[tor-bugs] #25670 [Applications/Tor Browser]: Firefox doesn't provide firstPartyDomain on "New Tor Circuit for this Site" request
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 28 21:25:00 UTC 2018
#25670: Firefox doesn't provide firstPartyDomain on "New Tor Circuit for this Site"
request
------------------------------------------+----------------------
Reporter: sysrqb | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I ran into a bug where I clicked "New Tor Circuit for this Site" and the
page reloaded using the same circuit (3865). The torbutton log implies
Firefox doesn't correctly set the firstPartyDomain on the channel's
properties (loadInfo, originAttributes) - I'm not sure which level had the
problem. The torbutton logs show the sequence of events - notice the
domain (trac) and the original nounce used for the site, and then notice
the proxy channel filter is passed an unknown firstPartyDomain when I
tried switching circuits:
{{{
[03-28 17:03:28] Torbutton INFO: New tab
[03-28 17:03:28] Torbutton INFO: tor SOCKS:
https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:03:28] Torbutton INFO: controlPort >> 650 STREAM 39278 NEW 0
trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38254 PURPOSE=USER
[03-28 17:03:28] Torbutton INFO: controlPort >> 650 STREAM 39278
SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:28] Torbutton INFO: streamEvent.CircuitID: 3865
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 REMAP
3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 SUCCEEDED
3865 138.201.212.227:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 CLOSED
3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 NEW 0
trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38256 PURPOSE=USER
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279
SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 REMAP
3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 SUCCEEDED
3865 138.201.212.227:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 CLOSED
3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:32] Torbutton INFO: tor SOCKS:
https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 NEW 0
trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38258 PURPOSE=USER
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280
SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 REMAP
3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 SUCCEEDED
3865 138.201.212.227:443
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 CLOSED
3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39281 NEW 0
trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38260 PURPOSE=USER
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39281
SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 REMAP
3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 SUCCEEDED
3865 138.201.212.227:443
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 CLOSED
3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[snip]
[03-28 17:04:03] Torbutton INFO: New domain isolation for --unknown--:
8050476313eb51e2e698bddad28e1d15
[03-28 17:04:03] Torbutton INFO: tor SOCKS:
https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39283 CLOSED
3792 172.217.18.206:443 REASON=DONE
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 NEW 0
trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38276 PURPOSE=USER
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289
SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 REMAP
3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 SUCCEEDED
3865 138.201.212.227:443
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 CLOSED
3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:04:30] Torbutton INFO: New domain isolation for --unknown--:
643c176b3ed8d038229f3b6ce9c10cd4
[03-28 17:04:30] Torbutton INFO: tor SOCKS: https://torproject.org/ via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39292 CLOSED
3704 192.225.209.8:443 REASON=DONE
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 NEW 0
torproject.org:443 SOURCE_ADDR=127.0.0.1:38286 PURPOSE=USER
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294
SENTCONNECT 3865 torproject.org:443
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 FAILED
3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 CLOSED
3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:05:02] Torbutton DBUG: Got timer update, but no cookie change.
[03-28 17:05:26] Torbutton INFO: New domain isolation for --unknown--:
1583ecd186f48592820fc9b4603601c9
[03-28 17:05:26] Torbutton INFO: tor SOCKS: https://torproject.org/ via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39297 CLOSED
3792 172.217.18.206:443 REASON=DONE
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 NEW 0
torproject.org:443 SOURCE_ADDR=127.0.0.1:38294 PURPOSE=USER
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298
SENTCONNECT 3865 torproject.org:443
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 FAILED
3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 CLOSED
3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
}}}
(I happened to get an exit in Turkey, and it seems like the ISP is sending
a RESET when connecting to torproject.org)
I think this bug is being triggered because torbutton is doing this:
{{{
let channel = aChannel.QueryInterface(Ci.nsIChannel),
proxy = aProxy.QueryInterface(Ci.nsIProxyInfo),
firstPartyDomain =
channel.loadInfo.originAttributes.firstPartyDomain;
if (firstPartyDomain === "") {
firstPartyDomain = "--unknown--";
[...]
}
let replacementProxy = tor.socksProxyCredentials(aProxy,
firstPartyDomain);
}}}
So the new proxy is for the "--unknown--" domain. So the obvious question,
why isn't firstPartyDomain set when:
{{{
void
nsProtocolProxyService::ApplyFilters(nsIChannel *channel,
const nsProtocolInfo &info,
nsIProxyInfo **list)
{
[...]
for (FilterLink *iter = mFilters; iter; iter = iter->next) {
PruneProxyInfo(info, list);
nsresult rv = NS_OK;
if (iter->filter) {
[...]
} else if (iter->channelFilter) {
rv = iter->channelFilter->ApplyFilter(this, channel, *list,
getter_AddRefs(result));
}
}}}
`nsProtocolProxyService::ApplyFilters()` calls
`channelFilter->ApplyFilter()`
(netwerk/base/nsProtocolProxyService.cpp:2034)?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25670>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list