68.14.2 - network

netwerk/base/AutoClose.h

@@ -11,7 +11,7 @@
 namespace mozilla {
 namespace net {
 
-// Like an nsAutoPtr for XPCOM streams (e.g. nsIAsyncInputStream) and other
+// A container for XPCOM streams (e.g. nsIAsyncInputStream) and other
 // refcounted classes that need to have the Close() method called explicitly
 // before they are destroyed.
 template <typename T>

netwerk/base/BackgroundFileSaver.cpp

@@ -15,9 +15,6 @@
 #include "nsIFile.h"
 #include "nsIMutableArray.h"
 #include "nsIPipe.h"
-#include "nsIX509Cert.h"
-#include "nsIX509CertDB.h"
-#include "nsIX509CertList.h"
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
 #include "pk11pub.h"
@@ -249,19 +246,17 @@ BackgroundFileSaver::EnableSignatureInfo() {
 }
 
 NS_IMETHODIMP
-BackgroundFileSaver::GetSignatureInfo(nsIArray** aSignatureInfo) {
+BackgroundFileSaver::GetSignatureInfo(
+    nsTArray<nsTArray<nsTArray<uint8_t>>>& aSignatureInfo) {
   MOZ_ASSERT(NS_IsMainThread(), "Can't inspect signature off the main thread");
   // We acquire a lock because mSignatureInfo is written on the worker thread.
   MutexAutoLock lock(mLock);
   if (!mComplete || !mSignatureInfoEnabled) {
     return NS_ERROR_NOT_AVAILABLE;
   }
-  nsCOMPtr<nsIMutableArray> sigArray = do_CreateInstance(NS_ARRAY_CONTRACTID);
-  for (int i = 0; i < mSignatureInfo.Count(); ++i) {
-    sigArray->AppendElement(mSignatureInfo[i]);
+  for (const auto& signatureChain : mSignatureInfo) {
+    aSignatureInfo.AppendElement(signatureChain);
   }
-  *aSignatureInfo = sigArray;
-  NS_IF_ADDREF(*aSignatureInfo);
   return NS_OK;
 }
 
@@ -760,9 +755,6 @@ nsresult BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath) {
       return NS_OK;
     }
   }
-  nsresult rv;
-  nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
 #ifdef XP_WIN
   // Setup the file to check.
   WINTRUST_FILE_INFO fileToCheck = {0};
@@ -819,42 +811,22 @@ nsresult BackgroundFileSaver::ExtractSignatureInfo(const nsAString& filePath) {
         if (!certSimpleChain) {
           break;
         }
-        nsCOMPtr<nsIX509CertList> nssCertList =
-            do_CreateInstance(NS_X509CERTLIST_CONTRACTID);
-        if (!nssCertList) {
-          break;
-        }
+
+        nsTArray<nsTArray<uint8_t>> certList;
         bool extractionSuccess = true;
         for (DWORD k = 0; k < certSimpleChain->cElement; ++k) {
           CERT_CHAIN_ELEMENT* certChainElement = certSimpleChain->rgpElement[k];
           if (certChainElement->pCertContext->dwCertEncodingType !=
               X509_ASN_ENCODING) {
             continue;
           }
-          nsCOMPtr<nsIX509Cert> nssCert = nullptr;
-          nsDependentCSubstring certDER(
-              reinterpret_cast<char*>(
-                  certChainElement->pCertContext->pbCertEncoded),
-              certChainElement->pCertContext->cbCertEncoded);
-          rv = certDB->ConstructX509(certDER, getter_AddRefs(nssCert));
-          if (!nssCert) {
-            extractionSuccess = false;
-            LOG(("Couldn't create NSS cert [this = %p]", this));
-            break;
-          }
-          rv = nssCertList->AddCert(nssCert);
-          if (NS_FAILED(rv)) {
-            extractionSuccess = false;
-            LOG(("Couldn't add NSS cert to cert list [this = %p]", this));
-            break;
-          }
-          nsString subjectName;
-          nssCert->GetSubjectName(subjectName);
-          LOG(("Adding cert %s [this = %p]",
-               NS_ConvertUTF16toUTF8(subjectName).get(), this));
+          nsTArray<uint8_t> cert;
+          cert.AppendElements(certChainElement->pCertContext->pbCertEncoded,
+                              certChainElement->pCertContext->cbCertEncoded);
+          certList.AppendElement(cert);
         }
         if (extractionSuccess) {
-          mSignatureInfo.AppendObject(nssCertList);
+          mSignatureInfo.AppendElement(std::move(certList));
         }
       }
     }

netwerk/base/BackgroundFileSaver.h

@@ -22,7 +22,6 @@
 
 class nsIAsyncInputStream;
 class nsIThread;
-class nsIX509CertList;
 
 namespace mozilla {
 namespace net {
@@ -201,7 +200,7 @@ class BackgroundFileSaver : public nsIBackgroundFileSaver {
   /**
    * Store the signature info.
    */
-  nsCOMArray<nsIX509CertList> mSignatureInfo;
+  nsTArray<nsTArray<nsTArray<uint8_t>>> mSignatureInfo;
 
   /**
    * Whether or not to extract the signature. Must be set on the main thread

netwerk/base/EventTokenBucket.cpp

@@ -214,7 +214,7 @@ nsresult EventTokenBucket::SubmitEvent(ATokenBucketEvent* event,
   // When this function exits the cancelEvent needs 2 references, one for the
   // mEvents queue and one for the caller of SubmitEvent()
 
-  NS_ADDREF(*cancelable = cancelEvent.get());
+  *cancelable = do_AddRef(cancelEvent).take();
 
   if (mPaused || !TryImmediateDispatch(cancelEvent.get())) {
     // queue it

netwerk/base/FuzzySecurityInfo.cpp

@@ -36,7 +36,8 @@ FuzzySecurityInfo::GetErrorCodeString(nsAString& aErrorString) {
 }
 
 NS_IMETHODIMP
-FuzzySecurityInfo::GetFailedCertChain(nsIX509CertList** _result) {
+FuzzySecurityInfo::GetFailedCertChain(
+    nsTArray<RefPtr<nsIX509Cert>>& aFailedCertChain) {
   MOZ_CRASH("Unused");
   return NS_OK;
 }
@@ -52,8 +53,8 @@ FuzzySecurityInfo::GetServerCert(nsIX509Cert** aServerCert) {
 }
 
 NS_IMETHODIMP
-FuzzySecurityInfo::GetSucceededCertChain(nsIX509CertList** _result) {
-  NS_ENSURE_ARG_POINTER(_result);
+FuzzySecurityInfo::GetSucceededCertChain(
+    nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain) {
   MOZ_CRASH("Unused");
   return NS_OK;
 }
@@ -315,12 +316,6 @@ FuzzySecurityInfo::SetEsniTxt(const nsACString& aEsniTxt) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-FuzzySecurityInfo::GetServerRootCertIsBuiltInRoot(bool* aIsBuiltInRoot) {
-  *aIsBuiltInRoot = true;
-  return NS_OK;
-}
-
 void FuzzySecurityInfo::SerializeToIPC(IPC::Message* aMsg) {
   MOZ_CRASH("Unused");
 }
@@ -331,5 +326,11 @@ bool FuzzySecurityInfo::DeserializeFromIPC(const IPC::Message* aMsg,
   return false;
 }
 
+NS_IMETHODIMP
+FuzzySecurityInfo::GetPeerId(nsACString& aResult) {
+  aResult.Assign(EmptyCString());
+  return NS_OK;
+}
+
 }  // namespace net
 }  // namespace mozilla

netwerk/base/LoadInfo.cpp

@@ -9,6 +9,7 @@
 #include "mozilla/ExpandedPrincipal.h"
 #include "mozilla/dom/ClientIPCTypes.h"
 #include "mozilla/dom/ClientSource.h"
+#include "mozilla/dom/Performance.h"
 #include "mozilla/dom/PerformanceStorage.h"
 #include "mozilla/dom/BrowserChild.h"
 #include "mozilla/dom/ToJSValue.h"
@@ -34,7 +35,6 @@
 #include "nsQueryObject.h"
 #include "nsRedirectHistoryEntry.h"
 #include "nsSandboxFlags.h"
-#include "LoadInfo.h"
 
 using namespace mozilla::dom;
 
