[tor-commits] [tor-browser/tor-browser-31.4.0esr-4.5-1] fixup! Bug #3455.2. Allow RFC1929 authentication (username/password) to SOCKS servers.
mikeperry at torproject.org
mikeperry at torproject.org
Wed Jan 14 19:41:47 UTC 2015
commit b491f6d4bacdbc07d8003f8d6a79e4ffeb775988
Author: Arthur Edelstein <arthuredelstein at gmail.com>
Date: Wed Nov 19 17:26:48 2014 -0800
fixup! Bug #3455.2. Allow RFC1929 authentication (username/password) to SOCKS servers.
This fixes the meek breakage reported in #13788.
---
netwerk/base/src/nsSocketTransport2.cpp | 87 +++++++++----------------------
netwerk/base/src/nsSocketTransport2.h | 14 +++--
2 files changed, 31 insertions(+), 70 deletions(-)
diff --git a/netwerk/base/src/nsSocketTransport2.cpp b/netwerk/base/src/nsSocketTransport2.cpp
index ea0dd68..baa14da 100644
--- a/netwerk/base/src/nsSocketTransport2.cpp
+++ b/netwerk/base/src/nsSocketTransport2.cpp
@@ -751,8 +751,7 @@ nsSocketTransport::nsSocketTransport()
: mTypes(nullptr)
, mTypeCount(0)
, mPort(0)
- , mHttpsProxy(false)
- , mProxyUse(false)
+ , mProxyPort(0)
, mProxyTransparent(false)
, mProxyTransparentResolvesHost(false)
, mConnectionFlags(0)
@@ -813,26 +812,20 @@ nsSocketTransport::Init(const char **types, uint32_t typeCount,
mHost = host;
const char *proxyType = nullptr;
+ mProxyInfo = proxyInfo;
if (proxyInfo) {
- mProxyInfo = proxyInfo;
+ mProxyPort = proxyInfo->Port();
+ mProxyHost = proxyInfo->Host();
// grab proxy type (looking for "socks" for example)
proxyType = proxyInfo->Type();
if (proxyType && (strcmp(proxyType, "http") == 0 ||
strcmp(proxyType, "direct") == 0 ||
strcmp(proxyType, "unknown") == 0))
proxyType = nullptr;
-
- mProxyUse = true;
- // check that we don't have a proxyInfo without proxy
- nsCString proxyHost;
- proxyInfo->GetHost(proxyHost);
- if (!proxyType || proxyHost.IsEmpty()) {
- mProxyUse = false;
- }
}
- SOCKET_LOG(("nsSocketTransport::Init [this=%x host=%s:%hu proxy=%s]\n",
- this, mHost.get(), mPort, mProxyUse ? "yes" : "no"));
+ SOCKET_LOG(("nsSocketTransport::Init [this=%p host=%s:%hu proxy=%s:%hu]\n",
+ this, mHost.get(), mPort, mProxyHost.get(), mProxyPort));
// include proxy type as a socket type if proxy type is not "http"
mTypeCount = typeCount + (proxyType != nullptr);
@@ -1005,7 +998,7 @@ nsSocketTransport::ResolveHost()
nsresult rv;
- if (mProxyUse) {
+ if (!mProxyHost.IsEmpty()) {
if (!mProxyTransparent || mProxyTransparentResolvesHost) {
#if defined(XP_UNIX)
NS_ABORT_IF_FALSE(!mNetAddrIsSet || mNetAddr.raw.family != AF_LOCAL,
@@ -1087,8 +1080,10 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
const char *host = mHost.get();
int32_t port = (int32_t) mPort;
+ const char *proxyHost = mProxyHost.IsEmpty() ? nullptr : mProxyHost.get();
+ int32_t proxyPort = (int32_t) mProxyPort;
uint32_t proxyFlags = 0;
- nsCOMPtr<nsIProxyInfo> proxy = mProxyInfo;
+ nsCOMPtr<nsIProxyInfo> proxyInfo = mProxyInfo;
uint32_t i;
for (i=0; i<mTypeCount; ++i) {
@@ -1109,19 +1104,12 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
if (mConnectionFlags & nsISocketTransport::NO_PERMANENT_STORAGE)
proxyFlags |= nsISocketProvider::NO_PERMANENT_STORAGE;
-
nsCOMPtr<nsISupports> secinfo;
if (i == 0) {
// if this is the first type, we'll want the
// service to allocate a new socket
- nsCString proxyHost;
- GetHost(proxyHost);
- int32_t proxyPort;
- GetPort(&proxyPort);
rv = provider->NewSocket(mNetAddr.raw.family,
- mHttpsProxy ? proxyHost.get() : host,
- mHttpsProxy ? proxyPort : port,
- proxy,
+ host, port, proxyInfo,
proxyFlags, &fd,
getter_AddRefs(secinfo));
@@ -1135,7 +1123,7 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
// so we just want the service to add itself
// to the stack (such as pushing an io layer)
rv = provider->AddToSocket(mNetAddr.raw.family,
- host, port, proxy,
+ host, port, proxyInfo,
proxyFlags, fd,
getter_AddRefs(secinfo));
}
@@ -1165,7 +1153,9 @@ nsSocketTransport::BuildSocket(PRFileDesc *&fd, bool &proxyTransparent, bool &us
(strcmp(mTypes[i], "socks4") == 0)) {
// since socks is transparent, any layers above
// it do not have to worry about proxy stuff
- proxy = nullptr;
+ proxyInfo = nullptr;
+ proxyHost = nullptr;
+ proxyPort = -1;
proxyTransparent = true;
}
}
@@ -1224,14 +1214,10 @@ nsSocketTransport::InitiateSocket()
netAddrCString.BeginWriting(),
