- tbb-commits - lists.torproject.org

[tor-browser/tor-browser-52.4.0esr-7.5-1] Revert "Bug 21308: Set indexedDB->null when dom.indexeddb.enabled=false"
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 03d6c603319adbf80c6a9badc0922fd339fb80cc Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Tue Oct 17 00:08:10 2017 -0700 Revert "Bug 21308: Set indexedDB->null when dom.indexeddb.enabled=false" This reverts commit 31348e47a340494c4002b43d8fb509689f8f7e63. --- dom/indexedDB/IDBFactory.cpp | 4 ++-- dom/indexedDB/test/mochitest.ini | 1 - dom/indexedDB/test/test_disable_indexeddb.html | 28 -------------------------- 3 files changed, 2 insertions(+), 31 deletions(-) diff --git a/dom/indexedDB/IDBFactory.cpp b/dom/indexedDB/IDBFactory.cpp index be17108057f9..1aeff8d1ebc4 100644 --- a/dom/indexedDB/IDBFactory.cpp +++ b/dom/indexedDB/IDBFactory.cpp @@ -133,7 +133,7 @@ IDBFactory::CreateForWindow(nsPIDOMWindowInner* aWindow, if (!(NS_SUCCEEDED(rv) && nsContentUtils::IsSystemPrincipal(principal)) && NS_WARN_IF(!Preferences::GetBool(kPrefIndexedDBEnabled, false))) { *aFactory = nullptr; - return NS_OK; + return NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR; } if (rv == NS_ERROR_DOM_NOT_SUPPORTED_ERR) { @@ -249,7 +249,7 @@ IDBFactory::CreateForMainThreadJSInternal( if (aPrincipalInfo->type() != PrincipalInfo::TSystemPrincipalInfo && NS_WARN_IF(!Preferences::GetBool(kPrefIndexedDBEnabled, false))) { *aFactory = nullptr; - return NS_OK; + return NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR; } IndexedDatabaseManager* mgr = IndexedDatabaseManager::GetOrCreate(); diff --git a/dom/indexedDB/test/mochitest.ini b/dom/indexedDB/test/mochitest.ini index a4473b26839c..4ab55a9dc2b3 100644 --- a/dom/indexedDB/test/mochitest.ini +++ b/dom/indexedDB/test/mochitest.ini @@ -159,7 +159,6 @@ skip-if = e10s [test_deleteDatabase_interactions.html] [test_deleteDatabase_onblocked.html] [test_deleteDatabase_onblocked_duringVersionChange.html] -[test_disable_indexeddb.html] [test_error_events_abort_transactions.html] [test_event_propagation.html] [test_event_source.html] diff --git a/dom/indexedDB/test/test_disable_indexeddb.html b/dom/indexedDB/test/test_disable_indexeddb.html deleted file mode 100644 index d8a691f9be18..000000000000 --- a/dom/indexedDB/test/test_disable_indexeddb.html +++ /dev/null @@ -1,28 +0,0 @@ -<!DOCTYPE html> -<html> -<head> - <title>Indexed Database Disable Pref test</title> - - <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> - <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script> - <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> - -</head> - -<body> - <script> - add_task(function* () { - for (let enable of [false, true]) { - yield SpecialPowers.pushPrefEnv( - {'set': [['dom.indexedDB.enabled', enable]]}); - if (!enable) { - is(indexedDB, null, "indexedDB should be null"); - } else { - isnot(indexedDB, null, "indexedDB should be non-null"); - } - } - }); - </script> -</body> - -</html>

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Revert "Bug 19273: Avoid JavaScript patching of the external app helper dialog."
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit d47e339ca3509f387ee1e4dcc931c6c92c732e98 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Oct 17 12:21:27 2017 +0000 Revert "Bug 19273: Avoid JavaScript patching of the external app helper dialog." This reverts commit 9f908d7923d73c525d03b1e58b3b4d6442fb5893. --- netwerk/protocol/http/HttpBaseChannel.cpp | 7 --- netwerk/protocol/http/HttpBaseChannel.h | 1 - netwerk/protocol/http/NullHttpChannel.cpp | 6 --- netwerk/protocol/http/nsIHttpChannel.idl | 9 +--- .../protocol/viewsource/nsViewSourceChannel.cpp | 11 ----- .../exthandler/nsExternalHelperAppService.cpp | 57 ---------------------- 6 files changed, 1 insertion(+), 90 deletions(-) diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index 5ea6a002a40f..e0f7edec05f9 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -1233,13 +1233,6 @@ NS_IMETHODIMP HttpBaseChannel::SetTopLevelContentWindowId(uint64_t aWindowId) return NS_OK; } -NS_IMETHODIMP HttpBaseChannel::IsPendingUnforced(bool *aIsPendingUnforced) -{ - NS_ENSURE_ARG_POINTER(aIsPendingUnforced); - *aIsPendingUnforced = mIsPending; - return NS_OK; -} - NS_IMETHODIMP HttpBaseChannel::GetTransferSize(uint64_t *aTransferSize) { diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index 3a1a8ba525b0..c8184a601b9e 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -190,7 +190,6 @@ public: NS_IMETHOD SetChannelId(const nsACString& aChannelId) override; NS_IMETHOD GetTopLevelContentWindowId(uint64_t *aContentWindowId) override; NS_IMETHOD SetTopLevelContentWindowId(uint64_t aContentWindowId) override; - NS_IMETHOD IsPendingUnforced(bool *aIsPendingUnforced) override; // nsIHttpChannelInternal NS_IMETHOD GetDocumentURI(nsIURI **aDocumentURI) override; diff --git a/netwerk/protocol/http/NullHttpChannel.cpp