[tor-bugs] #16300 [Tor Browser]: Make sure the BroadcastChannel API adheres to our URL bar domain isolation

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 25 17:40:50 UTC 2015 

#16300: Make sure the BroadcastChannel API adheres to our URL bar domain isolation
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  mcs
         Type:  task     |     Status:  needs_revision
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  ff38-esr, tbb-linkability, tbb-5
   Resolution:           |  .0a-highrisk, TorBrowserTeam201506R,
Actual Points:           |  GeorgKoppen201506R
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by mcs):

 Replying to [comment:11 mikeperry]:
 > It seems like GetFirstPartyHost() can fail to get an isolation host in
 InitializeRunnable::MainThreadRun() in
 dom/broadcastchannel/BroadcastChannel.cpp if there is no document yet in
 the Worker. Doesn't this mean that workers who can trigger this case can
 still broadcast to eachother even if they are launched from different
 isolation domains, because their empty isolation host strings will match?

 It would mean that, except we tried hard to ensure that failure to obtain
 an isolation host leads to failure to create a BroadcastChannel.  The code
 in BroadcastChannel::Constructor() fails if the InitializeRunnable throws
 an error (passed back and checked via the aRv parameter).  The check does
 not show up in the patch because it is already present just after the
 runnable->Dispatch(cx); call, here:

 http://mxr.mozilla.org/mozilla-
 central/source/dom/broadcastchannel/BroadcastChannel.cpp#481

 And the GetFirstPartyHost() method that we added starts with a check for a
 non-NULL aDoc:
 {{{
 void
 GetFirstPartyHost(nsIDocument* aDoc, nsAString& aFirstPartyHost,
                   ErrorResult& aRv)
 {
   if (!aDoc) {
     aRv.Throw(NS_ERROR_FAILURE);
     return;
   }
 ...
 }}}

 So I think the patch is OK as is, but maybe I am missing something.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16300#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list