kIPv6CStrBufSize))
netAddrCString = NS_LITERAL_CSTRING("<IP-to-string failed>");
- nsCString proxyHost;
- GetHost(proxyHost);
- int32_t proxyPort;
- GetPort(&proxyPort);
SOCKET_LOG(("nsSocketTransport::InitiateSocket skipping "
"speculative connection for host [%s:%d] proxy "
"[%s:%d] with Local IP address [%s]",
- mHost.get(), mPort, proxyHost.get(), proxyPort,
+ mHost.get(), mPort, mProxyHost.get(), mProxyPort,
netAddrCString.get()));
}
#endif
@@ -1380,7 +1366,7 @@ nsSocketTransport::InitiateSocket()
//
OnSocketConnected();
- if (mSecInfo && mProxyUse && proxyTransparent && usingSSL) {
+ if (mSecInfo && !mProxyHost.IsEmpty() && proxyTransparent && usingSSL) {
// if the connection phase is finished, and the ssl layer has
// been pushed, and we were proxying (transparently; ie. nothing
// has to happen in the protocol layer above us), it's time for
@@ -1404,7 +1390,8 @@ nsSocketTransport::InitiateSocket()
// the OS error
//
else if (PR_UNKNOWN_ERROR == code &&
- mProxyUse && mProxyTransparent) {
+ mProxyTransparent &&
+ !mProxyHost.IsEmpty()) {
code = PR_GetOSError();
rv = ErrorAccordingToNSPR(code);
}
@@ -1413,7 +1400,7 @@ nsSocketTransport::InitiateSocket()
//
else {
rv = ErrorAccordingToNSPR(code);
- if (rv == NS_ERROR_CONNECTION_REFUSED && mProxyUse)
+ if ((rv == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty())
rv = NS_ERROR_PROXY_CONNECTION_REFUSED;
}
}
@@ -1725,8 +1712,8 @@ nsSocketTransport::OnSocketEvent(uint32_t type, nsresult status, nsISupports *pa
// For SOCKS proxies (mProxyTransparent == true), the socket
// transport resolves the real host here, so there's no fixup
// (see bug 226943).
- if (status == NS_ERROR_UNKNOWN_HOST && !mProxyTransparent &&
- mProxyUse)
+ if ((status == NS_ERROR_UNKNOWN_HOST) && !mProxyTransparent &&
+ !mProxyHost.IsEmpty())
mCondition = NS_ERROR_UNKNOWN_PROXY_HOST;
else
mCondition = status;
@@ -1851,7 +1838,8 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags)
// The SOCKS proxy rejected our request. Find out why.
//
else if (PR_UNKNOWN_ERROR == code &&
- mProxyUse && mProxyTransparent) {
+ mProxyTransparent &&
+ !mProxyHost.IsEmpty()) {
code = PR_GetOSError();
mCondition = ErrorAccordingToNSPR(code);
}
@@ -1860,7 +1848,7 @@ nsSocketTransport::OnSocketReady(PRFileDesc *fd, int16_t outFlags)
// else, the connection failed...
//
mCondition = ErrorAccordingToNSPR(code);
- if (mCondition == NS_ERROR_CONNECTION_REFUSED && mProxyUse)
+ if ((mCondition == NS_ERROR_CONNECTION_REFUSED) && !mProxyHost.IsEmpty())
mCondition = NS_ERROR_PROXY_CONNECTION_REFUSED;
SOCKET_LOG((" connection failed! [reason=%x]\n", mCondition));
}
@@ -2183,31 +2171,6 @@ nsSocketTransport::GetPort(int32_t *port)
return NS_OK;
}
-const nsCString &
-nsSocketTransport::SocketHost()
-{
- if (mProxyInfo && !mProxyTransparent) {
- if (mProxyHostCache.IsEmpty()) {
- mProxyInfo->GetHost(mProxyHostCache);
- }
- return mProxyHostCache;
- }
- else
- return mHost;
-}
-
-uint16_t
-nsSocketTransport::SocketPort()
-{
- if (mProxyInfo && !mProxyTransparent) {
- int32_t result;
- mProxyInfo->GetPort(&result);
- return (uint16_t) result;
- }
- else
- return mPort;
-}
-
NS_IMETHODIMP
nsSocketTransport::GetPeerAddr(NetAddr *addr)
{
diff --git a/netwerk/base/src/nsSocketTransport2.h b/netwerk/base/src/nsSocketTransport2.h
index 73f750e..25f2592 100644
--- a/netwerk/base/src/nsSocketTransport2.h
+++ b/netwerk/base/src/nsSocketTransport2.h
@@ -266,18 +266,16 @@ private:
char **mTypes;
uint32_t mTypeCount;
nsCString mHost;
+ nsCString mProxyHost;
uint16_t mPort;
- bool mHttpsProxy;
-
nsCOMPtr<nsIProxyInfo> mProxyInfo;
- bool mProxyUse;
- bool mProxyTransparent;
- bool mProxyTransparentResolvesHost;
+ uint16_t mProxyPort;
+ bool mProxyTransparent;
+ bool mProxyTransparentResolvesHost;
uint32_t mConnectionFlags;
- uint16_t SocketPort();
- const nsCString &SocketHost();
- nsCString mProxyHostCache; // for SocketHost() only
+ uint16_t SocketPort() { return (!mProxyHost.IsEmpty() && !mProxyTransparent) ? mProxyPort : mPort; }
+ const nsCString &SocketHost() { return (!mProxyHost.IsEmpty() && !mProxyTransparent) ? mProxyHost : mHost; }
//-------------------------------------------------------------------------
// members accessible only on the socket transport thread:
More information about the tor-commits
mailing list