commit c95f25a009d421a7cf38e56cc4c6fe83ff43c438
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Tue Jun 23 13:21:11 2015 -0700
fixup! Bug 13670.2: Isolate OCSP requests by first party domain
---
dom/base/ThirdPartyUtil.cpp | 9 +++++++++
netwerk/base/nsISocketTransport.idl | 2 +-
netwerk/protocol/http/nsHttpConnectionMgr.cpp | 2 +-
netwerk/protocol/http/nsHttpConnectionMgr.h | 2 +-
netwerk/protocol/http/nsHttpHandler.cpp | 2 +-
security/manager/ssl/src/SSLServerCertVerification.cpp | 2 +-
security/manager/ssl/src/TransportSecurityInfo.cpp | 7 -------
security/manager/ssl/src/TransportSecurityInfo.h | 3 +--
security/manager/ssl/src/nsNSSCallbacks.cpp | 10 ++++++----
9 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/dom/base/ThirdPartyUtil.cpp b/dom/base/ThirdPartyUtil.cpp
index 9aa3414..a7d05f7 100644
--- a/dom/base/ThirdPartyUtil.cpp
+++ b/dom/base/ThirdPartyUtil.cpp
@@ -171,7 +171,16 @@ ThirdPartyUtil::GetOriginatingURI(nsIChannel *aChannel, nsIURI **aURI)
// case 3)
if (!topWin)
+ {
+ if (httpChannelInternal)
+ {
+ httpChannelInternal->GetDocumentURI(aURI);
+ if (*aURI) {
+ return NS_OK;
+ }
+ }
return NS_ERROR_INVALID_ARG;
+ }
// case 4)
if (ourWin == topWin) {
diff --git a/netwerk/base/nsISocketTransport.idl b/netwerk/base/nsISocketTransport.idl
index 2662145..161e9c3 100644
--- a/netwerk/base/nsISocketTransport.idl
+++ b/netwerk/base/nsISocketTransport.idl
@@ -28,7 +28,7 @@ native NetAddr(mozilla::net::NetAddr);
* NOTE: This is a free-threaded interface, meaning that the methods on
* this interface may be called from any thread.
*/
-[scriptable, uuid(a0b3b547-d6f0-4b65-a3de-a99ffa368840)]
+[scriptable, uuid(4e2dc9d0-125e-4f8e-8c93-845f3de5cd8a)]
interface nsISocketTransport : nsITransport
{
/**
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
index f6fde3c..4713560 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -1327,7 +1327,7 @@ nsHttpConnectionMgr::PipelineFeedbackInfo(nsHttpConnectionInfo *ci,
}
void
-nsHttpConnectionMgr::ReportFailedToProcess(nsIURI *uri, const nsACString& isolationDomain)
+nsHttpConnectionMgr::ReportFailedToProcess(nsIURI *uri)
{
MOZ_ASSERT(uri);
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h
index 55b5d06..f64b756 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.h
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.h
@@ -220,7 +220,7 @@ public:
nsHttpConnection *,
uint32_t);
- void ReportFailedToProcess(nsIURI *uri, const nsACString& isolationDomain);
+ void ReportFailedToProcess(nsIURI *uri);
// Causes a large amount of connection diagnostic information to be
// printed to the javascript console
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
index 3f1ca3e..0fdd827 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -1952,7 +1952,7 @@ nsHttpHandler::Observe(nsISupports *subject,
nsCOMPtr<nsIURI> uri = do_QueryInterface(subject);
// Ignore possibility of an isolation key:
if (uri && mConnMgr) {
- mConnMgr->ReportFailedToProcess(uri, EmptyCString());
+ mConnMgr->ReportFailedToProcess(uri);
}
} else if (!strcmp(topic, "last-pb-context-exited")) {
mPrivateAuthCache.ClearAll();
diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp
index e436ed0..eeb430d 100644
--- a/security/manager/ssl/src/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/src/SSLServerCertVerification.cpp
@@ -1146,7 +1146,7 @@ AuthCertificate(CertVerifier& certVerifier,
rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse,
time, infoObject,
infoObject->GetHostNameRaw(),
- infoObject->GetIsolationKey(),
+ infoObject->GetIsolationKeyRaw(),
saveIntermediates, 0, &certList,
&evOidPolicy, &ocspStaplingStatus,
&keySizeStatus);
diff --git a/security/manager/ssl/src/TransportSecurityInfo.cpp b/security/manager/ssl/src/TransportSecurityInfo.cpp
index 8351916..c715688 100644
--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -107,13 +107,6 @@ TransportSecurityInfo::SetIsolationKey(const char* isolationKey)
return NS_OK;
}
-nsresult
-TransportSecurityInfo::GetIsolationKey(char** isolationKey)
-{
- *isolationKey = (mIsolationKey) ? NS_strdup(mIsolationKey) : nullptr;
- return NS_OK;
-}
-
PRErrorCode
TransportSecurityInfo::GetErrorCode() const
{
diff --git a/security/manager/ssl/src/TransportSecurityInfo.h b/security/manager/ssl/src/TransportSecurityInfo.h
index d916adb..e0061e6d 100644
--- a/security/manager/ssl/src/TransportSecurityInfo.h
+++ b/security/manager/ssl/src/TransportSecurityInfo.h
@@ -62,8 +62,7 @@ public:
nsresult GetPort(int32_t *aPort);
nsresult SetPort(int32_t aPort);
- nsresult GetIsolationKey(char **aIsolationKey);
- const char* GetIsolationKey() const { return mIsolationKey.get(); }
+ const char* GetIsolationKeyRaw() const { return mIsolationKey.get(); }
nsresult SetIsolationKey(const char *aIsolationKey);
PRErrorCode GetErrorCode() const;
diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
index 40d2baf..2c6cca4 100644
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -106,13 +106,15 @@ nsHTTPDownloadEvent::Run()
chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS);
- // If we have an isolation key, use it as the isolation key for this channel.
+ // If we have an isolation key, use it as the URI for this channel.
if (!mRequestSession->mIsolationKey.IsEmpty()) {
nsCOMPtr<nsIHttpChannelInternal> channelInternal(do_QueryInterface(chan));
if (channelInternal) {
- nsCOMPtr<nsIURI> pageURI;
- nsresult rv = NS_NewURI(getter_AddRefs(pageURI), mRequestSession->mIsolationKey.get());
- channelInternal->SetDocumentURI(pageURI);
+ nsCString documentURISpec("https://");
+ documentURISpec.Append(mRequestSession->mIsolationKey);
+ nsCOMPtr<nsIURI> documentURI;
+ /* nsresult rv = */ NS_NewURI(getter_AddRefs(documentURI), documentURISpec);
+ channelInternal->SetDocumentURI(documentURI);
}
}