Bug 1649813 test dns api failure when forwarding dns to socks proxy r=mayhemer,necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D83006
2025-02-28 21:28:55 +00:00 · 2020-07-23 18:50:49 +00:00 · 2020-07-23 18:50:49 +00:00 · 2369b54b63
commit 2369b54b63
parent 6c48b4e2a1
7 changed files with 85 additions and 11 deletions
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@ -1048,6 +1048,12 @@ nsresult nsSocketTransport::ResolveHost() {
  dnsFlags |= nsIDNSService::GetFlagsFromTRRMode(
      nsISocketTransport::GetTRRModeFromFlags(mConnectionFlags));

+  // When we get here, we are not resolving using any configured proxy likely
+  // because of individual proxy setting on the request or because the host is
+  // excluded from proxying.  Hence, force resolution despite global proxy-DNS
+  // configuration.
+  dnsFlags |= nsIDNSService::RESOLVE_IGNORE_SOCKS_DNS;
+
  NS_ASSERTION(!(dnsFlags & nsIDNSService::RESOLVE_DISABLE_IPV6) ||
                   !(dnsFlags & nsIDNSService::RESOLVE_DISABLE_IPV4),
               "Setting both RESOLVE_DISABLE_IPV6 and RESOLVE_DISABLE_IPV4");
--- a/netwerk/dns/nsDNSService2.cpp
+++ b/netwerk/dns/nsDNSService2.cpp
@ -684,9 +684,8 @@ nsresult nsDNSService::ReadPrefs(const char* name) {
    }
  }
  if (!name || !strcmp(name, kPrefNetworkProxySOCKS)) {
-    if (NS_SUCCEEDED(Preferences::GetUint(kPrefNetworkProxySOCKS, &tmpint))) {
-      nsAutoCString socks;
-      Preferences::GetCString(kPrefNetworkProxySOCKS, socks);
+    nsAutoCString socks;
+    if (NS_SUCCEEDED(Preferences::GetCString(kPrefNetworkProxySOCKS, socks))) {
      mHasSocksProxy = !socks.IsEmpty();
    }
  }
@ -826,7 +825,12 @@ nsDNSService::SetPrefetchEnabled(bool inVal) {
  return NS_OK;
 }

-bool nsDNSService::DNSForbiddenByActiveProxy(const nsACString& aHostname) {
+bool nsDNSService::DNSForbiddenByActiveProxy(const nsACString& aHostname,
+                                             uint32_t flags) {
+  if (flags & nsIDNSService::RESOLVE_IGNORE_SOCKS_DNS) {
+    return false;
+  }
+
  // We should avoid doing DNS when a proxy is in use.
  PRNetAddr tempAddr;
  if (StaticPrefs::network_proxy_type() ==
@ -912,7 +916,7 @@ nsresult nsDNSService::AsyncResolveInternal(
    return NS_ERROR_INVALID_ARG;
  }

-  if (DNSForbiddenByActiveProxy(aHostname)) {
+  if (DNSForbiddenByActiveProxy(aHostname, flags)) {
    // nsHostResolver returns NS_ERROR_UNKNOWN_HOST for lots of reasons.
    // We use a different error code to differentiate this failure and to make
    // it clear(er) where this error comes from.
@ -1220,7 +1224,7 @@ nsresult nsDNSService::ResolveInternal(
    flags |= RESOLVE_OFFLINE;
  }

-  if (DNSForbiddenByActiveProxy(aHostname)) {
+  if (DNSForbiddenByActiveProxy(aHostname, flags)) {
    return NS_ERROR_UNKNOWN_PROXY_HOST;
  }

--- a/netwerk/dns/nsDNSService2.h
+++ b/netwerk/dns/nsDNSService2.h
@ -73,7 +73,7 @@ class nsDNSService final : public nsPIDNSService,
                           const mozilla::OriginAttributes& aOriginAttributes,
                           nsIDNSRecord** result);

-  bool DNSForbiddenByActiveProxy(const nsACString& aHostname);
+  bool DNSForbiddenByActiveProxy(const nsACString& aHostname, uint32_t flags);

  RefPtr<nsHostResolver> mResolver;
  nsCOMPtr<nsIIDNService> mIDN;
--- a/netwerk/dns/nsIDNSService.idl
+++ b/netwerk/dns/nsIDNSService.idl
@ -404,6 +404,12 @@ interface nsIDNSService : nsISupports
    }
 %}

