& aAttrs);

  static PrincipalKind Kind() { return eExpandedPrincipal; }
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@ -1223,8 +1223,20 @@ nsresult ApplyAddonContentScriptCSP(nsISupports* prinOrSop) {
  }
 #endif

+  // Create a clone of the expanded principal to be used for the call to
+  // SetRequestContextWithPrincipal (to prevent the CSP and expanded
+  // principal instances to keep each other alive indefinitely, see
+  // Bug 1741600).
+  //
+  // This may not be necessary anymore once Bug 1548468 will move CSP
+  // off ExpandedPrincipal.
+  RefPtr<ExpandedPrincipal> clonedPrincipal = ExpandedPrincipal::Create(
+      expanded->AllowList(), expanded->OriginAttributesRef());
+  MOZ_ASSERT(clonedPrincipal);
+
  csp = new nsCSPContext();
-  MOZ_TRY(csp->SetRequestContextWithPrincipal(expanded, selfURI, u""_ns, 0));
+  MOZ_TRY(
+      csp->SetRequestContextWithPrincipal(clonedPrincipal, selfURI, u""_ns, 0));

  MOZ_TRY(csp->AppendPolicy(baseCSP, false, false));

--- a/toolkit/components/extensions/test/mochitest/mochitest-common.ini
+++ b/toolkit/components/extensions/test/mochitest/mochitest-common.ini
@ -148,7 +148,6 @@ skip-if = os == 'android' # Bug 1615427
 [test_ext_runtime_disconnect.html]
 [test_ext_script_filenames.html]
 [test_ext_scripting_executeScript.html]
-skip-if = debug # leaktests fail, see Bug 1741600
 [test_ext_sendmessage_doublereply.html]
 [test_ext_sendmessage_frameId.html]
 [test_ext_sendmessage_no_receiver.html]