This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-102.4.0esr-12.0-1 in repository tor-browser.
commit 2c885618ed0e1e7779f89160f75cb920b2c79264 Author: Pier Angelo Vendrame pierov@torproject.org AuthorDate: Tue Oct 25 10:54:25 2022 +0200
fixup! Bug 21952: Implement Onion-Location
Bug 40491: Don't auto-pick a v2 address when it's in Onion-Location header --- dom/base/Document.cpp | 57 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 46 insertions(+), 11 deletions(-)
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index 6ddf6f9e4283..9001556d0232 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -6831,18 +6831,53 @@ void Document::GetHeaderData(nsAtom* aHeaderField, nsAString& aData) const {
static bool IsValidOnionLocation(nsIURI* aDocumentURI, nsIURI* aOnionLocationURI) { - bool isHttpish; + if (!aDocumentURI || !aOnionLocationURI) { + return false; + } + + // Current URI nsAutoCString host; - return aDocumentURI && aOnionLocationURI && - NS_SUCCEEDED(aDocumentURI->SchemeIs("https", &isHttpish)) && - isHttpish && NS_SUCCEEDED(aDocumentURI->GetAsciiHost(host)) && - !StringEndsWith(host, ".onion"_ns) && - ((NS_SUCCEEDED(aOnionLocationURI->SchemeIs("http", &isHttpish)) && - isHttpish) || - (NS_SUCCEEDED(aOnionLocationURI->SchemeIs("https", &isHttpish)) && - isHttpish)) && - NS_SUCCEEDED(aOnionLocationURI->GetAsciiHost(host)) && - StringEndsWith(host, ".onion"_ns); + if (!aDocumentURI->SchemeIs("https")) { + return false; + } + NS_ENSURE_SUCCESS(aDocumentURI->GetAsciiHost(host), false); + if (StringEndsWith(host, ".onion"_ns)) { + // Already in the .onion site + return false; + } + + // Target URI + if (!aOnionLocationURI->SchemeIs("http") && + !aOnionLocationURI->SchemeIs("https")) { + return false; + } + nsCOMPtr<nsIEffectiveTLDService> eTLDService = + do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + if (!eTLDService) { + NS_ENSURE_SUCCESS(aOnionLocationURI->GetAsciiHost(host), false); + // This should not happen, but in the unlikely case, still check if it is a + // .onion and in case allow it. + return StringEndsWith(host, ".onion"_ns); + } + NS_ENSURE_SUCCESS(eTLDService->GetBaseDomain(aOnionLocationURI, 0, host), + false); + if (!StringEndsWith(host, ".onion"_ns)) { + return false; + } + + // Ignore v2 + if (host.Length() == 22) { + const char* cur = host.BeginWriting(); + // We have already checked that it ends by ".onion" + const char* end = host.EndWriting() - 6; + bool base32 = true; + for (; cur < end && base32; ++cur) { + base32 = isalpha(*cur) || ('2' <= *cur && *cur <= '7'); + } + return !base32; + } + + return true; }
void Document::SetHeaderData(nsAtom* aHeaderField, const nsAString& aData) {