mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset f01596089356 (bug 1220810) for causing crashes in test_performance_attributes_exist_in_object.html 

CLOSED TREE
This commit is contained in:
Mihai Alexandru Michis 2020-03-19 17:12:32 +02:00
Родитель bd190ddfbc
Коммит 93ec4f0381
21 изменённых файлов: 277 добавлений и 422 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
dom/base/test/unit/test_error_codes.js
Просмотреть файл

@ -38,8 +38,6 @@ function run_test_pt1() {
} catch (e) {}
Services.io.offline = true;
prefs.setBoolPref("network.dns.offline-localhost", false);
// We always resolve localhost as it's hardcoded without the following pref:
prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
gExpectedStatus = Cr.NS_ERROR_OFFLINE;
gNextTestFunc = run_test_pt2;
@ -51,7 +49,6 @@ function run_test_pt1() {
function run_test_pt2() {
Services.io.offline = false;
prefs.clearUserPref("network.dns.offline-localhost");
prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
gExpectedStatus = Cr.NS_ERROR_CONNECTION_REFUSED;
gNextTestFunc = end_test;

2
dom/media/tests/mochitest/mochitest.ini
Просмотреть файл

@ -2,8 +2,6 @@
tags = mtg webrtc
subsuite = media
scheme = https
prefs =
network.proxy.allow_hijacking_localhost=true
support-files =
head.js
dataChannel.js

12
dom/performance/PerformanceTiming.cpp
Просмотреть файл

@ -87,18 +87,6 @@ PerformanceTiming::PerformanceTiming(Performance* aPerformance,
: nsRFPService::ReduceTimePrecisionAsMSecs(
aZeroTime, aPerformance->GetRandomTimelineSeed())));
#ifdef DEBUG
if (mTimingData->ResponseStartHighRes(aPerformance) -
mTimingData->ZeroTime() <
0) {
MOZ_CRASH_UNSAFE_PRINTF(
"Heisenbug Reproduced: Please file line in 1436778. %s %f - %f (%f)",
(aPerformance->IsSystemPrincipal() ? "System" : "Not-System"),
mTimingData->ResponseStartHighRes(aPerformance),
mTimingData->ZeroTime(), aZeroTime);
}
#endif
// Non-null aHttpChannel implies that this PerformanceTiming object is being
// used for subresources, which is irrelevant to this probe.
if (!aHttpChannel && StaticPrefs::dom_enable_performance() &&

8
dom/security/nsMixedContentBlocker.cpp
Просмотреть файл

@ -379,7 +379,8 @@ nsMixedContentBlocker::ShouldLoad(nsIURI* aContentLocation,
bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(
const nsACString& aAsciiHost) {
if (mozilla::net::IsLoopbackHostname(aAsciiHost)) {
if (aAsciiHost.EqualsLiteral("::1") ||
aAsciiHost.EqualsLiteral("localhost")) {
return true;
}
@ -399,8 +400,9 @@ bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(
// https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy says
// we should only consider [::1]/128 as a potentially trustworthy IPv6
// address, whereas for IPv4 127.0.0.1/8 are considered as potentially
// trustworthy.
return IsLoopBackAddressWithoutIPv6Mapping(&addr);
// trustworthy. We already handled "[::1]" above, so all that's remained to
// handle here are IPv4 loopback addresses.
return IsIPAddrV4(&addr) && IsLoopBackAddress(&addr);
}
bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL) {

5
dom/security/nsMixedContentBlocker.h
Просмотреть файл

@ -34,11 +34,6 @@ enum MixedContentTypes {
using mozilla::OriginAttributes;
class nsILoadInfo; // forward declaration
namespace mozilla {
namespace net {
class nsProtocolProxyService; // forward declaration
}
} // namespace mozilla
class nsMixedContentBlocker : public nsIContentPolicy,
public nsIChannelEventSink {

