[tor-commits] [torbrowser/master] Bug #6492: Fix the Tor Browser SIGFPE crash bug
mikeperry at torproject.org
mikeperry at torproject.org
Tue Jul 31 01:53:45 UTC 2012
commit 0087524ee74ece1c5e12838e4f2823335d06679e
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Mon Jul 30 18:48:00 2012 -0700
Bug #6492: Fix the Tor Browser SIGFPE crash bug
All reported crashy sites no longer crash for me with this version.
---
...ize-HTTP-request-order-and-pipeline-depth.patch | 26 +++++++++++--------
1 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
index 407296e..96df3f7 100644
--- a/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
+++ b/src/current-patches/firefox/alpha/0017-Randomize-HTTP-request-order-and-pipeline-depth.patch
@@ -1,7 +1,7 @@
-From 54b2fce6f6dc202de87414d828ef5328f368f1f3 Mon Sep 17 00:00:00 2001
+From 1777a19229cf111156aeae078344a27f34c953c3 Mon Sep 17 00:00:00 2001
From: Mike Perry <mikeperry-git at torproject.org>
Date: Fri, 20 Jul 2012 18:13:44 -0700
-Subject: [PATCH 17/19] Randomize HTTP request order and pipeline depth.
+Subject: [PATCH 17/21] Randomize HTTP request order and pipeline depth.
This is an experimental defense against
http://lorre.uni.lu/~andriy/papers/acmccs-wpes11-fingerprinting.pdf
@@ -19,12 +19,12 @@ similar behavior...
The good news is we now randomize SPDY request order as well as pipeline
request order (though SPDY is still disabled by default in TBB).
---
- netwerk/protocol/http/nsHttpConnectionMgr.cpp | 54 +++++++++++++++++++++++--
+ netwerk/protocol/http/nsHttpConnectionMgr.cpp | 58 +++++++++++++++++++++++--
netwerk/protocol/http/nsHttpConnectionMgr.h | 3 +
- 2 files changed, 53 insertions(+), 4 deletions(-)
+ 2 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpConnectionMgr.cpp b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
-index 5336c7d..b20e770 100644
+index 5336c7d..b94ee31 100644
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -52,6 +52,8 @@
@@ -36,7 +36,7 @@ index 5336c7d..b20e770 100644
using namespace mozilla;
// defined by the socket transport service while active
-@@ -70,15 +72,37 @@ InsertTransactionSorted(nsTArray<nsHttpTransaction*> &pendingQ, nsHttpTransactio
+@@ -70,15 +72,39 @@ InsertTransactionSorted(nsTArray<nsHttpTransaction*> &pendingQ, nsHttpTransactio
// insert into queue with smallest valued number first. search in reverse
// order under the assumption that many of the existing transactions will
// have the same priority (usually 0).
@@ -69,6 +69,8 @@ index 5336c7d..b20e770 100644
+ // Choose random destination begin..end
+ PRInt32 count = 1+end - begin;
+
++ if (count == 0) count = 1; // shouldn't happen...
++
+ // FIXME: rand() is not crypto-secure.. but meh, this code will probably
+ // change like 2 dozen more times before merge, and rand() is probably
+ // good enough for our purposes anyways.
@@ -78,7 +80,7 @@ index 5336c7d..b20e770 100644
}
//-----------------------------------------------------------------------------
-@@ -101,6 +125,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
+@@ -101,6 +127,12 @@ nsHttpConnectionMgr::nsHttpConnectionMgr()
mCT.Init();
mAlternateProtocolHash.Init(16);
mSpdyPreferredHash.Init();
@@ -91,7 +93,7 @@ index 5336c7d..b20e770 100644
}
nsHttpConnectionMgr::~nsHttpConnectionMgr()
-@@ -1115,6 +1145,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
+@@ -1115,6 +1147,19 @@ nsHttpConnectionMgr::AtActiveConnectionLimit(nsConnectionEntry *ent, PRUint8 cap
maxPersistConns = mMaxPersistConnsPerHost;
}
@@ -111,12 +113,14 @@ index 5336c7d..b20e770 100644
// use >= just to be safe
bool result = (totalCount >= maxConns) || ( (caps & NS_HTTP_ALLOW_KEEPALIVE) &&
(persistCount >= maxPersistConns) );
-@@ -1250,6 +1293,9 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
+@@ -1250,6 +1295,11 @@ nsHttpConnectionMgr::AddToShortestPipeline(nsConnectionEntry *ent,
maxdepth = PR_MIN(maxdepth, depthLimit);
-+ // This is a crazy hack to randomize pipeline depth a bit more..
-+ maxdepth = 1 + maxdepth/2 + (rand() % (maxdepth/2));
++ if (maxdepth/2 > 1) {
++ // This is a crazy hack to randomize pipeline depth a bit more..
++ maxdepth = 1 + maxdepth/2 + (rand() % (maxdepth/2));
++ }
+
if (maxdepth < 2)
return false;
More information about the tor-commits
mailing list