+    /**
+     * Force resolution even when SOCKS proxy with DNS forwarding is configured.
+     * Only to be used for the proxy host resolution.
+     */
+    const unsigned long RESOLVE_IGNORE_SOCKS_DNS = 1 << 13;
+
    /**
     * This ure dns request types that are currently supported.
     * RESOLVE_TYPE_DEFAULT is standard A/AAAA lookup
--- a/netwerk/socket/nsSOCKSIOLayer.cpp
+++ b/netwerk/socket/nsSOCKSIOLayer.cpp
@ -468,9 +468,9 @@ PRStatus nsSOCKSSocketInfo::StartDNS(PRFileDesc* fd) {
  mozilla::OriginAttributes attrs;

  mFD = fd;
-  nsresult rv = dns->AsyncResolveNative(proxyHost, 0, this,
-                                        mozilla::GetCurrentEventTarget(), attrs,
-                                        getter_AddRefs(mLookup));
+  nsresult rv = dns->AsyncResolveNative(
+      proxyHost, nsIDNSService::RESOLVE_IGNORE_SOCKS_DNS, this,
+      mozilla::GetCurrentEventTarget(), attrs, getter_AddRefs(mLookup));

  if (NS_FAILED(rv)) {
    LOGERROR(("socks: DNS lookup for SOCKS proxy %s failed", proxyHost.get()));
--- a/toolkit/components/extensions/test/xpcshell/test_ext_dns.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_dns.js
@ -4,14 +4,29 @@
 // off to get consistent test results.
 Services.prefs.setBoolPref("network.dns.disableIPv6", true);

+AddonTestUtils.init(this);
+AddonTestUtils.overrideCertDB();
+
+AddonTestUtils.createAppInfo(
+  "xpcshell@tests.mozilla.org",
+  "XPCShell",
+  "1",
+  "42"
+);
+
 function getExtension(background = undefined) {
  let manifest = {
-    permissions: ["dns"],
+    permissions: ["dns", "proxy"],
  };
  return ExtensionTestUtils.loadExtension({
    manifest,
    background() {
      browser.test.onMessage.addListener(async (msg, data) => {
+        if (msg == "proxy") {
+          await browser.proxy.settings.set({ value: data });
+          browser.test.sendMessage("proxied");
+          return;
+        }
        browser.test.log(`=== dns resolve test ${JSON.stringify(data)}`);
        browser.dns
          .resolve(data.hostname, data.flags)
@ -28,6 +43,8 @@ function getExtension(background = undefined) {
      });
      browser.test.sendMessage("ready");
    },
+    incognitoOverride: "spanning",
+    useAddonManager: "temporary",
  });
 }

@ -79,6 +96,10 @@ const tests = [
  },
 ];

+add_task(async function startup() {
+  await AddonTestUtils.promiseStartupManager();
+});
+
 add_task(async function test_dns_resolve() {
  let extension = getExtension();
  await extension.startup();
@ -117,3 +138,39 @@ add_task(async function test_dns_resolve() {

  await extension.unload();
 });
+
+add_task(async function test_dns_resolve_socks() {
+  let extension = getExtension();
+  await extension.startup();
+  await extension.awaitMessage("ready");
+  extension.sendMessage("proxy", {
+    proxyType: "manual",
+    socks: "127.0.0.1",
+    socksVersion: 5,
+    proxyDNS: true,
+  });
+  await extension.awaitMessage("proxied");
+  equal(
+    Services.prefs.getIntPref("network.proxy.type"),
+    1 /* PROXYCONFIG_MANUAL */,
+    "manual proxy"
+  );
+  equal(
+    Services.prefs.getStringPref("network.proxy.socks"),
+    "127.0.0.1",
+    "socks proxy"
+  );
+  ok(
+    Services.prefs.getBoolPref("network.proxy.socks_remote_dns"),
+    "socks remote dns"
+  );
+  extension.sendMessage("resolve", {
+    hostname: "mozilla.org",
+  });
+  let result = await extension.awaitMessage("resolved");
+  ok(
+    /NS_ERROR_UNKNOWN_PROXY_HOST/.test(result.message),
+    `expected error ${result.message}`
+  );
+  await extension.unload();
+});
--- a/toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
+++ b/toolkit/components/extensions/test/xpcshell/xpcshell-common.ini
@ -63,6 +63,7 @@ skip-if = os == 'android' && debug # The generated script takes too long to load
 skip-if = appname == "thunderbird" || os == "android" # Containers are not exposed to android.
 [test_ext_debugging_utils.js]
 [test_ext_dns.js]
+skip-if = socketprocess_networking
 [test_ext_downloads.js]
 [test_ext_downloads_download.js]
 skip-if = appname == "thunderbird" || os == "android" || tsan # tsan: bug 1612707