mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1567346 - Prevent stack overflow in TRRService::IsTRRBlacklisted r=JuniorHsu 

Differential Revision: https://phabricator.services.mozilla.com/D50248

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Valentin Gosu 2019-11-11 21:11:18 +00:00
Родитель 9afadd1cdd
Коммит d1ae9bf1e6
2 изменённых файлов: 51 добавлений и 38 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

85
netwerk/dns/TRRService.cpp
Просмотреть файл

@ -528,27 +528,12 @@ bool TRRService::MaybeBootstrap(const nsACString& aPossible,
return true; return true;
} }
// When running in TRR-only mode, the blacklist is not used and it will also bool TRRService::IsDomainBlacklisted(const nsACString& aHost,
// try resolving the localhost / .local names. const nsACString& aOriginSuffix,
bool TRRService::IsTRRBlacklisted(const nsACString& aHost, bool aPrivateBrowsing) {
const nsACString& aOriginSuffix,
bool aPrivateBrowsing,
bool aParentsToo) // false if domain
{
// Only use the Storage API on the main thread // Only use the Storage API on the main thread
MOZ_ASSERT(NS_IsMainThread(), "wrong thread"); MOZ_ASSERT(NS_IsMainThread(), "wrong thread");
if (mMode == MODE_TRRONLY) {
return false; // might as well try
}
LOG(("Checking if host [%s] is blacklisted", aHost.BeginReading()));
// hardcode these so as to not worry about expiration
if (StringEndsWith(aHost, NS_LITERAL_CSTRING(".local")) ||
aHost.Equals(NS_LITERAL_CSTRING("localhost"))) {
return true;
}
if (mExcludedDomains.GetEntry(aHost)) { if (mExcludedDomains.GetEntry(aHost)) {
LOG(("Host [%s] is TRR blacklisted via pref\n", aHost.BeginReading())); LOG(("Host [%s] is TRR blacklisted via pref\n", aHost.BeginReading()));
return true; return true;
@ -562,26 +547,6 @@ bool TRRService::IsTRRBlacklisted(const nsACString& aHost,
return true; return true;
} }
int32_t dot = aHost.FindChar('.');
if ((dot == kNotFound) && aParentsToo) {
// Only if a full host name. Domains can be dotless to be able to
// blacklist entire TLDs
return true;
} else if (dot != kNotFound) {
// there was a dot, check the parent first
dot++;
nsDependentCSubstring domain = Substring(aHost, dot, aHost.Length() - dot);
nsAutoCString check(domain);
// recursively check the domain part of this name
if (IsTRRBlacklisted(check, aOriginSuffix, aPrivateBrowsing, false)) {
// the domain name of this name is already TRR blacklisted
return true;
}
}
// These checks need to happen after the recursive result, otherwise we
// might not check the pref for parent domains.
if (!mTRRBLStorage) { if (!mTRRBLStorage) {
return false; return false;
} }
@ -614,6 +579,50 @@ bool TRRService::IsTRRBlacklisted(const nsACString& aHost,
return false; return false;
} }
// When running in TRR-only mode, the blacklist is not used and it will also
// try resolving the localhost / .local names.
bool TRRService::IsTRRBlacklisted(const nsACString& aHost,
const nsACString& aOriginSuffix,
bool aPrivateBrowsing,
bool aParentsToo) // false if domain
{
if (mMode == MODE_TRRONLY) {
return false; // might as well try
}
LOG(("Checking if host [%s] is blacklisted", aHost.BeginReading()));
// hardcode these so as to not worry about expiration
if (StringEndsWith(aHost, NS_LITERAL_CSTRING(".local")) ||
aHost.Equals(NS_LITERAL_CSTRING("localhost"))) {
return true;
}
int32_t dot = aHost.FindChar('.');
if ((dot == kNotFound) && aParentsToo) {
// Only if a full host name. Domains can be dotless to be able to
// blacklist entire TLDs
return true;
}
if (IsDomainBlacklisted(aHost, aOriginSuffix, aPrivateBrowsing)) {
return true;
}
nsDependentCSubstring domain = Substring(aHost, 0);
while (dot != kNotFound) {
dot++;
domain.Rebind(domain, dot, domain.Length() - dot);
if (IsDomainBlacklisted(domain, aOriginSuffix, aPrivateBrowsing)) {
return true;
}
dot = domain.FindChar('.');
}
return false;
}
bool TRRService::IsExcludedFromTRR(const nsACString& aHost) { bool TRRService::IsExcludedFromTRR(const nsACString& aHost) {
int32_t dot = 0; int32_t dot = 0;
// iteratively check the sub-domain of |aHost| // iteratively check the sub-domain of |aHost|

4
netwerk/dns/TRRService.h
Просмотреть файл

@ -71,6 +71,10 @@ class TRRService : public nsIObserver,
friend class ::nsDNSService; friend class ::nsDNSService;
void GetParentalControlEnabledInternal(); void GetParentalControlEnabledInternal();
bool IsDomainBlacklisted(const nsACString& aHost,
const nsACString& aOriginSuffix,
bool aPrivateBrowsing);
bool mInitialized; bool mInitialized;
Atomic<uint32_t, Relaxed> mMode; Atomic<uint32_t, Relaxed> mMode;
Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime; Atomic<uint32_t, Relaxed> mTRRBlacklistExpireTime;