corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1329237 - Avoid non-smart string IDL types in nsISiteSecurityService.idl. r=keeler

Browse Source 
Smart string IDL types give us nsA[C]String in C++ code, which is safer than
raw char strings.

MozReview-Commit-ID: KJ3Z4qK9i61
This commit is contained in:
Cykesiopka
2017-01-14 13:10:06 +08:00
parent 3b85a0b8b7
commit d59b8b6b39
11 changed files with 111 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
netwerk/protocol/http/nsHttpChannel.cpp
View File

@@ -1581,7 +1581,7 @@ nsHttpChannel::ProcessSingleSecurityHeader(uint32_t aType,
// Process header will now discard the headers itself if the channel // Process header will now discard the headers itself if the channel
// wasn't secure (whereas before it had to be checked manually) // wasn't secure (whereas before it had to be checked manually)
uint32_t failureResult; uint32_t failureResult;
rv = sss->ProcessHeader(aType, mURI, securityHeader.get(), aSSLStatus, rv = sss->ProcessHeader(aType, mURI, securityHeader, aSSLStatus,
aFlags, nullptr, nullptr, &failureResult); aFlags, nullptr, nullptr, &failureResult);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
nsAutoString consoleErrorCategory; nsAutoString consoleErrorCategory;

4
security/manager/ssl/ContentSignatureVerifier.cpp
View File

@@ -18,6 +18,7 @@
#include "nsISupportsPriority.h" #include "nsISupportsPriority.h"
#include "nsIURI.h" #include "nsIURI.h"
#include "nsNSSComponent.h" #include "nsNSSComponent.h"
#include "nsPromiseFlatString.h"
#include "nsSecurityHeaderParser.h" #include "nsSecurityHeaderParser.h"
#include "nsStreamUtils.h" #include "nsStreamUtils.h"
#include "nsWhitespaceTokenizer.h" #include "nsWhitespaceTokenizer.h"
@@ -433,7 +434,8 @@ ContentSignatureVerifier::ParseContentSignatureHeader(
NS_NAMED_LITERAL_CSTRING(signature_var, "p384ecdsa"); NS_NAMED_LITERAL_CSTRING(signature_var, "p384ecdsa");
NS_NAMED_LITERAL_CSTRING(certChainURL_var, "x5u"); NS_NAMED_LITERAL_CSTRING(certChainURL_var, "x5u");
nsSecurityHeaderParser parser(aContentSignatureHeader.BeginReading()); const nsCString& flatHeader = PromiseFlatCString(aContentSignatureHeader);
nsSecurityHeaderParser parser(flatHeader);
nsresult rv = parser.Parse(); nsresult rv = parser.Parse();
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header\n")); CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header\n"));

1
security/manager/ssl/ContentSignatureVerifier.h
View File

@@ -13,6 +13,7 @@
#include "nsIContentSignatureVerifier.h" #include "nsIContentSignatureVerifier.h"
#include "nsIStreamListener.h" #include "nsIStreamListener.h"
#include "nsNSSShutDown.h" #include "nsNSSShutDown.h"
#include "nsString.h"
#include "ScopedNSSTypes.h" #include "ScopedNSSTypes.h"
// 45a5fe2f-c350-4b86-962d-02d5aaaa955a // 45a5fe2f-c350-4b86-962d-02d5aaaa955a

5
security/manager/ssl/PublicKeyPinningService.cpp
View File

@@ -9,6 +9,7 @@
#include "mozilla/Casting.h" #include "mozilla/Casting.h"
#include "mozilla/Logging.h" #include "mozilla/Logging.h"
#include "mozilla/Telemetry.h" #include "mozilla/Telemetry.h"
#include "nsDependentString.h"
#include "nsISiteSecurityService.h" #include "nsISiteSecurityService.h"
#include "nsServiceManagerUtils.h" #include "nsServiceManagerUtils.h"
#include "nsSiteSecurityService.h" #include "nsSiteSecurityService.h"
@@ -181,8 +182,8 @@ FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
bool found; bool found;
bool includeSubdomains; bool includeSubdomains;
nsTArray<nsCString> pinArray; nsTArray<nsCString> pinArray;
rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray, rv = sssService->GetKeyPinsForHostname(nsDependentCString(evalHost), time,
&includeSubdomains, &found); pinArray, &includeSubdomains, &found);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
return rv; return rv;
} }

4
security/manager/ssl/SSLServerCertVerification.cpp
View File

@@ -512,7 +512,7 @@ CertErrorRunnable::CheckCertOverrides()
mDefaultErrorCodeToReport); mDefaultErrorCodeToReport);
} }
nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS, nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS,
mInfoObject->GetHostNameRaw(), mInfoObject->GetHostName(),
mProviderFlags, mProviderFlags,
nullptr, nullptr,
&strictTransportSecurityEnabled); &strictTransportSecurityEnabled);
@@ -523,7 +523,7 @@ CertErrorRunnable::CheckCertOverrides()
mDefaultErrorCodeToReport); mDefaultErrorCodeToReport);
} }
nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP, nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP,
mInfoObject->GetHostNameRaw(), mInfoObject->GetHostName(),
mProviderFlags, mProviderFlags,
nullptr, nullptr,
&hasPinningInformation); &hasPinningInformation);

18
security/manager/ssl/nsISiteSecurityService.idl
View File

@@ -60,8 +60,8 @@ interface nsISiteSecurityService : nsISupports
* *
* @param aType the type of security header in question. * @param aType the type of security header in question.
* @param aSourceURI the URI of the resource with the HTTP header. * @param aSourceURI the URI of the resource with the HTTP header.
* @param aSSLStatus the SSLStatus of the current channel
* @param aHeader the HTTP response header specifying security data. * @param aHeader the HTTP response header specifying security data.
* @param aSSLStatus the SSLStatus of the current channel.
* @param aFlags options for this request as defined in nsISocketProvider: * @param aFlags options for this request as defined in nsISocketProvider:
* NO_PERMANENT_STORAGE * NO_PERMANENT_STORAGE
* @param aMaxAge the parsed max-age directive of the header. * @param aMaxAge the parsed max-age directive of the header.
@@ -75,7 +75,7 @@ interface nsISiteSecurityService : nsISupports
*/ */
void processHeader(in uint32_t aType, void processHeader(in uint32_t aType,
in nsIURI aSourceURI, in nsIURI aSourceURI,
in string aHeader, in ACString aHeader,
in nsISSLStatus aSSLStatus, in nsISSLStatus aSSLStatus,
in uint32_t aFlags, in uint32_t aFlags,
[optional] out unsigned long long aMaxAge, [optional] out unsigned long long aMaxAge,
@@ -88,7 +88,7 @@ interface nsISiteSecurityService : nsISupports
*/ */
void unsafeProcessHeader(in uint32_t aType, void unsafeProcessHeader(in uint32_t aType,
in nsIURI aSourceURI, in nsIURI aSourceURI,
in string aHeader, in ACString aHeader,
in uint32_t aFlags, in uint32_t aFlags,
[optional] out unsigned long long aMaxAge, [optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains, [optional] out boolean aIncludeSubdomains,
@@ -119,7 +119,7 @@ interface nsISiteSecurityService : nsISupports
* the host is HSTS, false otherwise. * the host is HSTS, false otherwise.
*/ */
boolean isSecureHost(in uint32_t aType, boolean isSecureHost(in uint32_t aType,
in string aHost, in ACString aHost,
in uint32_t aFlags, in uint32_t aFlags,
[optional] out boolean aCached); [optional] out boolean aCached);
@@ -159,14 +159,14 @@ interface nsISiteSecurityService : nsISupports
* aIncludeSubdomains will be true. Pins returned are only for non-built-in * aIncludeSubdomains will be true. Pins returned are only for non-built-in
* pin entries. * pin entries.
* *
* @param aHostname the hosname (punycode) to be queried about * @param aHostname the hostname (punycode) to be queried about
* @param the time at which the pins should be valid. This is in * @param evalTime the time at which the pins should be valid. This is in
mozilla::pkix::Time which uses internally seconds since 0 AD. mozilla::pkix::Time which uses internally seconds since 0 AD.
* @param aPinArray the set of sha256-hashed key pins for the given domain * @param aPinArray the set of sha256-hashed key pins for the given domain
* @param aIncludeSubdomains true if the pins apply to subdomains of the * @param aIncludeSubdomains true if the pins apply to subdomains of the
* given domain * given domain
*/ */
[noscript] boolean getKeyPinsForHostname(in string aHostname, [noscript] boolean getKeyPinsForHostname(in ACString aHostname,
in mozillaPkixTime evalTime, in mozillaPkixTime evalTime,
out nsCStringTArrayRef aPinArray, out nsCStringTArrayRef aPinArray,
out boolean aIncludeSubdomains); out boolean aIncludeSubdomains);
@@ -184,7 +184,7 @@ interface nsISiteSecurityService : nsISupports
* @param aIsPreload are these key pins for a preload entry? (false by * @param aIsPreload are these key pins for a preload entry? (false by
* default) * default)
*/ */
boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains, boolean setKeyPins(in ACString aHost, in boolean aIncludeSubdomains,
in int64_t aExpires, in unsigned long aPinCount, in int64_t aExpires, in unsigned long aPinCount,
[array, size_is(aPinCount)] in string aSha256Pins, [array, size_is(aPinCount)] in string aSha256Pins,
[optional] in boolean aIsPreload); [optional] in boolean aIsPreload);
@@ -199,7 +199,7 @@ interface nsISiteSecurityService : nsISupports
* @param aIncludeSubdomains whether this entry also applies to subdomains * @param aIncludeSubdomains whether this entry also applies to subdomains
* @param aExpires the time this entry should expire (millis since epoch) * @param aExpires the time this entry should expire (millis since epoch)
*/ */
boolean setHSTSPreload(in string aHost, in boolean aIncludesSubdomains, boolean setHSTSPreload(in ACString aHost, in boolean aIncludesSubdomains,
in int64_t aExpires); in int64_t aExpires);
/** /**

4
security/manager/ssl/nsSecurityHeaderParser.cpp
View File

@@ -50,8 +50,8 @@ static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser");
#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args) #define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args)
nsSecurityHeaderParser::nsSecurityHeaderParser(const char *aHeader) nsSecurityHeaderParser::nsSecurityHeaderParser(const nsCString& aHeader)
: mCursor(aHeader) : mCursor(aHeader.get())
, mError(false) , mError(false)
{ {
} }

12
security/manager/ssl/nsSecurityHeaderParser.h
View File

@@ -2,12 +2,12 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this * License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsSecurityHeaderParser_h__ #ifndef nsSecurityHeaderParser_h
#define nsSecurityHeaderParser_h__ #define nsSecurityHeaderParser_h
#include "nsString.h"
#include "mozilla/LinkedList.h" #include "mozilla/LinkedList.h"
#include "nsCOMPtr.h" #include "nsCOMPtr.h"
#include "nsString.h"
// Utility class for handing back parsed directives and (optional) values // Utility class for handing back parsed directives and (optional) values
class nsSecurityHeaderDirective : public mozilla::LinkedListElement<nsSecurityHeaderDirective> { class nsSecurityHeaderDirective : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
@@ -36,7 +36,9 @@ public:
class nsSecurityHeaderParser { class nsSecurityHeaderParser {
public: public:
explicit nsSecurityHeaderParser(const char *aHeader); // The input to this class must be null-terminated, and must have a lifetime
// greater than or equal to the lifetime of the created nsSecurityHeaderParser.
explicit nsSecurityHeaderParser(const nsCString& aHeader);
~nsSecurityHeaderParser(); ~nsSecurityHeaderParser();
// Only call Parse once. // Only call Parse once.
@@ -71,4 +73,4 @@ private:
bool mError; bool mError;
}; };
#endif /* nsSecurityHeaderParser_h__ */ #endif // nsSecurityHeaderParser_h

