Commit 451ec3d3 authored by Mike Perry's avatar Mike Perry Committed by Alex Catarineu
Browse files

Bug 13028: Prevent potential proxy bypass cases.

It looks like these cases should only be invoked in the NSS command line
tools, and not the browser, but I decided to patch them anyway because there
literally is a maze of network function pointers being passed around, and it's
very hard to tell if some random code might not pass in the proper proxied
versions of the networking code here by accident.
parent 7c560f0b
......@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
PRNetAddr addr;
char *netdbbuf = NULL;
// XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
// we want to ensure nothing can ever hit this code in production.
#if 1
printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", host,
port);
goto loser;
#endif
sock = PR_NewTCPSocket();
if (sock == NULL)
goto loser;
......
......@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(
plContext),
PKIX_COULDNOTCREATESOCKETOBJECT);
// XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
// we want to ensure nothing can ever hit this code in production.
#if 1
printf("Tor Browser BUG: Attempted pkix direct socket connect\n");
PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
#endif
socket->isServer = isServer;
socket->timeout = timeout;
socket->clientSock = NULL;
......@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(
localCopyName = PL_strdup(serverName);
// XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
// we want to ensure nothing can ever hit this code in production.
#if 1
printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", serverName);
PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
#endif
sepPtr = strchr(localCopyName, ':');
/* First strip off the portnum, if present, from the end of the name */
if (sepPtr) {
......@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(
PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
// XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
// we want to ensure nothing can ever hit this code in production.
#if 1
printf("Tor Browser BUG: Attempted pkix direct connect to %s, port %u\n", hostname,
portnum);
PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
#endif
prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment