[tor-commits] [tor-browser] 02/03: fixup! Bug 21952: Implement Onion-Location

gitolite role git at cupani.torproject.org
Tue Oct 25 17:23:33 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-102.4.0esr-12.0-1
in repository tor-browser.

commit 2c885618ed0e1e7779f89160f75cb920b2c79264
Author: Pier Angelo Vendrame <pierov at torproject.org>
AuthorDate: Tue Oct 25 10:54:25 2022 +0200

    fixup! Bug 21952: Implement Onion-Location
    
    Bug 40491: Don't auto-pick a v2 address when it's in Onion-Location header
---
 dom/base/Document.cpp | 57 +++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 46 insertions(+), 11 deletions(-)

diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
index 6ddf6f9e4283..9001556d0232 100644
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -6831,18 +6831,53 @@ void Document::GetHeaderData(nsAtom* aHeaderField, nsAString& aData) const {
 
 static bool IsValidOnionLocation(nsIURI* aDocumentURI,
                                  nsIURI* aOnionLocationURI) {
-  bool isHttpish;
+  if (!aDocumentURI || !aOnionLocationURI) {
+    return false;
+  }
+
+  // Current URI
   nsAutoCString host;
-  return aDocumentURI && aOnionLocationURI &&
-         NS_SUCCEEDED(aDocumentURI->SchemeIs("https", &isHttpish)) &&
-         isHttpish && NS_SUCCEEDED(aDocumentURI->GetAsciiHost(host)) &&
-         !StringEndsWith(host, ".onion"_ns) &&
-         ((NS_SUCCEEDED(aOnionLocationURI->SchemeIs("http", &isHttpish)) &&
-           isHttpish) ||
-          (NS_SUCCEEDED(aOnionLocationURI->SchemeIs("https", &isHttpish)) &&
-           isHttpish)) &&
-         NS_SUCCEEDED(aOnionLocationURI->GetAsciiHost(host)) &&
-         StringEndsWith(host, ".onion"_ns);
+  if (!aDocumentURI->SchemeIs("https")) {
+    return false;
+  }
+  NS_ENSURE_SUCCESS(aDocumentURI->GetAsciiHost(host), false);
+  if (StringEndsWith(host, ".onion"_ns)) {
+    // Already in the .onion site
+    return false;
+  }
+
+  // Target URI
+  if (!aOnionLocationURI->SchemeIs("http") &&
+      !aOnionLocationURI->SchemeIs("https")) {
+    return false;
+  }
+  nsCOMPtr<nsIEffectiveTLDService> eTLDService =
+      do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
+  if (!eTLDService) {
+    NS_ENSURE_SUCCESS(aOnionLocationURI->GetAsciiHost(host), false);
+    // This should not happen, but in the unlikely case, still check if it is a
+    // .onion and in case allow it.
+    return StringEndsWith(host, ".onion"_ns);
+  }
+  NS_ENSURE_SUCCESS(eTLDService->GetBaseDomain(aOnionLocationURI, 0, host),
+                    false);
+  if (!StringEndsWith(host, ".onion"_ns)) {
+    return false;
+  }
+
+  // Ignore v2
+  if (host.Length() == 22) {
+    const char* cur = host.BeginWriting();
+    // We have already checked that it ends by ".onion"
+    const char* end = host.EndWriting() - 6;
+    bool base32 = true;
+    for (; cur < end && base32; ++cur) {
+      base32 = isalpha(*cur) || ('2' <= *cur && *cur <= '7');
+    }
+    return !base32;
+  }
+
+  return true;
 }
 
 void Document::SetHeaderData(nsAtom* aHeaderField, const nsAString& aData) {

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tor-commits mailing list