133
security/manager/ssl/nsSiteSecurityService.cpp
View File

@@ -21,11 +21,10 @@
#include "nsIX509Cert.h" #include "nsIX509Cert.h"
#include "nsNSSComponent.h" #include "nsNSSComponent.h"
#include "nsNetUtil.h" #include "nsNetUtil.h"
#include "nsPromiseFlatString.h"
#include "nsSecurityHeaderParser.h" #include "nsSecurityHeaderParser.h"
#include "nsString.h"
#include "nsThreadUtils.h" #include "nsThreadUtils.h"
#include "nsXULAppAPI.h" #include "nsXULAppAPI.h"
#include "pkix/pkixtypes.h"
#include "plstr.h" #include "plstr.h"
#include "prnetdb.h" #include "prnetdb.h"
#include "prprf.h" #include "prprf.h"
@@ -436,26 +435,28 @@ nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
} }
static bool static bool
HostIsIPAddress(const char *hostname) HostIsIPAddress(const nsCString& hostname)
{ {
PRNetAddr hostAddr; PRNetAddr hostAddr;
return (PR_StringToNetAddr(hostname, &hostAddr) == PR_SUCCESS); PRErrorCode prv = PR_StringToNetAddr(hostname.get(), &hostAddr);
return (prv == PR_SUCCESS);
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::ProcessHeader(uint32_t aType, nsSiteSecurityService::ProcessHeader(uint32_t aType,
nsIURI* aSourceURI, nsIURI* aSourceURI,
const char* aHeader, const nsACString& aHeader,
nsISSLStatus* aSSLStatus, nsISSLStatus* aSSLStatus,
uint32_t aFlags, uint32_t aFlags,
uint64_t* aMaxAge, uint64_t* aMaxAge,
bool* aIncludeSubdomains, bool* aIncludeSubdomains,
uint32_t* aFailureResult) uint32_t* aFailureResult)
{ {
// Child processes are not allowed direct access to this. // Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) { if (!XRE_IsParentProcess()) {
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ProcessHeader"); MOZ_CRASH("Child process: no direct access to "
} "nsISiteSecurityService::ProcessHeader");
}
if (aFailureResult) { if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
@@ -465,32 +466,35 @@ nsSiteSecurityService::ProcessHeader(uint32_t aType,
NS_ERROR_NOT_IMPLEMENTED); NS_ERROR_NOT_IMPLEMENTED);
NS_ENSURE_ARG(aSSLStatus); NS_ENSURE_ARG(aSSLStatus);
return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags, return ProcessHeaderInternal(aType, aSourceURI, PromiseFlatCString(aHeader),
aMaxAge, aIncludeSubdomains, aFailureResult); aSSLStatus, aFlags, aMaxAge, aIncludeSubdomains,
aFailureResult);
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType, nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
nsIURI* aSourceURI, nsIURI* aSourceURI,
const char* aHeader, const nsACString& aHeader,
uint32_t aFlags, uint32_t aFlags,
uint64_t* aMaxAge, uint64_t* aMaxAge,
bool* aIncludeSubdomains, bool* aIncludeSubdomains,
uint32_t* aFailureResult) uint32_t* aFailureResult)
{ {
// Child processes are not allowed direct access to this. // Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) { if (!XRE_IsParentProcess()) {
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::UnsafeProcessHeader"); MOZ_CRASH("Child process: no direct access to "
} "nsISiteSecurityService::UnsafeProcessHeader");
}
return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags, return ProcessHeaderInternal(aType, aSourceURI, PromiseFlatCString(aHeader),
aMaxAge, aIncludeSubdomains, aFailureResult); nullptr, aFlags, aMaxAge, aIncludeSubdomains,
aFailureResult);
} }
nsresult nsresult
nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType, nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
nsIURI* aSourceURI, nsIURI* aSourceURI,
const char* aHeader, const nsCString& aHeader,
nsISSLStatus* aSSLStatus, nsISSLStatus* aSSLStatus,
uint32_t aFlags, uint32_t aFlags,
uint64_t* aMaxAge, uint64_t* aMaxAge,
@@ -540,7 +544,7 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
nsAutoCString host; nsAutoCString host;
nsresult rv = GetHost(aSourceURI, host); nsresult rv = GetHost(aSourceURI, host);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
if (HostIsIPAddress(host.get())) { if (HostIsIPAddress(host)) {
/* Don't process headers if a site is accessed by IP address. */ /* Don't process headers if a site is accessed by IP address. */
return NS_OK; return NS_OK;
} }
@@ -562,7 +566,7 @@ nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
static uint32_t static uint32_t
ParseSSSHeaders(uint32_t aType, ParseSSSHeaders(uint32_t aType,
const char* aHeader, const nsCString& aHeader,
bool& foundIncludeSubdomains, bool& foundIncludeSubdomains,
