Ticket #22794: 0001-Bug-22794-Don-t-open-AF_INET-AF_INET6-sockets-when-A.patch

File 0001-Bug-22794-Don-t-open-AF_INET-AF_INET6-sockets-when-A.patch, 2.8 KB (added by pospeselr, 16 months ago)

updated patch to also be enabled on macOS rather than just Linux

  • netwerk/socket/nsSOCKSSocketProvider.cpp

    From a487c697b0aeef3e1e2c6a3321cd161df19a17da Mon Sep 17 00:00:00 2001
    From: Richard Pospesel <richard@torproject.org>
    Date: Thu, 1 Feb 2018 16:20:42 -0800
    Subject: [PATCH] Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL
     is configured
    
    The initialization path for the SOCKS proxy in firefox involves creating
    a generic AF_INET socket, and then replacing it if the actual
    configuration requires something else (either AF_INET6 or AF_LOCAL).
    With syscall filtering configured to return an error in the event of
    AF_INET or AF_INET6 socket creation, this initialization path fails.  We
    would like this capability so that we can prevent firefox from making
    network requests outside of the Tor proxy.
    
    This patch adds a check in the initial socket creation path to see if
    the SOCKS proxy host begins with file:// with the assumption that such
    URIs point to a UNIX Domain Socket (on Linux+macOS only).  In that case, 
    we create an AF_LOCAL socket rather than the requested type.  A similar
    check for Windows already exists to determine if the proxy is actually a
    named pipe.
    
    In the subsequent replacing step no work occurs as the passed in socket
    matches the type we need, so no changes need to be made there.
    
    NOTE: With this change there is still a one-time request for an AF_INET6
    socket that occurs.  This code path exists to determine whether the
    system supports IPv6; if socket(AF_INET6...) fails then it is assumed
    that the system does not.  However, this check only affects code that is
    unreachable when using AF_LOCAL sockets so it seems safe leave as it is.
    However, this does mean that Tor Browser will still be incompatible with
    seccomp policies which kill the calling thread in the event of a
    socket(AF_INET6,...) call.
    ---
     netwerk/socket/nsSOCKSSocketProvider.cpp | 15 +++++++++++++++
     1 file changed, 15 insertions(+)
    
    diff --git a/netwerk/socket/nsSOCKSSocketProvider.cpp b/netwerk/socket/nsSOCKSSocketProvider.cpp
    index c62534f7bf3d..1c07c7554908 100644
    a b nsSOCKSSocketProvider::CreateV5(nsISupports *aOuter, REFNSIID aIID, void **aResu 
    4343    return rv;
    4444}
    4545
     46#if defined(XP_UNIX)
     47bool
     48static IsUNIXDomainSocketPath(const nsACString& aPath)
     49{
     50    return StringBeginsWith(aPath, NS_LITERAL_CSTRING("file://"));
     51}
     52#endif
     53
    4654NS_IMETHODIMP
    4755nsSOCKSSocketProvider::NewSocket(int32_t family,
    4856                                 const char *host,
    nsSOCKSSocketProvider::NewSocket(int32_t family, 
    6169    if (IsNamedPipePath(proxyHost)) {
    6270        sock = CreateNamedPipeLayer();
    6371    } else
     72#endif
     73#if defined(XP_UNIX)
     74    nsAutoCString proxyHost;
     75    proxy->GetHost(proxyHost);
     76    if(IsUNIXDomainSocketPath(proxyHost)) {
     77        family = AF_LOCAL;
     78    }
    6479#endif
    6580    {
    6681        sock = PR_OpenTCPSocket(family);