@@ -95,6 +95,7 @@ LoadInfo::LoadInfo(
       mServiceWorkerTaintingSynthesized(false),
       mDocumentHasUserInteracted(false),
       mDocumentHasLoaded(false),
+      mAllowListFutureDocumentsCreatedFromThisRedirectChain(false),
       mIsFromProcessingFrameAttributes(false) {
   MOZ_ASSERT(mLoadingPrincipal);
   MOZ_ASSERT(mTriggeringPrincipal);
@@ -346,6 +347,7 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
       mServiceWorkerTaintingSynthesized(false),
       mDocumentHasUserInteracted(false),
       mDocumentHasLoaded(false),
+      mAllowListFutureDocumentsCreatedFromThisRedirectChain(false),
       mIsFromProcessingFrameAttributes(false) {
   // Top-level loads are never third-party
   // Grab the information we can out of the window.
@@ -461,6 +463,8 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
       mServiceWorkerTaintingSynthesized(false),
       mDocumentHasUserInteracted(rhs.mDocumentHasUserInteracted),
       mDocumentHasLoaded(rhs.mDocumentHasLoaded),
+      mAllowListFutureDocumentsCreatedFromThisRedirectChain(
+          rhs.mAllowListFutureDocumentsCreatedFromThisRedirectChain),
       mCspNonce(rhs.mCspNonce),
       mIsFromProcessingFrameAttributes(rhs.mIsFromProcessingFrameAttributes) {}
 
@@ -494,8 +498,9 @@ LoadInfo::LoadInfo(
     const nsTArray<nsCString>& aCorsUnsafeHeaders, bool aForcePreflight,
     bool aIsPreflight, bool aLoadTriggeredFromExternal,
     bool aServiceWorkerTaintingSynthesized, bool aDocumentHasUserInteracted,
-    bool aDocumentHasLoaded, const nsAString& aCspNonce,
-    uint32_t aRequestBlockingReason)
+    bool aDocumentHasLoaded,
+    bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
+    const nsAString& aCspNonce, uint32_t aRequestBlockingReason)
     : mLoadingPrincipal(aLoadingPrincipal),
       mTriggeringPrincipal(aTriggeringPrincipal),
       mPrincipalToInherit(aPrincipalToInherit),
@@ -544,6 +549,8 @@ LoadInfo::LoadInfo(
       mServiceWorkerTaintingSynthesized(aServiceWorkerTaintingSynthesized),
       mDocumentHasUserInteracted(aDocumentHasUserInteracted),
       mDocumentHasLoaded(aDocumentHasLoaded),
+      mAllowListFutureDocumentsCreatedFromThisRedirectChain(
+          aAllowListFutureDocumentsCreatedFromThisRedirectChain),
       mCspNonce(aCspNonce),
       mIsFromProcessingFrameAttributes(false) {
   // Only top level TYPE_DOCUMENT loads can have a null loadingPrincipal
@@ -604,11 +611,13 @@ LoadInfo::GetLoadingPrincipal(nsIPrincipal** aLoadingPrincipal) {
   return NS_OK;
 }
 
-nsIPrincipal* LoadInfo::LoadingPrincipal() { return mLoadingPrincipal; }
+nsIPrincipal* LoadInfo::VirtualGetLoadingPrincipal() {
+  return mLoadingPrincipal;
+}
 
 NS_IMETHODIMP
 LoadInfo::GetTriggeringPrincipal(nsIPrincipal** aTriggeringPrincipal) {
-  NS_ADDREF(*aTriggeringPrincipal = mTriggeringPrincipal);
+  *aTriggeringPrincipal = do_AddRef(mTriggeringPrincipal).take();
   return NS_OK;
 }
 
@@ -1282,6 +1291,20 @@ LoadInfo::SetDocumentHasLoaded(bool aDocumentHasLoaded) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+LoadInfo::GetAllowListFutureDocumentsCreatedFromThisRedirectChain(
+    bool* aValue) {
+  MOZ_ASSERT(aValue);
+  *aValue = mAllowListFutureDocumentsCreatedFromThisRedirectChain;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+LoadInfo::SetAllowListFutureDocumentsCreatedFromThisRedirectChain(bool aValue) {
+  mAllowListFutureDocumentsCreatedFromThisRedirectChain = aValue;
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 LoadInfo::GetCspNonce(nsAString& aCspNonce) {
   aCspNonce = mCspNonce;
@@ -1415,7 +1438,39 @@ void LoadInfo::SetPerformanceStorage(PerformanceStorage* aPerformanceStorage) {
 }
 
 PerformanceStorage* LoadInfo::GetPerformanceStorage() {
-  return mPerformanceStorage;
+  if (mPerformanceStorage) {
+    return mPerformanceStorage;
+  }
+
+  RefPtr<dom::Document> loadingDocument;
+  GetLoadingDocument(getter_AddRefs(loadingDocument));
+  if (!loadingDocument) {
+    return nullptr;
+  }
+
+  if (!TriggeringPrincipal()->Equals(loadingDocument->NodePrincipal())) {
+    return nullptr;
+  }
+
+  if (nsILoadInfo::GetExternalContentPolicyType() ==
+          nsIContentPolicy::TYPE_SUBDOCUMENT &&
+      !GetIsFromProcessingFrameAttributes()) {
+    // We only report loads caused by processing the attributes of the
+    // browsing context container.
+    return nullptr;
+  }
+
+  nsCOMPtr<nsPIDOMWindowInner> innerWindow = loadingDocument->GetInnerWindow();
+  if (!innerWindow) {
+    return nullptr;
+  }
+
+  mozilla::dom::Performance* performance = innerWindow->GetPerformance();
+  if (!performance) {
+    return nullptr;
+  }
+
+  return performance->AsPerformanceStorage();
 }
 
 NS_IMETHODIMP

netwerk/base/LoadInfo.h

@@ -150,6 +150,7 @@ class LoadInfo final : public nsILoadInfo {
            bool aIsPreflight, bool aLoadTriggeredFromExternal,
            bool aServiceWorkerTaintingSynthesized,
            bool aDocumentHasUserInteracted, bool aDocumentHasLoaded,
+           bool aAllowListFutureDocumentsCreatedFromThisRedirectChain,
            const nsAString& aCspNonce, uint32_t aRequestBlockingReason);
   LoadInfo(const LoadInfo& rhs);
 
@@ -230,6 +231,7 @@ class LoadInfo final : public nsILoadInfo {
   bool mServiceWorkerTaintingSynthesized;
   bool mDocumentHasUserInteracted;
   bool mDocumentHasLoaded;
+  bool mAllowListFutureDocumentsCreatedFromThisRedirectChain;
   nsString mCspNonce;
 
   // Is true if this load was triggered by processing the attributes of the

netwerk/base/NetworkConnectivityService.cpp

@@ -128,15 +128,17 @@ NetworkConnectivityService::RecheckDNS() {
   nsAutoCString host;
   Preferences::GetCString("network.connectivity-service.DNSv4.domain", host);
 
-  rv = dns->AsyncResolveNative(host, nsIDNSService::RESOLVE_DISABLE_IPV6, this,
-                               NS_GetCurrentThread(), attrs,
-                               getter_AddRefs(mDNSv4Request));
+  rv = dns->AsyncResolveNative(
+      host,
+      nsIDNSService::RESOLVE_DISABLE_IPV6 | nsIDNSService::RESOLVE_DISABLE_TRR,
+      this, NS_GetCurrentThread(), attrs, getter_AddRefs(mDNSv4Request));
   NS_ENSURE_SUCCESS(rv, rv);
 
   Preferences::GetCString("network.connectivity-service.DNSv6.domain", host);
-  rv = dns->AsyncResolveNative(host, nsIDNSService::RESOLVE_DISABLE_IPV4, this,
-                               NS_GetCurrentThread(), attrs,
-                               getter_AddRefs(mDNSv6Request));
+  rv = dns->AsyncResolveNative(
+      host,
+      nsIDNSService::RESOLVE_DISABLE_IPV4 | nsIDNSService::RESOLVE_DISABLE_TRR,
+      this, NS_GetCurrentThread(), attrs, getter_AddRefs(mDNSv6Request));
   return rv;
 }
 
@@ -194,9 +196,10 @@ static inline already_AddRefed<nsIChannel> SetupIPCheckChannel(bool ipv4) {
       nullptr,  // aPerformanceStorage
       nullptr,  // aLoadGroup
       nullptr,
-      nsIRequest::LOAD_BYPASS_CACHE |    // don't read from the cache
-          nsIRequest::INHIBIT_CACHING |  // don't write the response to cache
-          nsIRequest::LOAD_ANONYMOUS);   // prevent privacy leaks
+      nsIRequest::LOAD_BYPASS_CACHE |     // don't read from the cache
+          nsIRequest::INHIBIT_CACHING |   // don't write the response to cache
+          nsIRequest::LOAD_DISABLE_TRR |  // check network capabilities not TRR
+          nsIRequest::LOAD_ANONYMOUS);    // prevent privacy leaks
 
   NS_ENSURE_SUCCESS(rv, nullptr);
 

netwerk/base/NetworkConnectivityService.h

@@ -6,7 +6,9 @@
 #define NetworkConnectivityService_h_
 
 #include "nsINetworkConnectivityService.h"
+#include "nsIObserver.h"
 #include "nsIDNSListener.h"
+#include "nsIStreamListener.h"
 
 namespace mozilla {
 namespace net {