commit 36d849291ec0b20a58cccc2cd846fcd2540c9bbe Author: Yawning Angel <yawning@schwanenlied.me> Date: Tue Jun 7 19:03:31 2016 +0000 Bug 19206: Clear out the domain isolator state on `New Identity`. Additionally clear out the domain isolator state on `New Identity`. In theory this removes the need to explicitly issue a `NEWNYM` as new circuits will be used for all subsequent requests, including those made via the catch-all circuit. --- src/chrome/content/torbutton.js | 7 +++++++ src/components/domain-isolator.js | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js index a293c44..e0e541b 100644 --- a/src/chrome/content/torbutton.js +++ b/src/chrome/content/torbutton.js @@ -1872,6 +1872,13 @@ function torbutton_do_new_identity() { getService(Ci.nsIPermissionManager); pm.removeAll(); + // Clear the domain isolation state. + torbutton_log(3, "New Identity: Clearing domain isolator"); + + let domainIsolator = Cc["@torproject.org/domain-isolator;1"] + .getService(Ci.nsISupports).wrappedJSObject; + domainIsolator.clearIsolation(); + torbutton_log(3, "New Identity: Sending NEWNYM"); // We only support TBB for newnym. diff --git a/src/components/domain-isolator.js b/src/components/domain-isolator.js index 769c47d..dbdca1b 100644 --- a/src/components/domain-isolator.js +++ b/src/components/domain-isolator.js @@ -110,6 +110,18 @@ tor.newCircuitForDomain = function(domain) { logger.eclog(3, "New domain isolation for " + domain + ": " + tor.noncesForDomains[domain]); } +// __tor.clearIsolation()_. +// Clear the isolation state cache, forcing new circuits to be used for all +// subsequent requests. +tor.clearIsolation = function () { + // Per-domain nonces are stored in a map, so simply re-initialize the map. + tor.noncesForDomains = {}; + + // Force a rotation on the next catch-all circuit use by setting the creation + // time to the epoch. + tor.unknownDirtySince = 0; +} + // __tor.isolateCircuitsByDomain()__. // For every HTTPChannel, replaces the default SOCKS proxy with one that authenticates // to the SOCKS server (the tor client process) with a username (the first party domain) @@ -190,6 +202,10 @@ DomainIsolator.prototype = { tor.isolationEnabled = false; }, + clearIsolation: function() { + tor.clearIsolation(); + }, + wrappedJSObject: null };