summaryrefslogtreecommitdiffstats
path: root/netwerk
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk')
-rw-r--r--netwerk/base/nsNetUtil.cpp56
-rw-r--r--netwerk/base/nsStandardURL.cpp2
-rw-r--r--netwerk/protocol/http/AlternateServices.cpp5
-rw-r--r--netwerk/protocol/http/Http2Push.cpp81
-rw-r--r--netwerk/protocol/http/Http2Push.h18
-rw-r--r--netwerk/protocol/http/Http2Session.cpp24
-rw-r--r--netwerk/protocol/http/Http2Stream.cpp4
-rw-r--r--netwerk/protocol/http/Http2Stream.h1
-rw-r--r--netwerk/protocol/http/nsHttpChannel.cpp4
-rw-r--r--netwerk/protocol/http/nsHttpChannel.h9
-rw-r--r--netwerk/protocol/http/nsHttpConnectionMgr.cpp33
-rw-r--r--netwerk/protocol/http/nsHttpHandler.h3
-rw-r--r--netwerk/protocol/http/nsHttpTransaction.h16
13 files changed, 195 insertions, 61 deletions
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index 653a9003e..2974e26b0 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -10,6 +10,7 @@
#include "mozilla/LoadContext.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/BasePrincipal.h"
+#include "mozilla/Preferences.h"
#include "mozilla/Telemetry.h"
#include "nsNetUtil.h"
#include "nsNetUtilInlines.h"
@@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
return false;
}
- //
- // If the file to be loaded is in a subdirectory of the source
- // (or same-dir if source is not a directory) then it will
- // inherit its source principal and be scriptable by that source.
- //
- bool sourceIsDir;
- bool allowed = false;
- nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
- if (NS_SUCCEEDED(rv) && sourceIsDir) {
- rv = sourceFile->Contains(targetFile, &allowed);
- } else {
- nsCOMPtr<nsIFile> sourceParent;
- rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
- if (NS_SUCCEEDED(rv) && sourceParent) {
- rv = sourceParent->Equals(targetFile, &allowed);
- if (NS_FAILED(rv) || !allowed) {
- rv = sourceParent->Contains(targetFile, &allowed);
- } else {
- MOZ_ASSERT(aAllowDirectoryTarget,
- "sourceFile->Parent == targetFile, but targetFile "
- "should've been disallowed if it is a directory");
+ bool uniqueOrigin = true;
+ uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
+
+ // If treating all files as unique origins, we can skip this because
+ // it should always be refused.
+ if (!uniqueOrigin) {
+ //
+ // If the file to be loaded is in a subdirectory of the source
+ // (or same-dir if source is not a directory) then it will
+ // inherit its source principal and be scriptable by that source.
+ //
+ bool sourceIsDir;
+ bool allowed = false;
+ nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
+ if (NS_SUCCEEDED(rv) && sourceIsDir) {
+ rv = sourceFile->Contains(targetFile, &allowed);
+ } else {
+ nsCOMPtr<nsIFile> sourceParent;
+ rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
+ if (NS_SUCCEEDED(rv) && sourceParent) {
+ rv = sourceParent->Equals(targetFile, &allowed);
+ if (NS_FAILED(rv) || !allowed) {
+ rv = sourceParent->Contains(targetFile, &allowed);
+ } else {
+ MOZ_ASSERT(aAllowDirectoryTarget,
+ "sourceFile->Parent == targetFile, but targetFile "
+ "should've been disallowed if it is a directory");
+ }
}
}
- }
- if (NS_SUCCEEDED(rv) && allowed) {
- return true;
+ if (NS_SUCCEEDED(rv) && allowed) {
+ return true;
+ }
}
return false;
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index dff4ecbc0..7317240c2 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -575,7 +575,7 @@ nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length)
}
const char *end = host + length;
- if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"")) {
+ if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"^")) {
// We still allow % because it is in the ID of addons.
