These constructors are unnecessary and can be defined with a `using` statement,
making it easier to change all constructors simultaneously.
Differential Revision: https://phabricator.services.mozilla.com/D153620
This improves consistency with the child process case, and will make it easier
to attach additional state without needing to thread it through every child
process callsite manually.
Differential Revision: https://phabricator.services.mozilla.com/D153619
This type is also used in other places to start non-initial actors, and will
allow us to attach additional state more easily without needing to thread it
through every child process callsite manually.
Differential Revision: https://phabricator.services.mozilla.com/D153618
We uninstall signal handlers in child processes after clone(), because
they probably won't do the right thing if invoked in that context.
However, the current code also resets signals which were ignored;
if that disposition was set by an outside program like `nohup`, the
expectation is that it should be inherited. This patch omits those
signals when resetting handlers (similar to what `exec` does).
Differential Revision: https://phabricator.services.mozilla.com/D151336
These tests set up an ECH server which will only negotiate http/1.1 in the TLS ALPN extension.
If the client doesn't send an ALPN offering at least http/1.1 the connection will fail with
SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL.
Differential Revision: https://phabricator.services.mozilla.com/D153368
The biggest set of APIs from ns[T]StringObsolete which are still heavily used
are the string searching APIs. It appears the intention was for these to be
replaced by the `FindInReadable` APIs, however that doesn't appear to have
happened.
In addition, the APIs have some quirks around their handling of mixed character
widths. These APIs generally supported both narrow strings and the native
string type, probably because char16_t string literals weren't available until
c++11. Finally they also used easy-to-confuse unlabeled boolean and integer
optional arguments to control behaviour.
These patches do the following major changes to the searching APIs:
1. The ASCII case-insensitive search method was split out as
LowerCaseFindASCII, rather than using a boolean. This should be less
error-prone and more explicit, and allows the method to continue to use
narrow string literals for all string types (as only ASCII is supported).
2. The other [R]Find methods were restricted to only support arguments with
matching character types. I considered adding a FindASCII method which would
use narrow string literals for both wide and narrow strings but it would've
been the same amount of work as changing all of the literals to unicode
literals.
This ends up being the bulk of the changes in the patch.
3. All find methods were re-implemented using std::basic_string_view's find
algorithm or stl algorithms to reduce code complexity, and avoid the need to
carry around the logic from nsStringObsolete.cpp.
4. The implementations were moved to nsTStringRepr.cpp.
5. An overload of Find was added to try to catch callers which previously
called `Find(..., false)` or `Find(..., true)` to set case-sensitivity, due
to booleans normally implicitly coercing to `index_type`. This should
probably be removed at some point, but may be useful during the transition.
Differential Revision: https://phabricator.services.mozilla.com/D148300
This patch moves EqualsIgnoreCase to ns[T]StringObsolete, and removes
the aCount argument, instead migrating callers to use `StringBeginsWith`
with a case-insensitive comparator.
In addition, nsTStringRepr::Compare was removed and replaced with either
calls to methods like `StringBeginsWith` or the global `Compare` method.
These changes required some modifications at call-sites but should make
the behaviour less surprising and more consistent.
Differential Revision: https://phabricator.services.mozilla.com/D148299
`strerror` is async signal unsafe, and we're using it in contexts where
that's a problem: in particular in the child process after `clone()`ing,
where it can deadlock if it takes locks the parents' other threads had
held (or cause other undefined behavior), but also in the SIGSYS handler
if it's nested inside an async signal. It's also thread-unsafe.
This is mostly a mechanical replacement with the new `SANDBOX_LOG_ERRNO`
or `SANDBOX_LOG_WITH_ERROR`; two messages had the error string in the
middle and have been adjusted.
Differential Revision: https://phabricator.services.mozilla.com/D152099
This adds two new logging macros, which are intended to be async signal
safe:
* `SANDBOX_LOG_ERRNO`, which appends the error similarly to `perror` but
uses the error identifier (e.g., `EINVAL` instead of `Invalid argument`).
Unlike `perror`, formatting directives are available as for `SANDBOX_LOG`.
* `SANDBOX_LOG_WITH_ERROR` is the same thing but the error number is the
first argument instead of using `errno`; this is useful for newer POSIX
APIs which return an error number.
This will be used in the next patch to replace the existing use of
`strerror`, which is not async signal safe (or thread-safe).
Differential Revision: https://phabricator.services.mozilla.com/D152098
Originally this was written for B2G and used the Android logging
facility, which (like syslog) includes a severity level. However, all
current usage is on desktop where we just write to stderr, and there was
never much demand to add support for any log levels besides "error".
More importantly for the current situation, renaming the macro to
`SANDBOX_LOG` avoids confusion between `SANDBOX_LOG_ERROR` and
`SANDBOX_LOG_ERRNO` (or `SANDBOX_LOG_ERROR_ERRNO` or whatever).
Differential Revision: https://phabricator.services.mozilla.com/D152097
Two minor things I noticed while converting the existing sandbox logging:
1. One call site was using %u, but that doesn't exist in this printf
dialect, only %d; signedness is determined by the actual argument
type via template magic.
2. POSIX functions that return an error number just return the number;
there was one place that was negating it before use, as if it had
come from the Linux syscall ABI.
Differential Revision: https://phabricator.services.mozilla.com/D152096
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This patch adds two new telemetry histograms which collect specific types
of TLS handshake seperately from existing handshakes.
- The conservative histogram tracks handshakes used for essential connections (e.g. update checks)
- The first-try histogram tracks all initial connection attempts. This allows us to identify issues that might otherwise be masked by our retry logic.
A single handshake may belong to more than one histogram. All handshakes belong to the root histogram.
As the histogram buckets are aligned, it is possible to derive new histograms from these stored results.
For example, as ECH GREASE is only used on first-try handshakes, the histogram from non-GREASE first-try
handshakes can be calculated by subtracting the entries in the GREASE histogram from the first-try histogram.
This patch also extends the existing handshake necko tests to verify that the telemetry is recorded correctly.
Telemetry checks don't run if networking is running on the socket process as the histograms are no longer
accessible.
Differential Revision: https://phabricator.services.mozilla.com/D150754
If nsNSSSocketInfo::mFd is nullptr, it means the connection has been closed.
This isn't an error, and ClientAuthCertificateSelected shouldn't assert if this
happens.
Differential Revision: https://phabricator.services.mozilla.com/D151962
Cleanup our entitlement files by removing entitlements that use the default setting of false.
production.entitlements.xml and developer.entitlements.xml are used today.
The browser and plugin-container entitlement lists will be used when we enable using different entitlements for parent and child processes.
Differential Revision: https://phabricator.services.mozilla.com/D151943
