Ensure that TLS session tickets are only consumed if storage checks on the channel pass

RESOLVED FIXED in Firefox 68

Status

()

defect
P2
normal
RESOLVED FIXED
9 months ago
20 days ago

People

(Reporter: Atoll, Assigned: Ehsan)

Tracking

(Blocks 1 bug, {sec-want})

unspecified
mozilla68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

(Whiteboard: [necko-triaged][adv-main68-])

Attachments

(1 attachment, 1 obsolete attachment)

https://arxiv.org/abs/1810.07304 documents a manner in which TLS session tickets of significant duration (such as Firefox, which seems to specify a default of 48 hours) can be used to track users.

Please review this default in light of this study and, if deemed appropriate, select a new default.
Keywords: sec-want
While lowering the validity time certainly helps, but that's not the right way to fix this problem.  The right way is to ensure that session resumption hooks into our storage checks.  That is, we only attempt to save the TLS session ticket when the channel has access to storage.

In order to address this, we should probably add a check to nsContentPolicy::StorageAllowedForChannel() somewhere before the TLS session ticket is consumed.  Also, we need tests!  A good place for adding the tests would be in toolkit/components/antitracking where we have infrastructure for writing these types of tests.

By doing this, we would ensure that for example, with our new cookie policy to block cookies from trackers, trackers would become unable to track the user using TLS session tickets.
Component: General → Networking
Product: Firefox → Core
Summary: Please review default TLS session ticket maximum lifetime of 2 days → Ensure that TLS session tickets are only consumed if storage checks on the channel pass
It seems like we should fix this before proceeding with bug 1428901.
Assignee: nobody → michal.novotny
Blocks: 1428901
Priority: -- → P2
Whiteboard: [necko-triaged]
Thanks, fixing this would be much appreciated from a privacy perspective.
(In reply to Valentin Gosu [:valentin] from comment #2)
> It seems like we should fix this before proceeding with bug 1428901.

It depends whether we'll decide to ship external TLS session cache, which we're not sure yet. If yes, then the check could be part of the patch in bug 1428901. If you think this is a serious problem that must be fixed regardless the status of bug 1428901, then it needs to be done somewhere in NSS code and it's not a necko bug.
(In reply to Michal Novotny [:michal] from comment #4)
> (In reply to Valentin Gosu [:valentin] from comment #2)
> > It seems like we should fix this before proceeding with bug 1428901.
> 
> It depends whether we'll decide to ship external TLS session cache, which
> we're not sure yet. If yes, then the check could be part of the patch in bug
> 1428901.

Of course, before we do the work in that bug fixing this issue in that sense doesn't make sense.

> If you think this is a serious problem that must be fixed
> regardless the status of bug 1428901, then it needs to be done somewhere in
> NSS code and it's not a necko bug.

This is an existing issue, yes.  Please see the paper in comment 0.

I think NSS already exposes the needed APIs though, it's a matter of using them in Necko as far as I can tell.  The way I was thinking of doing this would be to add an nsISocketProvider flag (e.g. NO_SESSION_TICKETS) and set it when nsContentPolicy::StorageAllowedForChannel() returns false, and in nsSSLIOLayerSetOptions() or somewhere around there call SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false) if it's set (I don't know this code well so I'm probably somewhat wrong here...)

In fact, there is nsISocketProvider::NO_PERMANENT_STORAGE which is really what this should be tied to semantically, I think (even though the data isn't written to the permanent storage, the impact is basically the same.)  Perhaps the right thing to do is to reuse that flag, change <https://searchfox.org/mozilla-central/rev/9cb3e241502a2d47e2d5057ca771324a446b6695/netwerk/protocol/http/nsHttpChannel.cpp#608> to set it based on the rest of StorageAllowedForChannel() (which already takes into account whether the channel is for private browsing) and set the SSL_ENABLE_SESSION_TICKETS flag based on that later in nsSSLIOLayerSetOptions().

Am I completely off track hee?
Posted patch wip patch (obsolete) — Splinter Review
Ehsan, did you mean something like this? It seems to work, but I have no idea how to write a test for it.
Attachment #9023809 - Flags: feedback?(ehsan)
Comment on attachment 9023809 [details] [diff] [review]
wip patch

Review of attachment 9023809 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for the patch, this is exactly what I had in mind.

In order to write a test for this, you should probably use a mochitest of some variant (browser-chrome, plain, etc.)  I'd start with browser-chrome personally since you have the most control that way.

By calling UrlClassifierTestUtils.addTestTrackers() you can get some test domains set up as test trackers.  After that, https://tracking.example.org will be available as a tracking origin.  Then you can have your test open a page with an iframe pointing to https://tracking.example.org and then verify that the session tickets aren't recorded.  That last part of course I don't know how to do but I think you're probably familiar with that part.

There are some existing tests that you can use as examples in the tree, for example see this one: https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/test/browser/browser_onBeforeRequestNotificationForTrackingResources.js.  This is a more complex test: https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/test/browser/browser_subResources.js.  And another complex one: https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/test/browser/browser_script.js.

Let me know if you had any questions or needed help!  :-)

::: netwerk/protocol/http/nsHttpChannel.cpp
@@ +605,5 @@
>      }
>  
>      // Finalize ConnectionInfo flags before SpeculativeConnect
>      mConnectionInfo->SetAnonymous((mLoadFlags & LOAD_ANONYMOUS) != 0);
> +    mConnectionInfo->SetPrivate(nsContentUtils::StorageAllowedForChannel(this) !=

Nit:
  nsContentUtils::StorageAllowedForChannel(this) <
    nsContentUtils::StorageAccess::eAllow

please.

::: security/manager/ssl/nsNSSIOLayer.cpp
@@ +2661,5 @@
>      return NS_ERROR_FAILURE;
>    }
>  
> +  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
> +    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false)) {

This looks right based on my understanding of the NSS API.  :-)
Attachment #9023809 - Flags: feedback?(ehsan) → feedback+
(In reply to :Ehsan Akhgari from comment #7)
> Then you can have your test open a page with an iframe pointing to 
> https://tracking.example.org and then verify that the session tickets aren't
> recorded.  That last part of course I don't know how to do but I think
> you're probably familiar with that part.

Not really. I tested it manually so that I used SSL_SetResumptionTokenCallback to get the resumption token and in the callback I checked that the connection didn't have nsISocketTransport::NO_PERMANENT_STORAGE flag set. But that's not something we can use in automated test. AFAICS it's not possible to get information that a token was stored into internal SSL cache directly, e.g. from SSLChannelInfo. However, we can make another request without the private flag and because the token was not stored this connection cannot be resumed (of course the tracker must have an unique domain which isn't used by any other test to ensure that the token hasn't been cached earlier). But I'm not sure how to propagate SSLChannelInfo.resumed to JS and if it's a good idea to add a code for doing this because it would be used only by this test. The best would be if the server could add a custom response head that would tell us whether the connection was resumed, but I don't know how easy is to add this functionality to the testing server.

Martin, do you have any other idea?
Flags: needinfo?(martin.thomson)
If you have the callback set, NSS won't store the session ticket.  So that reduces this to querying SSLChannelInfo.resumed, as you say.

We have nsISSLSocketControl, which exposes similar information (like whether we have early data).  Exposing whether the socket was resumed on that interface is fairly straightforward.  Start here: https://searchfox.org/mozilla-central/rev/7f7c353e969e61a6a85201cc8ad3c3de12ac30d8/security/manager/ssl/nsNSSCallbacks.cpp#739
Flags: needinfo?(martin.thomson)
In order to get a tracker with a unique domain that isn't used by any other test, I suggest to add a new entry to server-locations.txt like this patch does: <https://hg.mozilla.org/mozilla-central/rev/b42a2be64f71#l4.21> (you can call it bug-1500533-dont-use-it-elsewhere-tracking.example.org!) and then add corresponding entries to this function for it <https://hg.mozilla.org/mozilla-central/rev/b42a2be64f71#l7.7>.  You'll need to run https://searchfox.org/mozilla-central/source/build/pgo/genpgocert.py locally and check in the results (the file changes in build/pgo/certs) in order to get the mochitest proxy server to get the updated TLS cert with the new hostname.

Any updates here, Michal? Thanks!

I still doesn't have the test for this. I hope I could get to it soon.

