Bug 1889130 - block http requests on 0.0.0.0 address. r=necko-reviewers,valentin,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D219041
2024-11-23 21:01:08 +00:00 · 2024-08-19 13:31:42 +00:00 · 2024-08-19 13:31:42 +00:00 · e32b3654e0
commit e32b3654e0
parent c2b1e09471
4 changed files with 20 additions and 0 deletions
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -12444,6 +12444,13 @@
  value: true
  mirror: always

+# Disable requests to 0.0.0.0
+# See Bug 1889130
+- name: network.socket.ip_addr_any.disabled
+  type: RelaxedAtomicBool
+  value: @IS_EARLY_BETA_OR_EARLIER@
+  mirror: always
+
 # Set true to allow resolving proxy for localhost
 - name: network.proxy.allow_hijacking_localhost
  type: RelaxedAtomicBool
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@ -241,6 +241,7 @@ static const char* gCallbackPrefsForSocketProcess[] = {
    "network.proxy.allow_hijacking_localhost",
    "network.connectivity-service.",
    "network.captive-portal-service.testMode",
+    "network.socket.ip_addr_any.disabled",
    nullptr,
 };

--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@ -1241,6 +1241,15 @@ nsresult nsSocketTransport::InitiateSocket() {
  if (gIOService->IsNetTearingDown()) {
    return NS_ERROR_ABORT;
  }
+
+  // Since https://github.com/whatwg/fetch/pull/1763,
+  // we need to disable access to 0.0.0.0 for non-test purposes
+  if (StaticPrefs::network_socket_ip_addr_any_disabled() &&
+      mNetAddr.IsIPAddrAny() && !mProxyTransparentResolvesHost) {
+    SOCKET_LOG(("connection refused NS_ERROR_CONNECTION_REFUSED\n"));
+    return NS_ERROR_CONNECTION_REFUSED;
+  }
+
  if (gIOService->IsOffline()) {
    if (StaticPrefs::network_disable_localhost_when_offline() || !isLocal) {
      return NS_ERROR_OFFLINE;
--- a/netwerk/test/unit/trr_common.js
+++ b/netwerk/test/unit/trr_common.js
@ -1027,6 +1027,7 @@ async function test_ipv4_trr_fallback() {
 async function test_no_retry_without_doh() {
  info("Bug 1648147 - if the TRR returns 0.0.0.0 we should not retry with DNS");
  Services.prefs.setBoolPref("network.trr.fallback-on-zero-response", false);
+  Services.prefs.setBoolPref("network.socket.ip_addr_any.disabled", false);

  async function test(url, ip) {
    setModeAndURI(2, `doh?responseIP=${ip}`);
@ -1073,6 +1074,8 @@ async function test_no_retry_without_doh() {
    await test(`http://unknown.ipv4.stuff:666/path`, "0.0.0.0");
    await test(`http://unknown.ipv6.stuff:666/path`, "::");
  }
+
+  Services.prefs.clearUserPref("network.socket.ip_addr_any.disabled");
 }

 async function test_connection_reuse_and_cycling() {