[tor-commits] [torbutton/master] Bug 19206: Clear out the domain isolator state on `New Identity`.

gk at torproject.org gk at torproject.org
Fri Jun 10 14:34:35 UTC 2016 

commit 36d849291ec0b20a58cccc2cd846fcd2540c9bbe
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Tue Jun 7 19:03:31 2016 +0000

    Bug 19206: Clear out the domain isolator state on `New Identity`.
    
    Additionally clear out the domain isolator state on `New Identity`.  In
    theory this removes the need to explicitly issue a `NEWNYM` as new
    circuits will be used for all subsequent requests, including those made
    via the catch-all circuit.
---
 src/chrome/content/torbutton.js   |  7 +++++++
 src/components/domain-isolator.js | 16 ++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index a293c44..e0e541b 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -1872,6 +1872,13 @@ function torbutton_do_new_identity() {
            getService(Ci.nsIPermissionManager);
   pm.removeAll();
 
+  // Clear the domain isolation state.
+  torbutton_log(3, "New Identity: Clearing domain isolator");
+
+  let domainIsolator = Cc["@torproject.org/domain-isolator;1"]
+      .getService(Ci.nsISupports).wrappedJSObject;
+  domainIsolator.clearIsolation();
+
   torbutton_log(3, "New Identity: Sending NEWNYM");
 
   // We only support TBB for newnym.
diff --git a/src/components/domain-isolator.js b/src/components/domain-isolator.js
index 769c47d..dbdca1b 100644
--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -110,6 +110,18 @@ tor.newCircuitForDomain = function(domain) {
   logger.eclog(3, "New domain isolation for " + domain + ": " + tor.noncesForDomains[domain]);
 }
 
+// __tor.clearIsolation()_.
+// Clear the isolation state cache, forcing new circuits to be used for all
+// subsequent requests.
+tor.clearIsolation = function () {
+  // Per-domain nonces are stored in a map, so simply re-initialize the map.
+  tor.noncesForDomains = {};
+
+  // Force a rotation on the next catch-all circuit use by setting the creation
+  // time to the epoch.
+  tor.unknownDirtySince = 0;
+}
+
 // __tor.isolateCircuitsByDomain()__.
 // For every HTTPChannel, replaces the default SOCKS proxy with one that authenticates
 // to the SOCKS server (the tor client process) with a username (the first party domain)
@@ -190,6 +202,10 @@ DomainIsolator.prototype = {
     tor.isolationEnabled = false;
   },
 
+  clearIsolation: function() {
+    tor.clearIsolation();
+  },
+
   wrappedJSObject: null
 };

More information about the tor-commits mailing list