bool& foundMaxAge, bool& foundMaxAge,
bool& foundUnrecognizedDirective, bool& foundUnrecognizedDirective,
@@ -703,7 +707,7 @@ ParseSSSHeaders(uint32_t aType,
nsresult nsresult
nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI, nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
const char* aHeader, const nsCString& aHeader,
nsISSLStatus* aSSLStatus, nsISSLStatus* aSSLStatus,
uint32_t aFlags, uint32_t aFlags,
uint64_t* aMaxAge, uint64_t* aMaxAge,
@@ -713,7 +717,7 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
if (aFailureResult) { if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
} }
SSSLOG(("SSS: processing HPKP header '%s'", aHeader)); SSSLOG(("SSS: processing HPKP header '%s'", aHeader.get()));
NS_ENSURE_ARG(aSSLStatus); NS_ENSURE_ARG(aSSLStatus);
const uint32_t aType = nsISiteSecurityService::HEADER_HPKP; const uint32_t aType = nsISiteSecurityService::HEADER_HPKP;
@@ -877,7 +881,7 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
nsresult nsresult
nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI, nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
const char* aHeader, const nsCString& aHeader,
uint32_t aFlags, uint32_t aFlags,
uint64_t* aMaxAge, uint64_t* aMaxAge,
bool* aIncludeSubdomains, bool* aIncludeSubdomains,
@@ -886,7 +890,7 @@ nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
if (aFailureResult) { if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
} }
SSSLOG(("SSS: processing HSTS header '%s'", aHeader)); SSSLOG(("SSS: processing HSTS header '%s'", aHeader.get()));
const uint32_t aType = nsISiteSecurityService::HEADER_HSTS; const uint32_t aType = nsISiteSecurityService::HEADER_HSTS;
bool foundMaxAge = false; bool foundMaxAge = false;
@@ -965,12 +969,12 @@ nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
nsresult rv = GetHost(aURI, hostname); nsresult rv = GetHost(aURI, hostname);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
/* An IP address never qualifies as a secure URI. */ /* An IP address never qualifies as a secure URI. */
if (HostIsIPAddress(hostname.get())) { if (HostIsIPAddress(hostname)) {
*aResult = false; *aResult = false;
return NS_OK; return NS_OK;
} }
return IsSecureHost(aType, hostname.get(), aFlags, aCached, aResult); return IsSecureHost(aType, hostname, aFlags, aCached, aResult);
} }
int STSPreloadCompare(const void *key, const void *entry) int STSPreloadCompare(const void *key, const void *entry)
@@ -1109,16 +1113,16 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost, nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
uint32_t aFlags, bool* aCached, uint32_t aFlags, bool* aCached,
bool* aResult) bool* aResult)
{ {
// Child processes are not allowed direct access to this. // Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) { if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureHost for non-HSTS entries"); MOZ_CRASH("Child process: no direct access to "
} "nsISiteSecurityService::IsSecureHost for non-HSTS entries");
}
NS_ENSURE_ARG(aHost);
NS_ENSURE_ARG(aResult); NS_ENSURE_ARG(aResult);
// Only HSTS and HPKP are supported at the moment. // Only HSTS and HPKP are supported at the moment.
@@ -1133,7 +1137,8 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
} }
/* An IP address never qualifies as a secure URI. */ /* An IP address never qualifies as a secure URI. */
if (HostIsIPAddress(aHost)) { const nsCString& flatHost = PromiseFlatCString(aHost);
if (HostIsIPAddress(flatHost)) {
return NS_OK; return NS_OK;
} }
@@ -1148,12 +1153,14 @@ nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
} }
bool enforceTestMode = certVerifier->mPinningMode == bool enforceTestMode = certVerifier->mPinningMode ==
CertVerifier::PinningMode::pinningEnforceTestMode; CertVerifier::PinningMode::pinningEnforceTestMode;
return PublicKeyPinningService::HostHasPins(aHost, mozilla::pkix::Now(), return PublicKeyPinningService::HostHasPins(flatHost.get(),
mozilla::pkix::Now(),
enforceTestMode, *aResult); enforceTestMode, *aResult);
} }
// Holepunch chart.apis.google.com and subdomains. // Holepunch chart.apis.google.com and subdomains.
nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost)); nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
if (host.EqualsLiteral("chart.apis.google.com") || if (host.EqualsLiteral("chart.apis.google.com") ||