b/netwerk/protocol/http/NullHttpChannel.cpp index 8b362cb24233..8c048a6b5a7e 100644 --- a/netwerk/protocol/http/NullHttpChannel.cpp +++ b/netwerk/protocol/http/NullHttpChannel.cpp @@ -82,12 +82,6 @@ NullHttpChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP -NullHttpChannel::IsPendingUnforced(bool *_retval) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP NullHttpChannel::GetTransferSize(uint64_t *aTransferSize) { return NS_ERROR_NOT_IMPLEMENTED; diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl index 0de0676ad156..75ec2c73989a 100644 --- a/netwerk/protocol/http/nsIHttpChannel.idl +++ b/netwerk/protocol/http/nsIHttpChannel.idl @@ -14,7 +14,7 @@ interface nsIHttpHeaderVisitor; * the inspection of the resulting HTTP response status and headers when they * become available. */ -[builtinclass, scriptable, uuid(e0d8071b-5389-48c2-92c7-6708c968044d)] +[builtinclass, scriptable, uuid(c5a4a073-4539-49c7-a3f2-cec3f0619c6c)] interface nsIHttpChannel : nsIChannel { /************************************************************************** @@ -469,11 +469,4 @@ interface nsIHttpChannel : nsIChannel * this channels is being load in. */ attribute uint64_t topLevelContentWindowId; - - /** - * Returns true if a request is pending due to "natural" causes and - * not just because ForcePending() has been called. See isPending() - * in nsIRequest.idl for more details about pending requests. - */ - boolean isPendingUnforced(); }; diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp index 9f9b89438fba..9ed71c4ef001 100644 --- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp +++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp @@ -740,17 +740,6 @@ nsViewSourceChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP -nsViewSourceChannel::IsPendingUnforced(bool *result) -{ - if (mHttpChannel) { - return mHttpChannel->IsPendingUnforced(result); - } - - NS_ENSURE_TRUE(mChannel, NS_ERROR_FAILURE); - return mChannel->IsPending(result); -} - -NS_IMETHODIMP nsViewSourceChannel::GetRequestMethod(nsACString & aRequestMethod) { return !mHttpChannel ? NS_ERROR_NULL_POINTER : diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 4a7fd7f92f15..51a7ee0f6ab6 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -41,7 +41,6 @@ #include "nsThreadUtils.h" #include "nsAutoPtr.h" #include "nsIMutableArray.h" -#include "nsISupportsPrimitives.h" // for nsISupportsPRBool // used to access our datastore of user-configured helper applications #include "nsIHandlerService.h" @@ -106,7 +105,6 @@ #include "mozilla/Preferences.h" #include "mozilla/ipc/URIUtils.h" -#include "mozilla/Unused.h" using namespace mozilla; using namespace mozilla::ipc; @@ -436,22 +434,6 @@ static nsresult GetDownloadDirectory(nsIFile **_directory, return NS_OK; } -static nsresult shouldCancel(bool *aShouldCancel) -{ - NS_ENSURE_ARG_POINTER(aShouldCancel); - - nsCOMPtr<nsISupportsPRBool> cancelObj = - do_CreateInstance(NS_SUPPORTS_PRBOOL_CONTRACTID); - cancelObj->SetData(false); - nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); - if (!obs) - return NS_ERROR_FAILURE; - - obs->NotifyObservers(cancelObj, "external-app-requested", nullptr); - cancelObj->GetData(aShouldCancel); - return NS_OK; -} - /** * Structure for storing extension->type mappings. * @see defaultMimeEntries @@ -1028,14 +1010,6 @@ nsExternalHelperAppService::LoadURI(nsIURI *aURI, return NS_OK; // explicitly denied } - // Give other modules, including extensions, a chance to cancel. - bool doCancel = false; - rv = shouldCancel(&doCancel); - NS_ENSURE_SUCCESS(rv, rv); - if (doCancel) { - return NS_OK; - } - nsCOMPtr<nsIHandlerInfo> handler; rv = GetProtocolHandlerInfo(scheme, getter_AddRefs(handler)); NS_ENSURE_SUCCESS(rv, rv); @@ -1669,37 +1643,6 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo return NS_OK; } - // Give other modules, including extensions, a chance to cancel. - // To avoid a problem where OnDataAvailable fires but is not handled - // correctly while a modal dialog displayed by Torbutton is open, we - // suspend and then we either cancel or resume active requests. - // See bugs 21766 and 21886. - bool isPending = false; - nsCOMPtr<nsIHttpChannel> httpChan = do_QueryInterface(request); - if (httpChan) { - rv = httpChan->IsPendingUnforced(&isPending); - } else { - rv = request->IsPending(&isPending); - } - NS_ENSURE_SUCCESS(rv, rv); - - if (isPending) { - Unused << request->Suspend(); // Best effort: ignore failures. - } - - bool doCancel = false; - rv = shouldCancel(&doCancel); - NS_ENSURE_SUCCESS(rv, rv); - if (doCancel) { - mCanceled = true; - request->Cancel(NS_BINDING_ABORTED); - return NS_OK; - } - - if (isPending) { - Unused << request->Resume(); // Best effort: ignore failures. - } - rv = SetUpTempFile(aChannel); if (NS_FAILED(rv)) { nsresult transferError = rv;

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 19273: Avoid JavaScript patching of the external app helper dialog.
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit bad2f0be0d196bf51fb69d8e26147b3df5733a13 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Jun 28 15:13:05 2016 -0400 Bug 19273: Avoid JavaScript patching of the external app helper dialog. When handling an external URI or downloading a file, invoke Torbutton's external app blocker component (which will present a download warning dialog unless the user has checked the "Automatically download files from now on" box). For e10s compatibility, avoid using a modal dialog and instead use a callback interface (nsIHelperAppWarningLauncher) to allow Torbutton to indicate the user's desire to cancel or continue each request. Other bugs fixed: Bug 21766: Crash with e10s enabled while trying to download a file Bug 21886: Download is stalled in non-e10s mode Bug 22471: Downloading files via the PDF viewer download button is broken Bug 22472: Fix FTP downloads when external helper app dialog is shown Bug 22610: Avoid crashes when canceling external helper app downloads Bug 22618: Downloading pdf file via file:/// is stalling --- netwerk/protocol/http/HttpBaseChannel.cpp | 7 + netwerk/protocol/http/HttpBaseChannel.h | 1 + netwerk/protocol/http/NullHttpChannel.cpp | 6 + netwerk/protocol/http/nsIHttpChannel.idl | 9 +- .../protocol/viewsource/nsViewSourceChannel.cpp | 11 ++ .../exthandler/nsExternalHelperAppService.cpp | 219 +++++++++++++++++++-- uriloader/exthandler/nsExternalHelperAppService.h | 3 + .../exthandler/nsIExternalHelperAppService.idl | 47 +++++ 8 files changed, 285 insertions(+), 18 deletions(-) diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index e0f7edec05f9..5ea6a002a40f 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -1233,6 +1233,13 @@ NS_IMETHODIMP HttpBaseChannel::SetTopLevelContentWindowId(uint64_t aWindowId) return NS_OK; } +NS_IMETHODIMP HttpBaseChannel::IsPendingUnforced(bool *aIsPendingUnforced) +{ + NS_ENSURE_ARG_POINTER(aIsPendingUnforced); + *aIsPendingUnforced = mIsPending; + return NS_OK; +} + NS_IMETHODIMP HttpBaseChannel::GetTransferSize(uint64_t *aTransferSize) { diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index c8184a601b9e..3a1a8ba525b0 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -190,6 +190,7 @@ public: NS_IMETHOD SetChannelId(const nsACString& aChannelId) override; NS_IMETHOD GetTopLevelContentWindowId(uint64_t *aContentWindowId) override; NS_IMETHOD SetTopLevelContentWindowId(uint64_t aContentWindowId) override; + NS_IMETHOD IsPendingUnforced(bool *aIsPendingUnforced) override; // nsIHttpChannelInternal NS_IMETHOD GetDocumentURI(nsIURI **aDocumentURI) override; diff --git a/netwerk/protocol/http/NullHttpChannel.cpp b/netwerk/protocol/http/NullHttpChannel.cpp index 8c048a6b5a7e..8b362cb24233 100644 --- a/netwerk/protocol/http/NullHttpChannel.cpp +++ b/netwerk/protocol/http/NullHttpChannel.cpp @@ -82,6 +82,12 @@ NullHttpChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP +NullHttpChannel::IsPendingUnforced(bool *_retval) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP NullHttpChannel::GetTransferSize(uint64_t *aTransferSize) { return NS_ERROR_NOT_IMPLEMENTED; diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl index 75ec2c73989a..0de0676ad156 100644 --- a/netwerk/protocol/http/nsIHttpChannel.idl +++ b/netwerk/protocol/http/nsIHttpChannel.idl @@ -14,7 +14,7 @@ interface nsIHttpHeaderVisitor; * the inspection of the resulting HTTP response status and headers when they * become available. */ -[builtinclass, scriptable, uuid(c5a4a073-4539-49c7-a3f2-cec3f0619c6c)] +[builtinclass, scriptable, uuid(e0d8071b-5389-48c2-92c7-6708c968044d)] interface nsIHttpChannel : nsIChannel { /************************************************************************** @@ -469,4 +469,11 @@ interface nsIHttpChannel : nsIChannel * this channels is being load in. */ attribute uint64_t topLevelContentWindowId; + + /** + * Returns true if a request is pending due to "natural" causes and + * not just because ForcePending() has been called. See isPending() + * in nsIRequest.idl for more details about pending requests. + */ + boolean isPendingUnforced(); }; diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp index 9ed71c4ef001..9f9b89438fba 100644 --- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp +++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp @@ -740,6 +740,17 @@ nsViewSourceChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP +nsViewSourceChannel::IsPendingUnforced(bool *result) +{ + if (mHttpChannel) { + return mHttpChannel->IsPendingUnforced(result); + } + + NS_ENSURE_TRUE(mChannel, NS_ERROR_FAILURE); + return mChannel->IsPending(result); +} + +NS_IMETHODIMP nsViewSourceChannel::GetRequestMethod(nsACString & aRequestMethod) { return !mHttpChannel ? NS_ERROR_NULL_POINTER : diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 51a7ee0f6ab6..7d2dad321b6c 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -41,6 +41,7 @@ #include "nsThreadUtils.h" #include "nsAutoPtr.h" #include "nsIMutableArray.h" +#include "nsISupportsPrimitives.h" // for nsISupportsPRBool // used to access our datastore of user-configured helper applications #include "nsIHandlerService.h" @@ -105,6 +106,7 @@ #include "mozilla/Preferences.h" #include "mozilla/ipc/URIUtils.h" +#include "mozilla/Unused.h" using namespace mozilla; using namespace mozilla::ipc; @@ -132,6 +134,9 @@ static const char NEVER_ASK_FOR_SAVE_TO_DISK_PREF[] = static const char NEVER_ASK_FOR_OPEN_FILE_PREF[] = "browser.helperApps.neverAsk.openFile"; +static const char WARNING_DIALOG_CONTRACT_ID[] = + "@torproject.org/torbutton-extAppBlocker;1"; + // Helper functions for Content-Disposition headers /** @@ -434,6 +439,22 @@ static nsresult GetDownloadDirectory(nsIFile **_directory, return NS_OK; } +static nsresult shouldCancel(bool *aShouldCancel) +{ + NS_ENSURE_ARG_POINTER(aShouldCancel); + + nsCOMPtr<nsISupportsPRBool> cancelObj = + do_CreateInstance(NS_SUPPORTS_PRBOOL_CONTRACTID); + cancelObj->SetData(false); + nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); + if (!obs) + return NS_ERROR_FAILURE; + + obs->NotifyObservers(cancelObj, "external-app-requested", nullptr); + cancelObj->GetData(aShouldCancel); + return NS_OK; +} + /** * Structure for storing extension->type mappings. * @see defaultMimeEntries @@ -594,6 +615,107 @@ static const nsDefaultMimeTypeEntry nonDecodableExtensions[] = { { APPLICATION_GZIP, "svgz" } }; +////////////////////////////////////////////////////////////////////////////////////////////////////// +// begin nsExternalLoadURIHandler class definition and implementation +////////////////////////////////////////////////////////////////////////////////////////////////////// +class nsExternalLoadURIHandler final : public nsIHelperAppWarningLauncher +{ +public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIHELPERAPPWARNINGLAUNCHER + + nsExternalLoadURIHandler(nsIInterfaceRequestor *aWindowContext, + nsIURI *aURI, + nsIHandlerInfo *aHandlerInfo); + +protected: + ~nsExternalLoadURIHandler(); + + nsCOMPtr<nsIInterfaceRequestor> mWindowContext; + nsCOMPtr<nsIURI> mURI; + nsCOMPtr<nsIHandlerInfo> mHandlerInfo; + nsCOMPtr<nsIHelperAppWarningDialog> mWarningDialog; +}; + +NS_IMPL_ADDREF(nsExternalLoadURIHandler) +NS_IMPL_RELEASE(nsExternalLoadURIHandler) + +NS_INTERFACE_MAP_BEGIN(nsExternalLoadURIHandler) + NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIHelperAppWarningLauncher) + NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher) +NS_INTERFACE_MAP_END_THREADSAFE + +nsExternalLoadURIHandler::nsExternalLoadURIHandler( + nsIInterfaceRequestor *aWindowContext, + nsIURI *aURI, + nsIHandlerInfo *aHandlerInfo) +: mWindowContext(aWindowContext) +, mURI(aURI) +, mHandlerInfo(aHandlerInfo) +{ + nsresult rv = NS_OK; + mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, &rv); + if (NS_SUCCEEDED(rv) && mWarningDialog) { + // This will create a reference cycle (the dialog holds a reference to us + // as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest + // or CancelRequest. + rv = mWarningDialog->MaybeShow(this, aWindowContext); + } + + if (NS_FAILED(rv)) { + // If for some reason we could not open the download warning prompt, + // continue with the request. + ContinueRequest(); + } +} + +nsExternalLoadURIHandler::~nsExternalLoadURIHandler() +{ +} + +NS_IMETHODIMP nsExternalLoadURIHandler::ContinueRequest() +{ + MOZ_ASSERT(mURI); + MOZ_ASSERT(mHandlerInfo); + + // Break our reference cycle with the download warning dialog (set up in + // LoadURI). + mWarningDialog = nullptr; + + nsHandlerInfoAction preferredAction; + mHandlerInfo->GetPreferredAction(&preferredAction); + bool alwaysAsk = true; + mHandlerInfo->GetAlwaysAskBeforeHandling(&alwaysAsk); + + // If we are not supposed to ask, and the preferred action is to use + // a helper app or the system default, we just launch the URI. + if (!alwaysAsk && (preferredAction == nsIHandlerInfo::useHelperApp || + preferredAction == nsIHandlerInfo::useSystemDefault)) + return mHandlerInfo->LaunchWithURI(mURI, mWindowContext); + + nsresult rv = NS_OK; + nsCOMPtr<nsIContentDispatchChooser> chooser = + do_CreateInstance("@mozilla.org/content-dispatch-chooser;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + + return chooser->Ask(mHandlerInfo, mWindowContext, mURI, + nsIContentDispatchChooser::REASON_CANNOT_HANDLE); +} + +NS_IMETHODIMP nsExternalLoadURIHandler::CancelRequest(nsresult aReason) +{ + NS_ENSURE_ARG(NS_FAILED(aReason)); + + // Break our reference cycle with the download warning dialog (set up in + // LoadURI). + mWarningDialog = nullptr; + + return NS_OK; +} + +////////////////////////////////////////////////////////////////////////////////////////////////////// +// nsExternalHelperAppService definition and implementation +////////////////////////////////////////////////////////////////////////////////////////////////////// NS_IMPL_ISUPPORTS( nsExternalHelperAppService, nsIExternalHelperAppService, @@ -1010,27 +1132,25 @@ nsExternalHelperAppService::LoadURI(nsIURI *aURI, return NS_OK; // explicitly denied } + // Give other modules, including extensions, a chance to cancel. + bool doCancel = false; + rv = shouldCancel(&doCancel); + NS_ENSURE_SUCCESS(rv, rv); + if (doCancel) { + return NS_OK; + } + nsCOMPtr<nsIHandlerInfo> handler; rv = GetProtocolHandlerInfo(scheme, getter_AddRefs(handler)); NS_ENSURE_SUCCESS(rv, rv); - nsHandlerInfoAction preferredAction; - handler->GetPreferredAction(&preferredAction); - bool alwaysAsk = true; - handler->GetAlwaysAskBeforeHandling(&alwaysAsk); + RefPtr<nsExternalLoadURIHandler> h = + new nsExternalLoadURIHandler(aWindowContext, uri, handler); + if (!h) { + return NS_ERROR_OUT_OF_MEMORY; + } - // if we are not supposed to ask, and the preferred action is to use - // a helper app or the system default, we just launch the URI. - if (!alwaysAsk && (preferredAction == nsIHandlerInfo::useHelperApp || - preferredAction == nsIHandlerInfo::useSystemDefault)) - return handler->LaunchWithURI(uri, aWindowContext); - - nsCOMPtr<nsIContentDispatchChooser> chooser = - do_CreateInstance("@mozilla.org/content-dispatch-chooser;1", &rv); - NS_ENSURE_SUCCESS(rv, rv); - - return chooser->Ask(handler, aWindowContext, uri, - nsIContentDispatchChooser::REASON_CANNOT_HANDLE); + return NS_OK; } NS_IMETHODIMP nsExternalHelperAppService::GetApplicationDescription(const nsACString& aScheme, nsAString& _retval) @@ -1198,6 +1318,7 @@ NS_INTERFACE_MAP_BEGIN(nsExternalAppHandler) NS_INTERFACE_MAP_ENTRY(nsIStreamListener) NS_INTERFACE_MAP_ENTRY(nsIRequestObserver) NS_INTERFACE_MAP_ENTRY(nsIHelperAppLauncher) + NS_INTERFACE_MAP_ENTRY(nsIHelperAppWarningLauncher) NS_INTERFACE_MAP_ENTRY(nsICancelable) NS_INTERFACE_MAP_ENTRY(nsITimerCallback) NS_INTERFACE_MAP_ENTRY(nsIBackgroundFileSaverObserver) @@ -1643,6 +1764,37 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo return NS_OK; } + // Give other modules, including extensions, a chance to cancel. + // To avoid a problem where OnDataAvailable fires but is not handled + // correctly while a modal dialog displayed by Torbutton is open, we + // suspend and then we either cancel or resume active requests. + // See bugs 21766 and 21886. + bool isPending = false; + nsCOMPtr<nsIHttpChannel> httpChan = do_QueryInterface(request); + if (httpChan) { + rv = httpChan->IsPendingUnforced(&isPending); + } else { + rv = request->IsPending(&isPending); + } + NS_ENSURE_SUCCESS(rv, rv); + + if (isPending) { + Unused << request->Suspend(); // Best effort: ignore failures. + } + + bool doCancel = false; + rv = shouldCancel(&doCancel); + NS_ENSURE_SUCCESS(rv, rv); + if (doCancel) { + mCanceled = true; + request->Cancel(NS_BINDING_ABORTED); + return NS_OK; + } + + if (isPending) { + Unused << request->Resume(); // Best effort: ignore failures. + } + rv = SetUpTempFile(aChannel); if (NS_FAILED(rv)) { nsresult transferError = rv; @@ -1671,6 +1823,29 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo httpInternal->SetChannelIsForDownload(true); } + mWarningDialog = do_CreateInstance(WARNING_DIALOG_CONTRACT_ID, &rv); + if (NS_SUCCEEDED(rv) && mWarningDialog) { + // This will create a reference cycle (the dialog holds a reference to us + // as nsIHelperAppWarningLauncher), which will be broken in ContinueRequest + // or CancelRequest. + rv = mWarningDialog->MaybeShow(this, GetDialogParent()); + } + + if (NS_FAILED(rv)) { + // If for some reason we could not open the download warning prompt, + // continue with the request. + ContinueRequest(); + } + + return NS_OK; +} + +NS_IMETHODIMP nsExternalAppHandler::ContinueRequest() +{ + // Break our reference cycle with the download warning dialog (set up in + // OnStartRequest). + mWarningDialog = nullptr; + // now that the temp file is set up, find out if we need to invoke a dialog // asking the user what they want us to do with this content... @@ -1731,6 +1906,7 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo action = nsIMIMEInfo::saveToDisk; } + nsresult rv = NS_OK; if (alwaysAsk) { // Display the dialog @@ -1786,6 +1962,15 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo return NS_OK; } +NS_IMETHODIMP nsExternalAppHandler::CancelRequest(nsresult aReason) +{ + // Break our reference cycle with the download warning dialog (set up in + // OnStartRequest). + mWarningDialog = nullptr; + + return Cancel(aReason); +} + // Convert error info into proper message text and send OnStatusChange // notification to the dialog progress listener or nsITransfer implementation. void nsExternalAppHandler::SendStatusChange(ErrorType type, nsresult rv, nsIRequest *aRequest, const nsAFlatString &path) @@ -2477,7 +2662,7 @@ NS_IMETHODIMP nsExternalAppHandler::Cancel(nsresult aReason) } // Break our reference cycle with the helper app dialog (set up in - // OnStartRequest) + // ContinueRequest) mDialog = nullptr; mRequest = nullptr; diff --git a/uriloader/exthandler/nsExternalHelperAppService.h b/uriloader/exthandler/nsExternalHelperAppService.h index ceec66661dd4..3146407dcbe5 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.h +++ b/uriloader/exthandler/nsExternalHelperAppService.h @@ -210,6 +210,7 @@ private: */ class nsExternalAppHandler final : public nsIStreamListener, public nsIHelperAppLauncher, + public nsIHelperAppWarningLauncher, public nsITimerCallback, public nsIBackgroundFileSaverObserver { @@ -218,6 +219,7 @@ public: NS_DECL_NSISTREAMLISTENER NS_DECL_NSIREQUESTOBSERVER NS_DECL_NSIHELPERAPPLAUNCHER + NS_DECL_NSIHELPERAPPWARNINGLAUNCHER NS_DECL_NSICANCELABLE NS_DECL_NSITIMERCALLBACK NS_DECL_NSIBACKGROUNDFILESAVEROBSERVER @@ -478,6 +480,7 @@ protected: nsCOMPtr<nsIChannel> mOriginalChannel; /**< in the case of a redirect, this will be the pre-redirect channel. */ nsCOMPtr<nsIHelperAppLauncherDialog> mDialog; + nsCOMPtr<nsIHelperAppWarningDialog> mWarningDialog; /** * Keep request alive in case when helper non-modal dialog shown. diff --git a/uriloader/exthandler/nsIExternalHelperAppService.idl b/uriloader/exthandler/nsIExternalHelperAppService.idl index bfdfff5ceaa8..546252f04ba3 100644 --- a/uriloader/exthandler/nsIExternalHelperAppService.idl +++ b/uriloader/exthandler/nsIExternalHelperAppService.idl @@ -152,3 +152,50 @@ interface nsIHelperAppLauncher : nsICancelable */ readonly attribute int64_t contentLength; }; + +/** + * nsIHelperAppWarningLauncher is implemented by two classes: + * nsExternalLoadURIHandler + * nsExternalAppHandler + */ +[scriptable, uuid(cffd508b-4aaf-43ad-99c6-671d35cbc558)] +interface nsIHelperAppWarningLauncher : nsISupports +{ + /** + * Callback invoked by the external app warning dialog to continue the + * request. + * NOTE: This will release the reference to the nsIHelperAppWarningDialog. + */ + void continueRequest(); + + /** + * Callback invoked by the external app warning dialog to cancel the request. + * NOTE: This will release the reference to the nsIHelperAppWarningDialog. + * + * @param aReason + * Pass a failure code to indicate the reason why this operation is + * being canceled. It is an error to pass a success code. + */ + void cancelRequest(in nsresult aReason); +}; + +/** + * nsIHelperAppWarningDialog is implemented by Torbutton's external app + * blocker (src/components/external-app-blocker.js). + */ +[scriptable, uuid(f4899a3f-0df3-42cc-9db8-bdf599e5a208)] +interface nsIHelperAppWarningDialog : nsISupports +{ + /** + * Possibly show a launch warning dialog (it will not be shown if the user + * has chosen to not see the warning again). + * + * @param aLauncher + * A nsIHelperAppWarningLauncher to be invoked after the user confirms + * or cancels the download. + * @param aWindowContext + * The window associated with the download. + */ + void maybeShow(in nsIHelperAppWarningLauncher aLauncher, + in nsISupports aWindowContext); +};

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Revert "Bug 19273: Avoid JavaScript patching of the external app helper dialog."
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 7c3bb9697882b07c1ad4a496b0ce2e8ec2593969 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Jul 18 16:22:32 2017 -0400 Revert "Bug 19273: Avoid JavaScript patching of the external app helper dialog." This reverts commit 648d842b127e6ca6457d43e45244c65ee1773aa3. --- netwerk/protocol/http/HttpBaseChannel.cpp | 7 --- netwerk/protocol/http/HttpBaseChannel.h | 1 - netwerk/protocol/http/NullHttpChannel.cpp | 6 --- netwerk/protocol/http/nsIHttpChannel.idl | 9 +--- .../protocol/viewsource/nsViewSourceChannel.cpp | 11 ----- .../exthandler/nsExternalHelperAppService.cpp | 57 ---------------------- 6 files changed, 1 insertion(+), 90 deletions(-) diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp index 5ea6a002a40f..e0f7edec05f9 100644 --- a/netwerk/protocol/http/HttpBaseChannel.cpp +++ b/netwerk/protocol/http/HttpBaseChannel.cpp @@ -1233,13 +1233,6 @@ NS_IMETHODIMP HttpBaseChannel::SetTopLevelContentWindowId(uint64_t aWindowId) return NS_OK; } -NS_IMETHODIMP HttpBaseChannel::IsPendingUnforced(bool *aIsPendingUnforced) -{ - NS_ENSURE_ARG_POINTER(aIsPendingUnforced); - *aIsPendingUnforced = mIsPending; - return NS_OK; -} - NS_IMETHODIMP HttpBaseChannel::GetTransferSize(uint64_t *aTransferSize) { diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h index 3a1a8ba525b0..c8184a601b9e 100644 --- a/netwerk/protocol/http/HttpBaseChannel.h +++ b/netwerk/protocol/http/HttpBaseChannel.h @@ -190,7 +190,6 @@ public: NS_IMETHOD SetChannelId(const nsACString& aChannelId) override; NS_IMETHOD GetTopLevelContentWindowId(uint64_t *aContentWindowId) override; NS_IMETHOD SetTopLevelContentWindowId(uint64_t aContentWindowId) override; - NS_IMETHOD IsPendingUnforced(bool *aIsPendingUnforced) override; // nsIHttpChannelInternal NS_IMETHOD GetDocumentURI(nsIURI **aDocumentURI) override; diff --git a/netwerk/protocol/http/NullHttpChannel.cpp b/netwerk/protocol/http/NullHttpChannel.cpp index 8b362cb24233..8c048a6b5a7e 100644 --- a/netwerk/protocol/http/NullHttpChannel.cpp +++ b/netwerk/protocol/http/NullHttpChannel.cpp @@ -82,12 +82,6 @@ NullHttpChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP -NullHttpChannel::IsPendingUnforced(bool *_retval) -{ - return NS_ERROR_NOT_IMPLEMENTED; -} - -NS_IMETHODIMP NullHttpChannel::GetTransferSize(uint64_t *aTransferSize) { return NS_ERROR_NOT_IMPLEMENTED; diff --git a/netwerk/protocol/http/nsIHttpChannel.idl b/netwerk/protocol/http/nsIHttpChannel.idl index 0de0676ad156..75ec2c73989a 100644 --- a/netwerk/protocol/http/nsIHttpChannel.idl +++ b/netwerk/protocol/http/nsIHttpChannel.idl @@ -14,7 +14,7 @@ interface nsIHttpHeaderVisitor; * the inspection of the resulting HTTP response status and headers when they * become available. */ -[builtinclass, scriptable, uuid(e0d8071b-5389-48c2-92c7-6708c968044d)] +[builtinclass, scriptable, uuid(c5a4a073-4539-49c7-a3f2-cec3f0619c6c)] interface nsIHttpChannel : nsIChannel { /************************************************************************** @@ -469,11 +469,4 @@ interface nsIHttpChannel : nsIChannel * this channels is being load in. */ attribute uint64_t topLevelContentWindowId; - - /** - * Returns true if a request is pending due to "natural" causes and - * not just because ForcePending() has been called. See isPending() - * in nsIRequest.idl for more details about pending requests. - */ - boolean isPendingUnforced(); }; diff --git a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp index 9f9b89438fba..9ed71c4ef001 100644 --- a/netwerk/protocol/viewsource/nsViewSourceChannel.cpp +++ b/netwerk/protocol/viewsource/nsViewSourceChannel.cpp @@ -740,17 +740,6 @@ nsViewSourceChannel::SetTopLevelContentWindowId(uint64_t aWindowId) } NS_IMETHODIMP -nsViewSourceChannel::IsPendingUnforced(bool *result) -{ - if (mHttpChannel) { - return mHttpChannel->IsPendingUnforced(result); - } - - NS_ENSURE_TRUE(mChannel, NS_ERROR_FAILURE); - return mChannel->IsPending(result); -} - -NS_IMETHODIMP nsViewSourceChannel::GetRequestMethod(nsACString & aRequestMethod) { return !mHttpChannel ? NS_ERROR_NULL_POINTER : diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 7d2dad321b6c..1c0dd8ee66f7 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -41,7 +41,6 @@ #include "nsThreadUtils.h" #include "nsAutoPtr.h" #include "nsIMutableArray.h" -#include "nsISupportsPrimitives.h" // for nsISupportsPRBool // used to access our datastore of user-configured helper applications #include "nsIHandlerService.h" @@ -106,7 +105,6 @@ #include "mozilla/Preferences.h" #include "mozilla/ipc/URIUtils.h" -#include "mozilla/Unused.h" using namespace mozilla; using namespace mozilla::ipc; @@ -439,22 +437,6 @@ static nsresult GetDownloadDirectory(nsIFile **_directory, return NS_OK; } -static nsresult shouldCancel(bool *aShouldCancel) -{ - NS_ENSURE_ARG_POINTER(aShouldCancel); - - nsCOMPtr<nsISupportsPRBool> cancelObj = - do_CreateInstance(NS_SUPPORTS_PRBOOL_CONTRACTID); - cancelObj->SetData(false); - nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); - if (!obs) - return NS_ERROR_FAILURE; - - obs->NotifyObservers(cancelObj, "external-app-requested", nullptr); - cancelObj->GetData(aShouldCancel); - return NS_OK; -} - /** * Structure for storing extension->type mappings. * @see defaultMimeEntries @@ -1132,14 +1114,6 @@ nsExternalHelperAppService::LoadURI(nsIURI *aURI, return NS_OK; // explicitly denied } - // Give other modules, including extensions, a chance to cancel. - bool doCancel = false; - rv = shouldCancel(&doCancel); - NS_ENSURE_SUCCESS(rv, rv); - if (doCancel) { - return NS_OK; - } - nsCOMPtr<nsIHandlerInfo> handler; rv = GetProtocolHandlerInfo(scheme, getter_AddRefs(handler)); NS_ENSURE_SUCCESS(rv, rv); @@ -1764,37 +1738,6 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest *request, nsISuppo return NS_OK; } - // Give other modules, including extensions, a chance to cancel. - // To avoid a problem where OnDataAvailable fires but is not handled - // correctly while a modal dialog displayed by Torbutton is open, we - // suspend and then we either cancel or resume active requests. - // See bugs 21766 and 21886. - bool isPending = false; - nsCOMPtr<nsIHttpChannel> httpChan = do_QueryInterface(request); - if (httpChan) { - rv = httpChan->IsPendingUnforced(&isPending); - } else { - rv = request->IsPending(&isPending); - } - NS_ENSURE_SUCCESS(rv, rv); - - if (isPending) { - Unused << request->Suspend(); // Best effort: ignore failures. - } - - bool doCancel = false; - rv = shouldCancel(&doCancel); - NS_ENSURE_SUCCESS(rv, rv); - if (doCancel) { - mCanceled = true; - request->Cancel(NS_BINDING_ABORTED); - return NS_OK; - } - - if (isPending) { - Unused << request->Resume(); // Best effort: ignore failures. - } - rv = SetUpTempFile(aChannel); if (NS_FAILED(rv)) { nsresult transferError = rv;

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 458e18efb75ff80d270cc875ac7c200da705752c Author: Jed Davis <jld(a)mozilla.com> Date: Tue Apr 11 20:55:34 2017 -0600 Bug 1355274 - Polyfill SOCK_DGRAM socketpairs with SOCK_SEQPACKET, for libasyncns. r=gcp MozReview-Commit-ID: 2DeklSGsjUV --HG-- extra : rebase_source : 8a202c23dc9a3ddede49b08ce1e0792dfb40bdbf --- security/sandbox/linux/SandboxFilter.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index 7e1771a62665..5ddd58029e85 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -496,6 +496,16 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { return 0; } + static intptr_t SocketpairDatagramTrap(ArgsRef aArgs, void* aux) { + auto fds = reinterpret_cast<int*>(aArgs.args[3]); + // Return sequential packet sockets instead of the expected + // datagram sockets; see bug 1355274 for details. + if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, fds) != 0) { + return -errno; + } + return 0; + } + public: explicit ContentSandboxPolicy(SandboxBrokerClient* aBroker):mBroker(aBroker) { } virtual ~ContentSandboxPolicy() { } @@ -508,6 +518,7 @@ public: switch(aCall) { case SYS_RECVFROM: case SYS_SENDTO: + case SYS_SENDMMSG: // libresolv via libasyncns; see bug 1355274 return Some(Allow()); case SYS_SOCKETPAIR: { @@ -517,9 +528,12 @@ public: return Some(Allow()); } Arg<int> domain(0), type(1); - return Some(If(AllOf(domain == AF_UNIX, - AnyOf(type == SOCK_STREAM, type == SOCK_SEQPACKET)), - Allow()) + return Some(If(domain == AF_UNIX, + Switch(type) + .Case(SOCK_STREAM, Allow()) + .Case(SOCK_SEQPACKET, Allow()) + .Case(SOCK_DGRAM, Trap(SocketpairDatagramTrap, nullptr)) + .Default(InvalidSyscall())) .Else(InvalidSyscall())); }

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 724bcf6dc8132b87eaf397494d777a30f7cd8210 Author: Jed Davis <jld(a)mozilla.com> Date: Mon May 1 21:51:11 2017 -0600 Bug 1361238 - Re-allow accept4, used by accessibility. r=gcp MozReview-Commit-ID: 3M3T3bkx4nP --HG-- extra : rebase_source : b67332889615ae34cc67737da361f21ae545aeb4 --- security/sandbox/linux/SandboxFilter.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index f1520aa29e15..7e1771a62665 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -531,6 +531,7 @@ public: case SYS_SEND: case SYS_SOCKET: // DANGEROUS case SYS_CONNECT: // DANGEROUS + case SYS_ACCEPT4: // Used by a11y; see bug 1361238 case SYS_GETSOCKOPT: case SYS_SETSOCKOPT: case SYS_GETSOCKNAME:

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 99459c71ad61f1d7fb3995e616771a30516cf25b Author: Jed Davis <jld(a)mozilla.com> Date: Mon Nov 28 12:05:28 2016 -0700 Bug 1320085 - Allow the getrlimit-equivalent subset of prlimit64. r=tedd This applies only to content processes, where we already allow getrlimit (but not setrlimit). The rule added here does not allow using prlimit64 to set any resource limits or interact with any other process. MozReview-Commit-ID: nMry3t6QPj --HG-- extra : rebase_source : ecf792077a672ab1f2c5edf9fbeb915a0d8dd30e --- security/sandbox/linux/SandboxFilter.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index f8db9dc802ea..018e9c64446c 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -735,6 +735,18 @@ public: CASES_FOR_getresgid: return Allow(); + case __NR_prlimit64: { + // Allow only the getrlimit() use case. (glibc seems to use + // only pid 0 to indicate the current process; pid == getpid() + // is equivalent and could also be allowed if needed.) + Arg<pid_t> pid(0); + // This is really a const struct ::rlimit*, but Arg<> doesn't + // work with pointers, only integer types. + Arg<uintptr_t> new_limit(2); + return If(AllOf(pid == 0, new_limit == 0), Allow()) + .Else(InvalidSyscall()); + } + case __NR_umask: case __NR_kill: case __NR_wait4:

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit a878b3789b8b338124ba79efb5abba5f9bc34455 Author: Jed Davis <jld(a)mozilla.com> Date: Fri Jan 27 14:25:50 2017 -0700 Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on non-nightly. r=gcp MozReview-Commit-ID: 1It6HNizbAc --HG-- extra : rebase_source : 1e96f11904abf2c38c5b4e50de7609ddc86cdd8a --- security/sandbox/linux/Sandbox.cpp | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp index 7f1182be9972..b4e65a1745df 100644 --- a/security/sandbox/linux/Sandbox.cpp +++ b/security/sandbox/linux/Sandbox.cpp @@ -73,6 +73,8 @@ int gSeccompTsyncBroadcastSignum = 0; namespace mozilla { +static bool gSandboxCrashOnError = false; + // This is initialized by SandboxSetCrashFunc(). SandboxCrashFunc gSandboxCrashFunc; @@ -148,15 +150,18 @@ SigSysHandler(int nr, siginfo_t *info, void *void_context) // TODO, someday when this is enabled on MIPS: include the two extra // args in the error message. SANDBOX_LOG_ERROR("seccomp sandbox violation: pid %d, syscall %d," - " args %d %d %d %d %d %d. Killing process.", + " args %d %d %d %d %d %d.%s", pid, syscall_nr, - args[0], args[1], args[2], args[3], args[4], args[5]); + args[0], args[1], args[2], args[3], args[4], args[5], + gSandboxCrashOnError ? " Killing process." : ""); - // Bug 1017393: record syscall number somewhere useful. - info->si_addr = reinterpret_cast<void*>(syscall_nr); + if (gSandboxCrashOnError) { + // Bug 1017393: record syscall number somewhere useful. + info->si_addr = reinterpret_cast<void*>(syscall_nr); - gSandboxCrashFunc(nr, info, &savedCtx); - _exit(127); + gSandboxCrashFunc(nr, info, &savedCtx); + _exit(127); + } } /** @@ -515,6 +520,21 @@ SandboxEarlyInit(GeckoProcessType aType) } MOZ_RELEASE_ASSERT(IsSingleThreaded()); + // Set gSandboxCrashOnError if appropriate. This doesn't need to + // happen this early, but for now it's here so that I don't need to + // add NSPR dependencies for PR_GetEnv. + // + // This also means that users with "unexpected threads" setups won't + // crash even on nightly. +#ifdef NIGHTLY_BUILD + gSandboxCrashOnError = true; +#endif + if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) { + if (envVar[0]) { + gSandboxCrashOnError = envVar[0] != '0'; + } + } + // Which kinds of resource isolation (of those that need to be set // up at this point) can be used by this process? bool canChroot = false;

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit 6f946f9a53add44040dde190498c39d14922ec6e Author: Jed Davis <jld(a)mozilla.com> Date: Tue Apr 25 19:29:32 2017 -0600 Bug 1358647 - Disallow bind/listen/accept for Linux content processes. r=gcp MozReview-Commit-ID: Cz9MKxOJnsS --HG-- extra : rebase_source : d3ab7ff9020066d5fe9ac3121c88c85b9fde6224 --- security/sandbox/linux/SandboxFilter.cpp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp index 018e9c64446c..f1520aa29e15 100644 --- a/security/sandbox/linux/SandboxFilter.cpp +++ b/security/sandbox/linux/SandboxFilter.cpp @@ -531,10 +531,6 @@ public: case SYS_SEND: case SYS_SOCKET: // DANGEROUS case SYS_CONNECT: // DANGEROUS - case SYS_ACCEPT: - case SYS_ACCEPT4: - case SYS_BIND: - case SYS_LISTEN: case SYS_GETSOCKOPT: case SYS_SETSOCKOPT: case SYS_GETSOCKNAME:

1 0

[tor-browser/tor-browser-52.4.0esr-7.0-1] Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds. r=ted
by gk＠torproject.org 17 Oct '17

17 Oct '17

commit f439d50e540ed21a474a2062d1b902931c042a3e Author: Gian-Carlo Pascutto <gcp(a)mozilla.com> Date: Mon Feb 27 18:01:33 2017 +0100 Bug 1337162 - Enable the Linux content sandbox for non-Nightly builds. r=ted MozReview-Commit-ID: 65aPquHzyfP --HG-- extra : rebase_source : 017080e3ae33289bb0b6a790027f9d02c380d47b --- old-configure.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/old-configure.in b/old-configure.in index 0a0ba4465700..f5a2f05629ce 100644 --- a/old-configure.in +++ b/old-configure.in @@ -3997,14 +3997,14 @@ if test -n "$gonkdir"; then MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX fi -case "$OS_TARGET:$NIGHTLY_BUILD" in -WINNT:*) +case "$OS_TARGET" in +WINNT) MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX ;; -Darwin:*) +Darwin) MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX ;; -Linux:1) +Linux) case $CPU_ARCH in x86_64|x86) MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX

1 0