// Any percent encoded ASCII characters that are not allowed in the
// hostname are not percent decoded, and will be parsed just fine.
diff --git a/netwerk/protocol/http/AlternateServices.cpp b/netwerk/protocol/http/AlternateServices.cpp
index ee2fa9331..10bd61928 100644
--- a/netwerk/protocol/http/AlternateServices.cpp
+++ b/netwerk/protocol/http/AlternateServices.cpp
@@ -121,6 +121,11 @@ AltSvcMapping::ProcessHeader(const nsCString &buf, const nsCString &originScheme
continue;
}
+ if (NS_FAILED(NS_CheckPortSafety(portno, originScheme.get()))) {
+ LOG(("Alt Svc does not allow port %d, ignoring request", portno));
+ continue;
+ }
+
// unescape modifies a c string in place, so afterwards
// update nsCString length
nsUnescape(npnToken.BeginWriting());
diff --git a/netwerk/protocol/http/Http2Push.cpp b/netwerk/protocol/http/Http2Push.cpp
index b6fc485e2..34fc425d2 100644
--- a/netwerk/protocol/http/Http2Push.cpp
+++ b/netwerk/protocol/http/Http2Push.cpp
@@ -30,8 +30,8 @@ class CallChannelOnPush final : public Runnable {
Http2PushedStream *pushStream)
: mAssociatedChannel(associatedChannel)
, mPushedURI(pushedURI)
- , mPushedStream(pushStream)
{
+ mPushedStreamWrapper = new Http2PushedStreamWrapper(pushStream);
}
NS_IMETHOD Run() override
@@ -40,21 +40,94 @@ class CallChannelOnPush final : public Runnable {
RefPtr<nsHttpChannel> channel;
CallQueryInterface(mAssociatedChannel, channel.StartAssignment());
MOZ_ASSERT(channel);
- if (channel && NS_SUCCEEDED(channel->OnPush(mPushedURI, mPushedStream))) {
+ if (channel && NS_SUCCEEDED(channel->OnPush(mPushedURI, mPushedStreamWrapper))) {
return NS_OK;
}
LOG3(("Http2PushedStream Orphan %p failed OnPush\n", this));
- mPushedStream->OnPushFailed();
+ mPushedStreamWrapper->OnPushFailed();
return NS_OK;
}
private:
nsCOMPtr<nsIHttpChannelInternal> mAssociatedChannel;
const nsCString mPushedURI;
- Http2PushedStream *mPushedStream;
+ RefPtr<Http2PushedStreamWrapper> mPushedStreamWrapper;
};
+// Because WeakPtr isn't thread-safe we must ensure that the object is destroyed
+// on the socket thread, so any Release() called on a different thread is
+// dispatched to the socket thread.
+bool Http2PushedStreamWrapper::DispatchRelease() {
+ if (PR_GetCurrentThread() == gSocketThread) {
+ return false;
+ }
+
+ gSocketTransportService->Dispatch(
+ NewNonOwningRunnableMethod(this, &Http2PushedStreamWrapper::Release),
+ NS_DISPATCH_NORMAL);
+
+ return true;
+}
+
+NS_IMPL_ADDREF(Http2PushedStreamWrapper)
+NS_IMETHODIMP_(MozExternalRefCountType)
+Http2PushedStreamWrapper::Release() {
+ nsrefcnt count = mRefCnt - 1;
+ if (DispatchRelease()) {
+ // Redispatched to the socket thread.
+ return count;
+ }
+
+ MOZ_ASSERT(0 != mRefCnt, "dup release");
+ count = --mRefCnt;
+ NS_LOG_RELEASE(this, count, "Http2PushedStreamWrapper");
+
+ if (0 == count) {
+ mRefCnt = 1;
+ delete (this);
+ return 0;
+ }
+
+ return count;
+}
+
+NS_INTERFACE_MAP_BEGIN(Http2PushedStreamWrapper)
+NS_INTERFACE_MAP_END
+
+Http2PushedStreamWrapper::Http2PushedStreamWrapper(
+ Http2PushedStream* aPushStream) {
+ MOZ_ASSERT(PR_GetCurrentThread() == gSocketThread, "not on socket thread");
+ mStream = aPushStream;
+ mRequestString = aPushStream->GetRequestString();
+}
+
+Http2PushedStreamWrapper::~Http2PushedStreamWrapper() {
+ MOZ_ASSERT(PR_GetCurrentThread() == gSocketThread, "not on socket thread");
+}
+
+Http2PushedStream* Http2PushedStreamWrapper::GetStream() {
+ MOZ_ASSERT(PR_GetCurrentThread() == gSocketThread, "not on socket thread");
+ if (mStream) {
+ Http2Stream* stream = mStream;
+ return static_cast<Http2PushedStream*>(stream);
+ }
+ return nullptr;
+}
+
+void Http2PushedStreamWrapper::OnPushFailed() {
+ if (PR_GetCurrentThread() == gSocketThread) {
+ if (mStream) {
+ Http2Stream* stream = mStream;
+ static_cast<Http2PushedStream*>(stream)->OnPushFailed();
+ }
+ } else {
+ gSocketTransportService->Dispatch(
+ NewRunnableMethod(this, &Http2PushedStreamWrapper::OnPushFailed),
+ NS_DISPATCH_NORMAL);
+ }
+}
+
//////////////////////////////////////////
// Http2PushedStream
//////////////////////////////////////////
diff --git a/netwerk/protocol/http/Http2Push.h b/netwerk/protocol/http/Http2Push.h
index fd39eb2c7..d4b71c1ef 100644
--- a/netwerk/protocol/http/Http2Push.h
+++ b/netwerk/protocol/http/Http2Push.h
@@ -123,6 +123,24 @@ private:
uint32_t mBufferedHTTP1Consumed;
};
+class Http2PushedStreamWrapper : public nsISupports {
+public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ bool DispatchRelease();
+
+ explicit Http2PushedStreamWrapper(Http2PushedStream* aPushStream);
+
+ nsCString& GetRequestString() { return mRequestString; }
+ Http2PushedStream* GetStream();
+ void OnPushFailed();
+
+private:
+ virtual ~Http2PushedStreamWrapper();
+
+ nsCString mRequestString;
+ WeakPtr<Http2Stream> mStream;
+};
+
} // namespace net
} // namespace mozilla
diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp
index 4a178f091..86e8c74f6 100644
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -380,12 +380,24 @@ Http2Session::AddStream(nsAHttpTransaction *aHttpTransaction,
if (mClosed || mShouldGoAway) {
nsHttpTransaction *trans = aHttpTransaction->QueryHttpTransaction();
- if (trans && !trans->GetPushedStream()) {
- LOG3(("Http2Session::AddStream %p atrans=%p trans=%p session unusable - resched.\n",
- this, aHttpTransaction, trans));
- aHttpTransaction->SetConnection(nullptr);
- gHttpHandler->InitiateTransaction(trans, trans->Priority());
- return true;
+ if (trans) {
+ RefPtr<Http2PushedStreamWrapper> pushedStreamWrapper;
+ pushedStreamWrapper = trans->GetPushedStream();
+ if (!pushedStreamWrapper || !pushedStreamWrapper->GetStream()) {
+ LOG3(
+ ("Http2Session::AddStream %p atrans=%p trans=%p session unusable - "
+ "resched.\n", this, aHttpTransaction, trans));
+ aHttpTransaction->SetConnection(nullptr);
+ nsresult rv =
+ gHttpHandler->InitiateTransaction(trans, trans->Priority());
+ if (NS_FAILED(rv)) {
+ LOG3(
+ ("Http2Session::AddStream %p atrans=%p trans=%p failed to "
+ "initiate transaction (%08x).\n",
+ this, aHttpTransaction, trans, static_cast<uint32_t>(rv)));
+ }