StringEndsWith(host, NS_LITERAL_CSTRING(".chart.apis.google.com"))) { StringEndsWith(host, NS_LITERAL_CSTRING(".chart.apis.google.com"))) {
if (aCached) { if (aCached) {
@@ -1227,25 +1234,28 @@ bool entryStateNotOK(SiteHPKPState& state, mozilla::pkix::Time& aEvalTime) {
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname, nsSiteSecurityService::GetKeyPinsForHostname(const nsACString& aHostname,
mozilla::pkix::Time& aEvalTime, mozilla::pkix::Time& aEvalTime,
/*out*/ nsTArray<nsCString>& pinArray, /*out*/ nsTArray<nsCString>& pinArray,
/*out*/ bool* aIncludeSubdomains, /*out*/ bool* aIncludeSubdomains,
/*out*/ bool* afound) { /*out*/ bool* afound)
// Child processes are not allowed direct access to this. {
if (!XRE_IsParentProcess()) { // Child processes are not allowed direct access to this.
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::GetKeyPinsForHostname"); if (!XRE_IsParentProcess()) {
} MOZ_CRASH("Child process: no direct access to "
"nsISiteSecurityService::GetKeyPinsForHostname");
}
NS_ENSURE_ARG(afound); NS_ENSURE_ARG(afound);
NS_ENSURE_ARG(aHostname);
SSSLOG(("Top of GetKeyPinsForHostname for %s", aHostname)); const nsCString& flatHostname = PromiseFlatCString(aHostname);
SSSLOG(("Top of GetKeyPinsForHostname for %s", flatHostname.get()));
*afound = false; *afound = false;
*aIncludeSubdomains = false; *aIncludeSubdomains = false;
pinArray.Clear(); pinArray.Clear();
nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHostname)); nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHostname.get()));
nsAutoCString storageKey; nsAutoCString storageKey;
SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP); SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
@@ -1279,18 +1289,19 @@ nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains, nsSiteSecurityService::SetKeyPins(const nsACString& aHost,
bool aIncludeSubdomains,
int64_t aExpires, uint32_t aPinCount, int64_t aExpires, uint32_t aPinCount,
const char** aSha256Pins, const char** aSha256Pins,
bool aIsPreload, bool aIsPreload,
/*out*/ bool* aResult) /*out*/ bool* aResult)
{ {
// Child processes are not allowed direct access to this. // Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) { if (!XRE_IsParentProcess()) {
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::SetKeyPins"); MOZ_CRASH("Child process: no direct access to "
} "nsISiteSecurityService::SetKeyPins");
}
NS_ENSURE_ARG_POINTER(aHost);
NS_ENSURE_ARG_POINTER(aResult); NS_ENSURE_ARG_POINTER(aResult);
NS_ENSURE_ARG_POINTER(aSha256Pins); NS_ENSURE_ARG_POINTER(aSha256Pins);
@@ -1308,27 +1319,31 @@ nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains,
SiteHPKPState dynamicEntry(aExpires, SecurityPropertySet, SiteHPKPState dynamicEntry(aExpires, SecurityPropertySet,
aIncludeSubdomains, sha256keys); aIncludeSubdomains, sha256keys);
// we always store data in permanent storage (ie no flags) // we always store data in permanent storage (ie no flags)
nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost)); const nsCString& flatHost = PromiseFlatCString(aHost);
nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
return SetHPKPState(host.get(), dynamicEntry, 0, aIsPreload); return SetHPKPState(host.get(), dynamicEntry, 0, aIsPreload);
} }
NS_IMETHODIMP NS_IMETHODIMP
nsSiteSecurityService::SetHSTSPreload(const char* aHost, nsSiteSecurityService::SetHSTSPreload(const nsACString& aHost,
bool aIncludeSubdomains, bool aIncludeSubdomains,
int64_t aExpires, int64_t aExpires,
/*out*/ bool* aResult) /*out*/ bool* aResult)
{ {
// Child processes are not allowed direct access to this. // Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) { if (!XRE_IsParentProcess()) {
MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::SetHSTSPreload"); MOZ_CRASH("Child process: no direct access to "
} "nsISiteSecurityService::SetHSTSPreload");
}
NS_ENSURE_ARG_POINTER(aHost);
NS_ENSURE_ARG_POINTER(aResult); NS_ENSURE_ARG_POINTER(aResult);
SSSLOG(("Top of SetHSTSPreload")); SSSLOG(("Top of SetHSTSPreload"));
nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost)); const nsCString& flatHost = PromiseFlatCString(aHost);
nsAutoCString host(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, host.get(), aExpires, return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, host.get(), aExpires,
aIncludeSubdomains, 0, SecurityPropertySet, true); aIncludeSubdomains, 0, SecurityPropertySet, true);
} }

