Firefox doesn't provide firstPartyDomain on "New Tor Circuit for this Site" request
I ran into a bug where I clicked "New Tor Circuit for this Site" and the page reloaded using the same circuit (3865). The torbutton log implies Firefox doesn't correctly set the firstPartyDomain on the channel's properties (loadInfo, originAttributes) - I'm not sure which level had the problem. The torbutton logs show the sequence of events - notice the domain (trac) and the original nounce used for the site, and then notice the proxy channel filter is passed an unknown firstPartyDomain when I tried switching circuits:
[03-28 17:03:28] Torbutton INFO: New tab
[03-28 17:03:28] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:03:28] Torbutton INFO: controlPort >> 650 STREAM 39278 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38254 PURPOSE=USER
[03-28 17:03:28] Torbutton INFO: controlPort >> 650 STREAM 39278 SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:28] Torbutton INFO: streamEvent.CircuitID: 3865
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 REMAP 3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 SUCCEEDED 3865 138.201.212.227:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39278 CLOSED 3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38256 PURPOSE=USER
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 REMAP 3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 SUCCEEDED 3865 138.201.212.227:443
[03-28 17:03:29] Torbutton INFO: controlPort >> 650 STREAM 39279 CLOSED 3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:32] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38258 PURPOSE=USER
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 REMAP 3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 SUCCEEDED 3865 138.201.212.227:443
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39280 CLOSED 3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39281 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38260 PURPOSE=USER
[03-28 17:03:32] Torbutton INFO: controlPort >> 650 STREAM 39281 SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 REMAP 3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 SUCCEEDED 3865 138.201.212.227:443
[03-28 17:03:33] Torbutton INFO: controlPort >> 650 STREAM 39281 CLOSED 3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[snip]
[03-28 17:04:03] Torbutton INFO: New domain isolation for --unknown--: 8050476313eb51e2e698bddad28e1d15
[03-28 17:04:03] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/newticket via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39283 CLOSED 3792 172.217.18.206:443 REASON=DONE
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:38276 PURPOSE=USER
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 SENTCONNECT 3865 trac.torproject.org:443
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 REMAP 3865 138.201.212.227:443 SOURCE=EXIT
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 SUCCEEDED 3865 138.201.212.227:443
[03-28 17:04:03] Torbutton INFO: controlPort >> 650 STREAM 39289 CLOSED 3865 138.201.212.227:443 REASON=END REMOTE_REASON=CONNRESET
[03-28 17:04:30] Torbutton INFO: New domain isolation for --unknown--: 643c176b3ed8d038229f3b6ce9c10cd4
[03-28 17:04:30] Torbutton INFO: tor SOCKS: https://torproject.org/ via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39292 CLOSED 3704 192.225.209.8:443 REASON=DONE
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 NEW 0 torproject.org:443 SOURCE_ADDR=127.0.0.1:38286 PURPOSE=USER
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 SENTCONNECT 3865 torproject.org:443
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 FAILED 3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:04:31] Torbutton INFO: controlPort >> 650 STREAM 39294 CLOSED 3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:05:02] Torbutton DBUG: Got timer update, but no cookie change.
[03-28 17:05:26] Torbutton INFO: New domain isolation for --unknown--: 1583ecd186f48592820fc9b4603601c9
[03-28 17:05:26] Torbutton INFO: tor SOCKS: https://torproject.org/ via
torproject.org:ae43235c5b01564fe80ca9c1c819e50d
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39297 CLOSED 3792 172.217.18.206:443 REASON=DONE
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 NEW 0 torproject.org:443 SOURCE_ADDR=127.0.0.1:38294 PURPOSE=USER
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 SENTCONNECT 3865 torproject.org:443
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 FAILED 3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED
[03-28 17:05:26] Torbutton INFO: controlPort >> 650 STREAM 39298 CLOSED 3865 torproject.org:443 REASON=END REMOTE_REASON=CONNECTREFUSED(I happened to get an exit in Turkey, and it seems like the ISP is sending a RESET when connecting to torproject.org)
I think this bug is being triggered because torbutton is doing this:
let channel = aChannel.QueryInterface(Ci.nsIChannel),
proxy = aProxy.QueryInterface(Ci.nsIProxyInfo),
firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;
if (firstPartyDomain === "") {
firstPartyDomain = "--unknown--";
[...]
}
let replacementProxy = tor.socksProxyCredentials(aProxy, firstPartyDomain);So the new proxy is for the "--unknown--" domain. So the obvious question, why isn't firstPartyDomain set when:
void
nsProtocolProxyService::ApplyFilters(nsIChannel *channel,
const nsProtocolInfo &info,
nsIProxyInfo **list)
{
[...]
for (FilterLink *iter = mFilters; iter; iter = iter->next) {
PruneProxyInfo(info, list);
nsresult rv = NS_OK;
if (iter->filter) {
[...]
} else if (iter->channelFilter) {
rv = iter->channelFilter->ApplyFilter(this, channel, *list,
getter_AddRefs(result));
}nsProtocolProxyService::ApplyFilters() calls channelFilter->ApplyFilter() (netwerk/base/nsProtocolProxyService.cpp:2034)?
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information