Closed Bug 800386 Opened 12 years ago Closed 12 years ago

Self signed certificates cannot be whitelisted with FoxyProxy Plus extension

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
14 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla19
Tracking Flags:
Tracking Status
firefox17 --- fixed
firefox18 --- fixed

People

(Reporter: gk, Assigned: bzbarsky)

References

Details

(Keywords: regression)

Attachments

(2 files, 1 obsolete file)

test.xpi
(deleted), application/octet-stream
Details
Fix getInterface from JS on XMLHttpRequest objects to actually work.
(deleted), patch
khuey
: review+
lsblakk
: approval-mozilla-aurora+
lsblakk
: approval-mozilla-beta+
Details | Diff | Splinter Review
Attached file test.xpi (deleted) — 
User Agent: Mozilla/5.0 (X11; Linux i686; rv:19.0) Gecko/19.0 Firefox/19.0
Build ID: 20121010030605

Steps to reproduce:

A user installed FoxyProxy Plus on a recent Firefox (16) and tried to whitelist self-signed certificates.


Actual results:

The user could not click on "Confirm Security Exception" (it was greyed out) and he got a 

"No information available
 Unable to obtain identification status for the given site." 

on the usual "Add Security Exception" dialog.

I tracked the issue down a bit: The last working nightly is the one from 2012-03-31 and the first broken one is from 2012-04-01. Furthermore, comparing the mozilla-central pushlog (http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=4c43cfe73516&tochange=4a8a5e8ef78b) and the one from mozilla-inbound it seems the culprit is http://hg.mozilla.org/mozilla-central/rev/bbe5086163c9 which results in the following bug range: http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=7bfb26afd19b&tochange=5b524a2b9ec1

Attached is a simple test case (extension) showing the issue. In order to reproduce it do the following:

1) Install the extension in a new profile in a recent Firefox (say 15.0.1)
2) Try to add a security exception for a site with a self-signed certificate (e.g. https://svn.jondos.de)


Expected results:

The user should be able to whitelist the sites with self-signed certificates.
OS: Linux → All
I confirm this issue. I must admit it is annoying to not be able to even whitelist if information is unknown. For example, if you have HP ILO access, you cannot even access the ILO as you cannot whitelist it.
The first bad revision is:
changeset:   90729:1bdb337e3136
user:        Peter Van der Beken <peterv@propagandism.org>
date:        Fri Mar 30 21:42:20 2012 -0700
summary:     Fix for bug 740069 (Generate JS bindings in C++ with a python scrip
t for DOM objects on the main thread and in workers. Infrastructure and new bind
ings for XMLHttpRequest). Patch by bent/bz/bholley/jst/khuey/peterv, r=bent/bz/b
holley/jlebar/khuey/peterv/sicking/smaug.
Blocks: 740069
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: regression
Well, what's foxyproxy doing to mess with that XHR?  ;)

Any exceptions in error console?
(In reply to Boris Zbarsky (:bz) from comment #3)
> Well, what's foxyproxy doing to mess with that XHR?  ;)
Well, we are following your advice :):
"(06:56:39 PM) bz: ericjung: how about just returning the original notificationCallbacks?
 (06:56:51 PM) bz: ericjung: if asked for an nsIBadCertListener/2?"
The code is part of hooking nsIAuthPrompt, nsIAuthPrompt2 and nsIAuthPromprProvider in order to replace some of their functionality with a custom one.
 
> Any exceptions in error console?
Only this one:

Timestamp: 13.10.2012 20:17:25
Error: Attempted to connect to a site with a bad certificate in the add exception dialog. This results in a (mostly harmless) exception being thrown. Logged for information purposes only: [Exception... "Failure"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://pippki/content/exceptionDialog.js :: checkCert :: line 135"  data: no]
Source File: chrome://pippki/content/exceptionDialog.js
Line: 143
Hmm.  So my first guess was bug 780529, but we fixed that in 16.

Then again, it might be a manifestation of the same issue.  What does the relevant foxyproxy code that sets up the notification callbacks and deal with nsIBadCertListener stuff look like?
(In reply to Boris Zbarsky (:bz) from comment #5)
> Then again, it might be a manifestation of the same issue.  What does the
> relevant foxyproxy code that sets up the notification callbacks and deal
> with nsIBadCertListener stuff look like?