+ return true;
+ }
}
}
diff --git a/netwerk/protocol/http/Http2Stream.cpp b/netwerk/protocol/http/Http2Stream.cpp
index 581ebe016..22d8142c9 100644
--- a/netwerk/protocol/http/Http2Stream.cpp
+++ b/netwerk/protocol/http/Http2Stream.cpp
@@ -442,12 +442,14 @@ Http2Stream::ParseHttpRequestHeaders(const char *buf,
requestContext->GetSpdyPushCache(&cache);
}
+ RefPtr<Http2PushedStreamWrapper> pushedStreamWrapper;
Http2PushedStream *pushedStream = nullptr;
// If a push stream is attached to the transaction via onPush, match only with that
// one. This occurs when a push was made with in conjunction with a nsIHttpPushListener
nsHttpTransaction *trans = mTransaction->QueryHttpTransaction();
- if (trans && (pushedStream = trans->TakePushedStream())) {
+ if (trans && (pushedStreamWrapper = trans->TakePushedStream()) &&
+ (pushedStream = pushedStreamWrapper->GetStream())) {
if (pushedStream->mSession == mSession) {
LOG3(("Pushed Stream match based on OnPush correlation %p", pushedStream));
} else {
diff --git a/netwerk/protocol/http/Http2Stream.h b/netwerk/protocol/http/Http2Stream.h
index 8783eefed..30ade870f 100644
--- a/netwerk/protocol/http/Http2Stream.h
+++ b/netwerk/protocol/http/Http2Stream.h
@@ -28,6 +28,7 @@ class Http2Decompressor;
class Http2Stream
: public nsAHttpSegmentReader
, public nsAHttpSegmentWriter
+ , public SupportsWeakPtr<Http2Stream>
{
public:
NS_DECL_NSAHTTPSEGMENTREADER
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index 481df5ff0..05383916f 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -7828,7 +7828,7 @@ nsHttpChannel::AwaitingCacheCallbacks()
}
void
-nsHttpChannel::SetPushedStream(Http2PushedStream *stream)
+nsHttpChannel::SetPushedStream(Http2PushedStreamWrapper *stream)
{
MOZ_ASSERT(stream);
MOZ_ASSERT(!mPushedStream);
@@ -7836,7 +7836,7 @@ nsHttpChannel::SetPushedStream(Http2PushedStream *stream)
}
nsresult
-nsHttpChannel::OnPush(const nsACString &url, Http2PushedStream *pushedStream)
+nsHttpChannel::OnPush(const nsACString &url, Http2PushedStreamWrapper *pushedStream)
{
MOZ_ASSERT(NS_IsMainThread());
LOG(("nsHttpChannel::OnPush [this=%p]\n", this));
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
index 0038e1f71..defd710c3 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -126,7 +126,7 @@ public:
const nsID& aChannelId,
nsContentPolicyType aContentPolicyType) override;
- nsresult OnPush(const nsACString &uri, Http2PushedStream *pushedStream);
+ nsresult OnPush(const nsACString &uri, Http2PushedStreamWrapper *pushedStream);
static bool IsRedirectStatus(uint32_t status);
@@ -448,7 +448,7 @@ private:
nsresult OpenCacheInputStream(nsICacheEntry* cacheEntry, bool startBuffering,
bool checkingAppCacheEntry);
- void SetPushedStream(Http2PushedStream *stream);
+ void SetPushedStream(Http2PushedStreamWrapper *stream);
void SetDoNotTrack();
@@ -578,9 +578,10 @@ private:
nsTArray<nsContinueRedirectionFunc> mRedirectFuncStack;
// Needed for accurate DNS timing
- RefPtr<nsDNSPrefetch> mDNSPrefetch;
+ RefPtr<nsDNSPrefetch> mDNSPrefetch;
- Http2PushedStream *mPushedStream;
+ RefPtr<Http2PushedStreamWrapper> mPushedStream;
+
// True if the channel's principal was found on a phishing, malware, or
// tracking (if tracking protection is enabled) blocklist
bool mLocalBlocklist;
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
index 907f33436..d402b4104 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -373,8 +373,12 @@ nsHttpConnectionMgr::VerifyTraffic()
nsresult
nsHttpConnectionMgr::DoShiftReloadConnectionCleanup(nsHttpConnectionInfo *aCI)
{
+ RefPtr<nsHttpConnectionInfo> ci;
+ if (aCI) {
+ ci = aCI->Clone();
+ }
return PostEvent(&nsHttpConnectionMgr::OnMsgDoShiftReloadConnectionCleanup,
- 0, aCI);
+ 0, ci);
}
class SpeculativeConnectArgs : public ARefBase
@@ -504,9 +508,13 @@ nsHttpConnectionMgr::UpdateParam(nsParamName name, uint16_t value)
}
nsresult
-nsHttpConnectionMgr::ProcessPendingQ(nsHttpConnectionInfo *ci)
+nsHttpConnectionMgr::ProcessPendingQ(nsHttpConnectionInfo* aCI)
{
- LOG(("nsHttpConnectionMgr::ProcessPendingQ [ci=%s]\n", ci->HashKey().get()));
+ LOG(("nsHttpConnectionMgr::ProcessPendingQ [ci=%s]\n", aCI->HashKey().get()));
+ RefPtr<nsHttpConnectionInfo> ci;
+ if (aCI) {
+ ci = aCI->Clone();
+ }
return PostEvent(&nsHttpConnectionMgr::OnMsgProcessPendingQ, 0, ci);
}
@@ -1819,13 +1827,18 @@ nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction *trans)
trans->SetPendingTime();
- Http2PushedStream *pushedStream = trans->GetPushedStream();
- if (pushedStream) {
- LOG((" ProcessNewTransaction %p tied to h2 session push %p\n",
- trans, pushedStream->Session()));
- return pushedStream->Session()->
- AddStream(trans, trans->Priority(), false, nullptr) ?
- NS_OK : NS_ERROR_UNEXPECTED;
+ RefPtr<Http2PushedStreamWrapper> pushedStreamWrapper =
+ trans->GetPushedStream();
+ if (pushedStreamWrapper) {
+ Http2PushedStream* pushedStream = pushedStreamWrapper->GetStream();
+ if (pushedStream) {
+ LOG((" ProcessNewTransaction %p tied to h2 session push %p\n", trans,
+ pushedStream->Session()));
+ return pushedStream->Session()->AddStream(trans, trans->Priority(), false,
+ nullptr)
+ ? NS_OK
+ : NS_ERROR_UNEXPECTED;
+ }
}
nsresult rv = NS_OK;
diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
index 67b9ebe0e..402147577 100644
--- a/netwerk/protocol/http/nsHttpHandler.h
+++ b/netwerk/protocol/http/nsHttpHandler.h
@@ -246,7 +246,8 @@ public:
uint32_t caps = 0)
{
TickleWifi(callbacks);
- return mConnMgr->SpeculativeConnect(ci, callbacks, caps);
+ RefPtr<nsHttpConnectionInfo> clone = ci->Clone();
+ return mConnMgr->SpeculativeConnect(clone, callbacks, caps);
}
// Alternate Services Maps are main thread only
diff --git a/netwerk/protocol/http/nsHttpTransaction.h b/netwerk/protocol/http/nsHttpTransaction.h
index 262796d71..1197bd98e 100644
--- a/netwerk/protocol/http/nsHttpTransaction.h
+++ b/netwerk/protocol/http/nsHttpTransaction.h
@@ -131,14 +131,14 @@ public:
nsHttpTransaction *QueryHttpTransaction() override { return this; }
- Http2PushedStream *GetPushedStream() { return mPushedStream; }
- Http2PushedStream *TakePushedStream()
- {
- Http2PushedStream *r = mPushedStream;
- mPushedStream = nullptr;
- return r;
+ already_AddRefed<Http2PushedStreamWrapper> GetPushedStream() {
+ return do_AddRef(mPushedStream);
}
- void SetPushedStream(Http2PushedStream *push) { mPushedStream = push; }
+ already_AddRefed<Http2PushedStreamWrapper> TakePushedStream() {
+ return mPushedStream.forget();
+ }
+
+ void SetPushedStream(Http2PushedStreamWrapper* push) { mPushedStream = push; }
uint32_t InitialRwin() const { return mInitialRwin; };
bool ChannelPipeFull() { return mWaitingOnPipeOut; }
@@ -264,7 +264,7 @@ private:
// so far been skipped.
uint32_t mInvalidResponseBytesRead;
- Http2PushedStream *mPushedStream;
+ RefPtr<Http2PushedStreamWrapper> mPushedStream;
uint32_t mInitialRwin;
nsHttpChunkedDecoder *mChunkedDecoder;