7
security/manager/ssl/nsSiteSecurityService.h
View File

@@ -132,14 +132,15 @@ private:
bool includeSubdomains, uint32_t flags, bool includeSubdomains, uint32_t flags,
SecurityPropertyState aHSTSState, bool aIsPreload); SecurityPropertyState aHSTSState, bool aIsPreload);
nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI, nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
const char* aHeader, nsISSLStatus* aSSLStatus, const nsCString& aHeader,
nsISSLStatus* aSSLStatus,
uint32_t aFlags, uint64_t* aMaxAge, uint32_t aFlags, uint64_t* aMaxAge,
bool* aIncludeSubdomains, bool* aIncludeSubdomains,
uint32_t* aFailureResult); uint32_t* aFailureResult);
nsresult ProcessSTSHeader(nsIURI* aSourceURI, const char* aHeader, nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
uint32_t flags, uint64_t* aMaxAge, uint32_t flags, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult); bool* aIncludeSubdomains, uint32_t* aFailureResult);
nsresult ProcessPKPHeader(nsIURI* aSourceURI, const char* aHeader, nsresult ProcessPKPHeader(nsIURI* aSourceURI, const nsCString& aHeader,
nsISSLStatus* aSSLStatus, uint32_t flags, nsISSLStatus* aSSLStatus, uint32_t flags,
uint64_t* aMaxAge, bool* aIncludeSubdomains, uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult); uint32_t* aFailureResult);

7
security/manager/ssl/tests/gtest/STSParserTest.cpp
View File

@@ -5,6 +5,7 @@
#include <stdio.h> #include <stdio.h>
#include "gtest/gtest.h" #include "gtest/gtest.h"
#include "nsDependentString.h"
#include "nsNetUtil.h" #include "nsNetUtil.h"
#include "nsISiteSecurityService.h" #include "nsISiteSecurityService.h"
#include "nsIURI.h" #include "nsIURI.h"
@@ -21,7 +22,8 @@ TestSuccess(const char* hdr, bool extraTokens,
uint64_t maxAge = 0; uint64_t maxAge = 0;
bool includeSubdomains = false; bool includeSubdomains = false;
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
hdr, 0, &maxAge, &includeSubdomains, nullptr); nsDependentCString(hdr), 0, &maxAge,
&includeSubdomains, nullptr);
ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr; ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr;
ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge"; ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge";
@@ -46,7 +48,8 @@ void TestFailure(const char* hdr,
ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI"; ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri, rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
hdr, 0, nullptr, nullptr, nullptr); nsDependentCString(hdr), 0, nullptr, nullptr,
nullptr);
ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr; ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr;
printf("%s\n", hdr); printf("%s\n", hdr);