This piece of FoxyProxy is not open-source. Is it possible to either secure this ticket or send you the relevant code in a non-public manner?
You can certainly send it directly to my e-mail address.  I _could_ mark the entire bug security-sensitive, but that's not quite what we want in general....
(In reply to Boris Zbarsky (:bz) from comment #7)
> You can certainly send it directly to my e-mail address.  I _could_ mark the
> entire bug security-sensitive, but that's not quite what we want in
> general....
No need for such a drastic measure. Especially as this is no security issue and other users/add-on developers may be affected by it as well. I just sent you an e-mail with the code.
Thanks.  Sorry for the lag; the upstream spam filters didn't like it...

So looking at your code, a question.  In your getInterface implementation, is it possible that the call through to getInterface on original notification callbacks is throwing?  It looks to me like if it did that exception would just get silently swallowed, maybe.
Anyway, trying it now with the attached test extension.
> is it possible that the call through to getInterface on original notification callbacks
> is throwing?

Yes, this is exactly what happens.  For some reason we can't seem to unwrap the argument to nsIJSIID.  Looking into why.
So we get into xpc_qsUnwrapArgImpl, wrapper is non-null and we have:

(gdb) p wrapper->mIdentity
$12 = (nsJSID *) 0x1106b5e40

But getInterface on XMLHttpRequest is declared to take "IID" and Bindings.conf says that maps to nsIJSIID.  And nsJSID does not implement nsIJSIID; it only implements nsIJSID.
Oh, and the XPCOM getInterface is declared as nsIIDRef which is then declared as:

[ref, nsid]   native nsIIDRef(nsIID);

Looking at XPCConvert, looks like XPCConvert::NativeData2JS in the nsXPTType::T_IID case uses xpc_NewIDObject, which calls nsJSID::NewID.  And going the other way, XPCConvert::JSData2Native in the nsXPTType::T_IID case does xpc_JSObjectToID, which basically also goes through nsIJSID.

All of which is to say we should be mapping IID to nsIJSID.  And we seriously need tests for this stuff.

        Attachment #671686 -
        Flags: review?(peterv)

    
    

    
  
Comment on attachment 671686 [details] [diff] [review]
This fixes the attached extension.  Tests coming up in a bit

Review of attachment 671686 [details] [diff] [review]:
-----------------------------------------------------------------

We were only one letter off!

        Attachment #671686 -
        Flags: review?(peterv) → review+

    
  

        Attachment #671686 -
        Attachment is obsolete: true

    
    

    
  
http://hg.mozilla.org/integration/mozilla-inbound/rev/c317ac04497a
Assignee: nobody → bzbarsky
Flags: in-testsuite+

    
    

    
  
Comment on attachment 671709 [details] [diff] [review]
Fix getInterface from JS on XMLHttpRequest objects to actually work.

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 740069 
User impact if declined: Some extensions cause various functionality (the
   certificate exception dialog in this case, but other things could break too)
   to break for XMLHttpRequest network loads.
Testing completed (on m-c, etc.): Passes attached unit test, fixes attached
   extension.
Risk to taking this patch (and alternatives if risky): Risk should be low.  The
   test checks that the getInterface that used to work before in 16 still
   continue to work.
String or UUID changes made by this patch: None.

        Attachment #671709 -
        Flags: approval-mozilla-beta?

        Attachment #671709 -
        Flags: approval-mozilla-aurora?

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/c317ac04497a
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla19

    
    

    
  
(In reply to Boris Zbarsky (:bz) from comment #13)
> Looking at XPCConvert, looks like XPCConvert::NativeData2JS in the
> nsXPTType::T_IID case uses xpc_NewIDObject, which calls nsJSID::NewID.  And
> going the other way, XPCConvert::JSData2Native in the nsXPTType::T_IID case
> does xpc_JSObjectToID, which basically also goes through nsIJSID.

This is probably because we only have one nsXPTType enum for both CID and IID (and they both get mapped to the native nsID type). We do have nsJSIID and nsJSCID classes too :-/.

    
    

    
  
> We do have nsJSIID and nsJSCID classes too :-/.

Yes, but both QI to nsIJSID, so this is fine here.

It does mean you can try to getInterface a CID, but that's life.

    
    

    
  
Comment on attachment 671709 [details] [diff] [review]
Fix getInterface from JS on XMLHttpRequest objects to actually work.

passes tests, low risk, approving for uplift.

        Attachment #671709 -
        Flags: approval-mozilla-beta?

        Attachment #671709 -
        Flags: approval-mozilla-beta+

        Attachment #671709 -
        Flags: approval-mozilla-aurora?

        Attachment #671709 -
        Flags: approval-mozilla-aurora+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: