1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsNamedPipeIOLayer.h"
#include "nsSOCKSSocketProvider.h"
#include "nsSOCKSIOLayer.h"
#include "nsCOMPtr.h"
#include "nsError.h"
using mozilla::OriginAttributes;
//////////////////////////////////////////////////////////////////////////
NS_IMPL_ISUPPORTS(nsSOCKSSocketProvider, nsISocketProvider)
nsresult nsSOCKSSocketProvider::CreateV4(nsISupports* aOuter, REFNSIID aIID,
void** aResult) {
nsresult rv;
nsCOMPtr<nsISocketProvider> inst =
new nsSOCKSSocketProvider(NS_SOCKS_VERSION_4);
if (!inst)
rv = NS_ERROR_OUT_OF_MEMORY;
else
rv = inst->QueryInterface(aIID, aResult);
return rv;
}
nsresult nsSOCKSSocketProvider::CreateV5(nsISupports* aOuter, REFNSIID aIID,
void** aResult) {
nsresult rv;
nsCOMPtr<nsISocketProvider> inst =
new nsSOCKSSocketProvider(NS_SOCKS_VERSION_5);
if (!inst)
rv = NS_ERROR_OUT_OF_MEMORY;
else
rv = inst->QueryInterface(aIID, aResult);
return rv;
}
// Per-platform implemenation of OpenTCPSocket helper function
// Different platforms have special cases to handle
#if defined(XP_WIN)
// The proxy host on Windows may be a named pipe uri, in which
// case a named-pipe (rather than a socket) should be returned
static PRFileDesc* OpenTCPSocket(int32_t family, nsIProxyInfo* proxy) {
PRFileDesc* sock = nullptr;
nsAutoCString proxyHost;
proxy->GetHost(proxyHost);
if (IsNamedPipePath(proxyHost)) {
sock = CreateNamedPipeLayer();
} else {
sock = PR_OpenTCPSocket(family);
}
return sock;
}
#elif defined(XP_UNIX)
// The proxy host on UNIX systems may point to a local file uri
// in which case we should create an AF_LOCAL (UNIX Domain) socket
// instead of the requested AF_INET or AF_INET6 socket.
// Normally,this socket would get thrown out and recreated later on
// with the proper family, but we want to do it early here so that
// we can enforce seccomp policy to blacklist socket(AF_INET) calls
// to prevent the content sandbox from creating network requests
static PRFileDesc* OpenTCPSocket(int32_t family, nsIProxyInfo* proxy) {
nsAutoCString proxyHost;
proxy->GetHost(proxyHost);
if (StringBeginsWith(proxyHost, "file://"_ns)) {
family = AF_LOCAL;
}
return PR_OpenTCPSocket(family);
}
#else
// Default, pass-through to PR_OpenTCPSocket
static PRFileDesc* OpenTCPSocket(int32_t family, nsIProxyInfo*) {
return PR_OpenTCPSocket(family);
}
#endif
NS_IMETHODIMP
nsSOCKSSocketProvider::NewSocket(int32_t family, const char* host, int32_t port,
nsIProxyInfo* proxy,
const OriginAttributes& originAttributes,
uint32_t flags, uint32_t tlsFlags,
PRFileDesc** result, nsISupports** socksInfo) {
PRFileDesc* sock = OpenTCPSocket(family, proxy);
if (!sock) {
return NS_ERROR_OUT_OF_MEMORY;
}
nsresult rv = nsSOCKSIOLayerAddToSocket(family, host, port, proxy, mVersion,
flags, tlsFlags, sock, socksInfo);
if (NS_SUCCEEDED(rv)) {
*result = sock;
return NS_OK;
}
return NS_ERROR_SOCKET_CREATE_FAILED;
}
NS_IMETHODIMP
nsSOCKSSocketProvider::AddToSocket(int32_t family, const char* host,
int32_t port, nsIProxyInfo* proxy,
const OriginAttributes& originAttributes,
uint32_t flags, uint32_t tlsFlags,
PRFileDesc* sock, nsISupports** socksInfo) {
nsresult rv = nsSOCKSIOLayerAddToSocket(family, host, port, proxy, mVersion,
flags, tlsFlags, sock, socksInfo);
if (NS_FAILED(rv)) rv = NS_ERROR_SOCKET_CREATE_FAILED;
return rv;
}
|