commit c95f25a009d421a7cf38e56cc4c6fe83ff43c438 Author: Arthur Edelstein arthuredelstein@gmail.com Date: Tue Jun 23 13:21:11 2015 -0700
fixup! Bug 13670.2: Isolate OCSP requests by first party domain --- dom/base/ThirdPartyUtil.cpp | 9 +++++++++ netwerk/base/nsISocketTransport.idl | 2 +- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 2 +- netwerk/protocol/http/nsHttpConnectionMgr.h | 2 +- netwerk/protocol/http/nsHttpHandler.cpp | 2 +- security/manager/ssl/src/SSLServerCertVerification.cpp | 2 +- security/manager/ssl/src/TransportSecurityInfo.cpp | 7 ------- security/manager/ssl/src/TransportSecurityInfo.h | 3 +-- security/manager/ssl/src/nsNSSCallbacks.cpp | 10 ++++++---- 9 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/dom/base/ThirdPartyUtil.cpp b/dom/base/ThirdPartyUtil.cpp index 9aa3414..a7d05f7 100644 --- a/dom/base/ThirdPartyUtil.cpp +++ b/dom/base/ThirdPartyUtil.cpp @@ -171,7 +171,16 @@ ThirdPartyUtil::GetOriginatingURI(nsIChannel *aChannel, nsIURI **aURI)
// case 3) if (!topWin) + { + if (httpChannelInternal) + { + httpChannelInternal->GetDocumentURI(aURI); + if (*aURI) { + return NS_OK; + } + } return NS_ERROR_INVALID_ARG; + }
// case 4) if (ourWin == topWin) { diff --git a/netwerk/base/nsISocketTransport.idl b/netwerk/base/nsISocketTransport.idl index 2662145..161e9c3 100644 --- a/netwerk/base/nsISocketTransport.idl +++ b/netwerk/base/nsISocketTransport.idl @@ -28,7 +28,7 @@ native NetAddr(mozilla::net::NetAddr); * NOTE: This is a free-threaded interface, meaning that the methods on * this interface may be called from any thread. */ -[scriptable, uuid(a0b3b547-d6f0-4b65-a3de-a99ffa368840)] +[scriptable, uuid(4e2dc9d0-125e-4f8e-8c93-845f3de5cd8a)] interface nsISocketTransport : nsITransport { /** diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp index f6fde3c..4713560 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp +++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp @@ -1327,7 +1327,7 @@ nsHttpConnectionMgr::PipelineFeedbackInfo(nsHttpConnectionInfo *ci, }
void -nsHttpConnectionMgr::ReportFailedToProcess(nsIURI *uri, const nsACString& isolationDomain) +nsHttpConnectionMgr::ReportFailedToProcess(nsIURI *uri) { MOZ_ASSERT(uri);
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.h b/netwerk/protocol/http/nsHttpConnectionMgr.h index 55b5d06..f64b756 100644 --- a/netwerk/protocol/http/nsHttpConnectionMgr.h +++ b/netwerk/protocol/http/nsHttpConnectionMgr.h @@ -220,7 +220,7 @@ public: nsHttpConnection *, uint32_t);
- void ReportFailedToProcess(nsIURI *uri, const nsACString& isolationDomain); + void ReportFailedToProcess(nsIURI *uri);
// Causes a large amount of connection diagnostic information to be // printed to the javascript console diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index 3f1ca3e..0fdd827 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -1952,7 +1952,7 @@ nsHttpHandler::Observe(nsISupports *subject, nsCOMPtr<nsIURI> uri = do_QueryInterface(subject); // Ignore possibility of an isolation key: if (uri && mConnMgr) { - mConnMgr->ReportFailedToProcess(uri, EmptyCString()); + mConnMgr->ReportFailedToProcess(uri); } } else if (!strcmp(topic, "last-pb-context-exited")) { mPrivateAuthCache.ClearAll(); diff --git a/security/manager/ssl/src/SSLServerCertVerification.cpp b/security/manager/ssl/src/SSLServerCertVerification.cpp index e436ed0..eeb430d 100644 --- a/security/manager/ssl/src/SSLServerCertVerification.cpp +++ b/security/manager/ssl/src/SSLServerCertVerification.cpp @@ -1146,7 +1146,7 @@ AuthCertificate(CertVerifier& certVerifier, rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse, time, infoObject, infoObject->GetHostNameRaw(), - infoObject->GetIsolationKey(), + infoObject->GetIsolationKeyRaw(), saveIntermediates, 0, &certList, &evOidPolicy, &ocspStaplingStatus, &keySizeStatus); diff --git a/security/manager/ssl/src/TransportSecurityInfo.cpp b/security/manager/ssl/src/TransportSecurityInfo.cpp index 8351916..c715688 100644 --- a/security/manager/ssl/src/TransportSecurityInfo.cpp +++ b/security/manager/ssl/src/TransportSecurityInfo.cpp @@ -107,13 +107,6 @@ TransportSecurityInfo::SetIsolationKey(const char* isolationKey) return NS_OK; }
-nsresult -TransportSecurityInfo::GetIsolationKey(char** isolationKey) -{ - *isolationKey = (mIsolationKey) ? NS_strdup(mIsolationKey) : nullptr; - return NS_OK; -} - PRErrorCode TransportSecurityInfo::GetErrorCode() const { diff --git a/security/manager/ssl/src/TransportSecurityInfo.h b/security/manager/ssl/src/TransportSecurityInfo.h index d916adb..e0061e6d 100644 --- a/security/manager/ssl/src/TransportSecurityInfo.h +++ b/security/manager/ssl/src/TransportSecurityInfo.h @@ -62,8 +62,7 @@ public: nsresult GetPort(int32_t *aPort); nsresult SetPort(int32_t aPort);
- nsresult GetIsolationKey(char **aIsolationKey); - const char* GetIsolationKey() const { return mIsolationKey.get(); } + const char* GetIsolationKeyRaw() const { return mIsolationKey.get(); } nsresult SetIsolationKey(const char *aIsolationKey);
PRErrorCode GetErrorCode() const; diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp index 40d2baf..2c6cca4 100644 --- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -106,13 +106,15 @@ nsHTTPDownloadEvent::Run()
chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS);
- // If we have an isolation key, use it as the isolation key for this channel. + // If we have an isolation key, use it as the URI for this channel. if (!mRequestSession->mIsolationKey.IsEmpty()) { nsCOMPtr<nsIHttpChannelInternal> channelInternal(do_QueryInterface(chan)); if (channelInternal) { - nsCOMPtr<nsIURI> pageURI; - nsresult rv = NS_NewURI(getter_AddRefs(pageURI), mRequestSession->mIsolationKey.get()); - channelInternal->SetDocumentURI(pageURI); + nsCString documentURISpec("https://"); + documentURISpec.Append(mRequestSession->mIsolationKey); + nsCOMPtr<nsIURI> documentURI; + /* nsresult rv = */ NS_NewURI(getter_AddRefs(documentURI), documentURISpec); + channelInternal->SetDocumentURI(documentURI); } }