Depends on: 1542835

FWIW if you wanted to hand off the test part to me, I'd be happy to help out if you can give me some guidance on how to test the code changes on your side. :-)

(In reply to :Ehsan Akhgari from comment #13)

FWIW if you wanted to hand off the test part to me, I'd be happy to help out if you can give me some guidance on how to test the code changes on your side. :-)

Thanks, that would be helpful because so far I had no success writing the test. To find out whether the connection was resumed I need the channel and in onStartRequest I check channel.securityInfo.QueryInterface(Ci.nsISSLSocketControl).resumed. We need to do 3 requests in a row with the same URI (with an unique domain name that isn't used by other test) and only the first request shouldn't be allowed to access the storage. Only the last channel should have set resumed to true. I'm not sure how to use the antitracking framework for the test. I tried to create the channels using NetUtil.newChannel(), but I was not able to create a channel that would not be allowed to access the storage.

So it turns out that nsContentUtils::StorageAllowedForChannel() isn't a suitable API here, since it notifies the control centre UI unconditionally. The result of the WIP patch attached here is that any third-party tracker URL present on the page would now get marked as "blocked" in the control centre. We need to use the lower-level AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor() API instead.

(In reply to Michal Novotny [:michal] from comment #14)

(In reply to :Ehsan Akhgari from comment #13)

FWIW if you wanted to hand off the test part to me, I'd be happy to help out if you can give me some guidance on how to test the code changes on your side. :-)

Thanks, that would be helpful because so far I had no success writing the test. To find out whether the connection was resumed I need the channel and in onStartRequest I check channel.securityInfo.QueryInterface(Ci.nsISSLSocketControl).resumed. We need to do 3 requests in a row with the same URI (with an unique domain name that isn't used by other test) and only the first request shouldn't be allowed to access the storage. Only the last channel should have set resumed to true. I'm not sure how to use the antitracking framework for the test. I tried to create the channels using NetUtil.newChannel(), but I was not able to create a channel that would not be allowed to access the storage.

Thanks for the suggestion. I tried that and it didn't actually work, not quite sure why. The resumed boolean comes out as false for the third load too, just like the first and second one, even though we set the private flag on the connections correctly. Could it be because ssltunnel which is used in our tests doesn't support the TLS session resumption feature properly?

Thinking about what else could be used to test this, I realized that the private bit on the connection info object is also used to construct the connection info hash key, and using that I could check in the test that the hash key for the first connection is different to the second and third one. I'm gonna submit a patch with both checks in the test even though the first one doesn't pass yet, I'd appreciate if you can let me know if you have any suggestions on how we can improve the first check, but in the worse case I can rip that out and land the patch just with the second check.

Attachment #9023809 - Attachment is obsolete: true
Assignee: michal.novotny → ehsan
See Also: → 1535697
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/acb04833e713
Ensure that TLS session resumption tickets are only consumed if the channel isn't isolated by anti-tracking checks; r=michal,baku

Backed out for Assertion failure in nsHttpChannel.cpp

Push that started the failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=superseded%2Ctestfailed%2Cbusted%2Cexception%2Crunnable&revision=acb04833e713061274e2f2221aa0b84cf2c2a8ab&selectedJob=239753009

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=239753009&repo=autoland&lineNumber=40454

Backout: https://hg.mozilla.org/integration/autoland/rev/7121d81a533f60c719a20612869a79b2f22e42c9

20:00:03 INFO - TEST-START | testing/firefox-ui/tests/functional/sessionstore/test_restore_windows_after_restart_and_quit.py TestSessionStoreDisabled.test_restore_with_restart