24
dom/security/test/gtest/TestSecureContext.cpp
Просмотреть файл

@ -24,29 +24,12 @@ struct TestExpectations {
bool expectedResult;
};
class MOZ_RAII AutoRestoreBoolPref final {
public:
AutoRestoreBoolPref(const char* aPref, bool aValue) : mPref(aPref) {
Preferences::GetBool(mPref, &mOldValue);
Preferences::SetBool(mPref, aValue);
}
~AutoRestoreBoolPref() { Preferences::SetBool(mPref, mOldValue); }
private:
const char* mPref = nullptr;
bool mOldValue = false;
};
// ============================= TestDirectives ========================
TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
{
// boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
AutoRestoreBoolPref savedPref("network.proxy.allow_hijacking_localhost",
false);
static const TestExpectations uris[] = {
{"http://example.com/", false},
{"https://example.com/", true},
@ -56,9 +39,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
{"ftp://example.com", false},
{"about:config", false},
{"http://localhost", true},
{"http://localhost.localhost", true},
{"http://a.b.c.d.e.localhost", true},
{"http://xyzzy.localhost", true},
{"http://xyzzy.localhost", false},
{"http://127.0.0.1", true},
{"http://127.0.0.2", true},
{"http://127.1.0.1", true},
@ -91,8 +72,7 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
bool isPotentiallyTrustworthy = false;
rv = prin->GetIsOriginPotentiallyTrustworthy(&isPotentiallyTrustworthy);
ASSERT_EQ(NS_OK, rv);
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult)
<< uris[i].uri << uris[i].expectedResult;
ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
}
}

1
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
Просмотреть файл

@ -36,7 +36,6 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
["http://example.com/", false],
["https://example.com/", true],
["http://localhost/", true],
["http://localhost.localhost/", true],
["http://127.0.0.1/", true],
["file:///", true],
["resource:///", true],

1
dom/webauthn/tests/browser/browser_webauthn_ipaddress.js
Просмотреть файл

@ -21,7 +21,6 @@ add_task(function test_setup() {
"security.webauth.webauthn_enable_usbtoken",
false
);
Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
});
registerCleanupFunction(async function() {

6
modules/libpref/init/StaticPrefList.yaml
Просмотреть файл

@ -7231,12 +7231,6 @@
value: true
mirror: always
# Set true to allow resolving proxy for localhost
- name: network.proxy.allow_hijacking_localhost
type: RelaxedAtomicBool
value: false
mirror: always
# Allow CookieJarSettings to be unblocked for channels without a document.
# This is for testing only.
- name: network.cookieJarSettings.unblocked_for_testing

2
modules/libpref/init/all.js
Просмотреть файл

@ -1978,6 +1978,8 @@ pref("network.proxy.socks_port", 0);
pref("network.proxy.socks_version", 5);
pref("network.proxy.proxy_over_tls", true);
pref("network.proxy.no_proxies_on", "");
// Set true to allow resolving proxy for localhost
pref("network.proxy.allow_hijacking_localhost", false);
pref("network.proxy.failover_timeout", 1800); // 30 minutes
pref("network.online", true); //online/offline

17
netwerk/base/nsProtocolProxyService.cpp
Просмотреть файл

@ -36,9 +36,7 @@
#include "nsISystemProxySettings.h"
#include "nsINetworkLinkService.h"
#include "nsIHttpChannelInternal.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "mozilla/Logging.h"
#include "mozilla/StaticPrefs_network.h"
#include "mozilla/Tokenizer.h"
#include "mozilla/Unused.h"
@ -772,6 +770,7 @@ nsProtocolProxyService::nsProtocolProxyService()
mSOCKSProxyRemoteDNS(false),
mProxyOverTLS(true),
mWPADOverDHCPEnabled(false),
mAllowHijackingLocalhost(false),
mPACMan(nullptr),
mSessionStart(PR_Now()),
mFailedProxyTimeout(30 * 60) // 30 minute default
@ -1019,6 +1018,11 @@ void nsProtocolProxyService::PrefsChanged(nsIPrefBranch* prefBranch,
reloadPAC = reloadPAC || mProxyConfig == PROXYCONFIG_WPAD;
}
if (!pref || !strcmp(pref, PROXY_PREF("allow_hijacking_localhost"))) {
proxy_GetBoolPref(prefBranch, PROXY_PREF("allow_hijacking_localhost"),
mAllowHijackingLocalhost);
}
if (!pref || !strcmp(pref, PROXY_PREF("failover_timeout")))
proxy_GetIntPref(prefBranch, PROXY_PREF("failover_timeout"),
mFailedProxyTimeout);
@ -1092,12 +1096,9 @@ bool nsProtocolProxyService::CanUseProxy(nsIURI* aURI, int32_t defaultPort) {
// Don't use proxy for local hosts (plain hostname, no dots)
if ((!is_ipaddr && mFilterLocalHosts && !host.Contains('.')) ||
// This method detects if we have network.proxy.allow_hijacking_localhost
// pref enabled. If it's true then this method will always return false
// otherwise it returns true if the host matches an address that's
// hardcoded to the loopback address.
(!StaticPrefs::network_proxy_allow_hijacking_localhost() &&
nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(host))) {
(!mAllowHijackingLocalhost &&
(host.EqualsLiteral("127.0.0.1") || host.EqualsLiteral("::1") ||
host.EqualsLiteral("localhost")))) {
LOG(("Not using proxy for this local host [%s]!\n", host.get()));
return false; // don't allow proxying
}

1
netwerk/base/nsProtocolProxyService.h
Просмотреть файл

@ -387,6 +387,7 @@ class nsProtocolProxyService final : public nsIProtocolProxyService2,
bool mSOCKSProxyRemoteDNS;
bool mProxyOverTLS;
bool mWPADOverDHCPEnabled;
bool mAllowHijackingLocalhost;
RefPtr<nsPACMan> mPACMan; // non-null if we are using PAC
nsCOMPtr<nsISystemProxySettings> mSystemProxySettings;

41
netwerk/dns/DNS.cpp
Просмотреть файл

@ -6,11 +6,9 @@
#include "mozilla/net/DNS.h"
#include "mozilla/ArrayUtils.h"
#include "mozilla/Assertions.h"
#include "mozilla/mozalloc.h"
#include "mozilla/StaticPrefs_network.h"
#include "nsContentUtils.h"
#include "mozilla/ArrayUtils.h"
#include "nsString.h"
#include <string.h>
@ -141,46 +139,21 @@ bool NetAddrToString(const NetAddr* addr, char* buf, uint32_t bufSize) {
}
bool IsLoopBackAddress(const NetAddr* addr) {
if (IsLoopBackAddressWithoutIPv6Mapping(addr)) {
return true;
}
if (addr->raw.family != AF_INET6) {
return false;
}
return IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip) &&
IPv6ADDR_V4MAPPED_TO_IPADDR(&addr->inet6.ip) == htonl(INADDR_LOOPBACK);
}
bool IsLoopBackAddressWithoutIPv6Mapping(const NetAddr* addr) {
if (addr->raw.family == AF_INET) {
// Consider 127.0.0.1/8 as loopback
uint32_t ipv4Addr = ntohl(addr->inet.ip);
return (ipv4Addr >> 24) == 127;
}
if (addr->raw.family == AF_INET6 && IPv6ADDR_IS_LOOPBACK(&addr->inet6.ip)) {
if (addr->raw.family == AF_INET6) {
if (IPv6ADDR_IS_LOOPBACK(&addr->inet6.ip)) {
return true;
}
return false;
}
bool IsLoopbackHostname(const nsACString& aAsciiHost) {
// If the user has configured to proxy localhost addresses don't consider them
// to be secure
if (StaticPrefs::network_proxy_allow_hijacking_localhost()) {
return false;
}
nsAutoCString host;
nsContentUtils::ASCIIToLower(aAsciiHost, host);
if (host.EqualsLiteral("localhost") ||
StringEndsWith(host, NS_LITERAL_CSTRING(".localhost"))) {
if (IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip) &&
IPv6ADDR_V4MAPPED_TO_IPADDR(&addr->inet6.ip) ==
htonl(INADDR_LOOPBACK)) {
return true;
}
}
return false;
}

4
netwerk/dns/DNS.h
Просмотреть файл

@ -182,10 +182,6 @@ bool NetAddrToString(const NetAddr* addr, char* buf, uint32_t bufSize);
bool IsLoopBackAddress(const NetAddr* addr);
bool IsLoopBackAddressWithoutIPv6Mapping(const NetAddr* addr);
bool IsLoopbackHostname(const nsACString& aAsciiHost);
bool IsIPAddrAny(const NetAddr* addr);
bool IsIPAddrV4(const NetAddr* addr);

74
netwerk/dns/nsHostResolver.cpp
Просмотреть файл

@ -784,7 +784,11 @@ nsresult nsHostResolver::GetHostRecord(const nsACString& host,
RefPtr<nsHostRecord>& entry = mRecordDB.GetOrInsert(key);
if (!entry) {
entry = InitRecord(key);
if (IS_ADDR_TYPE(type)) {
entry = new AddrHostRecord(key);
} else {
entry = new TypeHostRecord(key);
}
}
RefPtr<nsHostRecord> rec = entry;
@ -803,48 +807,6 @@ nsresult nsHostResolver::GetHostRecord(const nsACString& host,
return NS_OK;
}
nsHostRecord* nsHostResolver::InitRecord(const nsHostKey& key) {
if (IS_ADDR_TYPE(key.type)) {
return new AddrHostRecord(key);
}
return new TypeHostRecord(key);
}
already_AddRefed<nsHostRecord> nsHostResolver::InitLoopbackRecord(
const nsHostKey& key, nsresult* aRv) {
MOZ_ASSERT(aRv);
MOZ_ASSERT(IS_ADDR_TYPE(key.type));
*aRv = NS_ERROR_FAILURE;
RefPtr<nsHostRecord> rec = InitRecord(key);
RefPtr<AddrHostRecord> addrRec = do_QueryObject(rec);
MutexAutoLock lock(addrRec->addr_info_lock);
PRNetAddr prAddr;
if (key.af == PR_AF_INET) {
MOZ_RELEASE_ASSERT(PR_StringToNetAddr("127.0.0.1", &prAddr) == PR_SUCCESS);
} else {
MOZ_RELEASE_ASSERT(PR_StringToNetAddr("::1", &prAddr) == PR_SUCCESS);
}
RefPtr<AddrInfo> ai;
*aRv = GetAddrInfo(rec->host, rec->af, addrRec->flags, getter_AddRefs(ai),
addrRec->mGetTtl);
if (NS_WARN_IF(NS_FAILED(*aRv))) {
return nullptr;
}
addrRec->addr_info = ai;
addrRec->SetExpiration(TimeStamp::NowLoRes(), mDefaultCacheLifetime,
mDefaultGracePeriod);
addrRec->negative = false;
*aRv = NS_OK;
return rec.forget();
}
nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
const nsACString& aTrrServer,
uint16_t type,
@ -890,9 +852,8 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
MutexAutoLock lock(mLock);
if (mShutdown) {
return NS_ERROR_NOT_INITIALIZED;
}
rv = NS_ERROR_NOT_INITIALIZED;
} else {
// check to see if there is already an entry for this |host|
// in the hash table. if so, then check to see if we can't
// just reuse the lookup result. otherwise, if there are
@ -912,22 +873,13 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
nsHostKey key(host, aTrrServer, type, flags, af,
(aOriginAttributes.mPrivateBrowsingId > 0), originSuffix);
// Check if we have a localhost domain, if so hardcode to loopback
if (IS_ADDR_TYPE(type) && IsLoopbackHostname(host)) {
nsresult rv;
RefPtr<nsHostRecord> result = InitLoopbackRecord(key, &rv);
if (NS_WARN_IF(NS_FAILED(rv))) {
return rv;
}
MOZ_ASSERT(result);
aCallback->OnResolveHostComplete(this, result, NS_OK);
return NS_OK;
}
RefPtr<nsHostRecord>& entry = mRecordDB.GetOrInsert(key);
if (!entry) {
entry = InitRecord(key);
if (IS_ADDR_TYPE(type)) {
entry = new AddrHostRecord(key);
} else {
entry = new TypeHostRecord(key);
}
}
RefPtr<nsHostRecord> rec = entry;
@ -936,6 +888,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
MOZ_ASSERT((IS_ADDR_TYPE(type) && rec->IsAddrRecord() && addrRec) ||
(IS_OTHER_TYPE(type) && !rec->IsAddrRecord()));
// Check if the entry is vaild.
if (!(flags & RES_BYPASS_CACHE) &&
rec->HasUsableResult(TimeStamp::NowLoRes(), flags)) {
LOG((" Using cached record for host [%s].\n", host.get()));
@ -1163,6 +1116,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
}
}
}
}
if (result && callback->isInList()) {
callback->remove();

8
netwerk/dns/nsHostResolver.h
Просмотреть файл

@ -440,14 +440,6 @@ class nsHostResolver : public nsISupports, public AHostResolver {
uint16_t flags, uint16_t af,
nsResolveHostCallback* callback);
nsHostRecord* InitRecord(const nsHostKey& key);
/**
* return a resolved hard coded loopback dns record for the specified key
*/
already_AddRefed<nsHostRecord> InitLoopbackRecord(const nsHostKey& key,
nsresult* aRv);
/**
* removes the specified callback from the nsHostRecord for the given
* hostname, originAttributes, flags, and address family. these parameters

4
netwerk/test/unit/test_about_networking.js
Просмотреть файл

@ -89,9 +89,6 @@ function run_test() {
true
);
// We always resolve localhost as it's hardcoded without the following pref:
Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
let ioService = Cc["@mozilla.org/network/io-service;1"].getService(
Ci.nsIIOService
);
@ -106,7 +103,6 @@ function run_test() {
channel.open();
gServerSocket.init(-1, true, -1);
Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
run_next_test();
}

3
netwerk/test/unit/test_dns_offline.js
Просмотреть файл

@ -43,8 +43,6 @@ const defaultOriginAttributes = {};
function run_test() {
do_test_pending();
prefs.setBoolPref("network.dns.offline-localhost", false);
// We always resolve localhost as it's hardcoded without the following pref:
prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
ioService.offline = true;
try {
dns.asyncResolve(
@ -99,5 +97,4 @@ function test3Continued() {
function cleanup() {
prefs.clearUserPref("network.dns.offline-localhost");
prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
}

5
netwerk/test/unit/test_dns_originAttributes.js
Просмотреть файл

@ -2,9 +2,6 @@ var dns = Cc["@mozilla.org/network/dns-service;1"].getService(Ci.nsIDNSService);
var threadManager = Cc["@mozilla.org/thread-manager;1"].getService(
Ci.nsIThreadManager
);
var prefs = Cc["@mozilla.org/preferences-service;1"].getService(
Ci.nsIPrefBranch
);
var mainThread = threadManager.currentThread;
var listener1 = {
@ -67,7 +64,6 @@ function test2() {
// for this originAttributes.
function test3() {
do_test_pending();
prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
try {
dns.asyncResolve(
"localhost",
@ -78,7 +74,6 @@ function test3() {
);
} catch (e) {
Assert.equal(e.result, Cr.NS_ERROR_OFFLINE);
prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
do_test_finished();
}
}

2
netwerk/test/unit/test_ping_aboutnetworking.js
Просмотреть файл

@ -49,8 +49,6 @@ function run_test() {
// disable network changed events to avoid the the risk of having the dns
// cache getting flushed behind our back
ps.setBoolPref("network.notify.changed", false);
// Localhost is hardcoded to loopback and isn't cached, disable that with this pref
ps.setBoolPref("network.proxy.allow_hijacking_localhost", true);
registerCleanupFunction(function() {
ps.clearUserPref("network.notify.changed");

2
netwerk/test/unit/test_trr.js
Просмотреть файл

@ -1010,7 +1010,6 @@ add_task(async function test24k() {
// resolver if it's not in the excluded domains
add_task(async function test25() {
dns.clearCache(true);
Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true); // Disable localhost hardcoding
Services.prefs.setIntPref("network.trr.mode", 3); // TRR-only
Services.prefs.setCharPref("network.trr.excluded-domains", "");
Services.prefs.setCharPref("network.trr.builtin-excluded-domains", "");
@ -1020,7 +1019,6 @@ add_task(async function test25() {
);
await new DNSListener("localhost", "192.192.192.192", true);
Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
});
// TRR-only check that localhost goes directly to native lookup when in the excluded-domains