20:00:22 INFO - Assertion failure: isIsolated, at /builds/worker/workspace/build/src/netwerk/protocol/http/nsHttpChannel.cpp:630
20:00:22 INFO - #01: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x697e3c]
20:00:22 INFO - #02: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6c0063]
20:00:22 INFO - #03: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6c022a]
20:00:22 INFO - #04: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6be891]
20:00:22 INFO - #05: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6c12b2]
20:00:22 INFO - #06: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x2cdb92]
20:00:22 INFO - #07: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x2cb451]
20:00:22 INFO - #08: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x290a5d]
20:00:22 INFO - #09: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x29079f]
20:00:22 INFO - #10: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x2903cf]
20:00:22 INFO - #11: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x297731]
20:00:22 INFO - #12: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x296904]
20:00:22 INFO - #13: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x2977aa]
20:00:22 INFO - #14: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6ae063]
20:00:22 INFO - #15: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6bd5f5]
20:00:22 INFO - #16: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x6bd04c]
20:00:22 INFO - #17: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x64693d]
20:00:22 INFO - #18: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x646697]
20:00:22 INFO - #19: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x68c8fb]
20:00:22 INFO - #20: nsXPTCStubBase::Stub249()[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x68aff1]
20:00:22 INFO - #21: NS_NewLocalFileWithCFURL[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x153ed0]
20:00:22 INFO - #22: NS_NewLocalFileWithCFURL[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x150de1]
20:00:22 INFO - #23: mac_plugin_interposing_child_OnShowCursor[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x3cb23bf]
20:00:22 INFO - #24: mac_plugin_interposing_child_OnShowCursor[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x3d29d59]
20:00:22 INFO - #25: CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION[/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation +0x80a01]
20:00:22 INFO - #26: __CFRunLoopDoSources0[/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation +0x72b8d]
20:00:22 INFO - #27: __CFRunLoopRun[/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation +0x721bf]
20:00:22 INFO - #28: CFRunLoopRunSpecific[/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation +0x71bd8]
20:00:22 INFO - #29: RunCurrentEventLoopInMode[/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox +0x3256f]
20:00:22 INFO - #30: ReceiveNextEventCommon[/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox +0x322ea]
20:00:22 INFO - #31: _BlockUntilNextEventMatchingListInModeWithFilter[/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox +0x3212b]
20:00:22 INFO - #32: _DPSNextEvent[/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x918ab]
20:00:22 INFO - #33: -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:][/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x90e58]
20:00:22 INFO - #34: mac_plugin_interposing_child_OnShowCursor[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x3d28cfe]
20:00:22 INFO - #35: -[NSApplication run][/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit +0x86af3]
20:00:22 INFO - #36: mac_plugin_interposing_child_OnShowCursor[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x3d2a6ef]
20:00:22 INFO - #37: workerlz4_maxCompressedSize[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x5378bbe]
20:00:22 INFO - #38: RecordReplayInterface_DefineRecordReplayControlObject[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x5500f4c]
20:00:22 INFO - #39: RecordReplayInterface_DefineRecordReplayControlObject[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x5501cff]
20:00:22 INFO - #40: RecordReplayInterface_DefineRecordReplayControlObject[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/XUL +0x5502c9c]
20:00:22 INFO - #41: ???[/Users/cltbld/tasks/task_1555012452/build/application/Firefox NightlyDebug.app/Contents/MacOS/firefox +0xf26]
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - Exiting due to channel error.
20:00:22 INFO - mozcrash Downloading symbols from: https://queue.taskcluster.net/v1/task/McZe3kwhSnGPO-MB01TBSg/artifacts/public/build/target.crashreporter-symbols.zip
20:00:27 INFO - mozcrash Copy/paste: /Users/cltbld/tasks/task_1555012452/build/macosx64-minidump_stackwalk /Users/cltbld/tasks/task_1555012452/build/tmpMb7Qwv.mozrunner/minidumps/49230F94-EDCC-4346-B7CC-5B0CB92DFA49.dmp /var/folders/qk/v16d71y15mj0d95n6yxtm85m00000x/T/tmpd5i31p
20:00:35 INFO - mozcrash Saved minidump as /Users/cltbld/tasks/task_1555012452/build/blobber_upload_dir/49230F94-EDCC-4346-B7CC-5B0CB92DFA49.dmp
20:00:35 INFO - mozcrash Saved app info as /Users/cltbld/tasks/task_1555012452/build/blobber_upload_dir/49230F94-EDCC-4346-B7CC-5B0CB92DFA49.extra
20:00:35 INFO - PROCESS-CRASH | testing/firefox-ui/tests/functional/sessionstore/test_restore_windows_after_restart_and_quit.py TestSessionStoreDisabled.test_restore_with_restart | application crashed [@ mozilla::net::nsHttpChannel::ContinueOnBeforeConnect(bool, nsresult)]
20:00:35 INFO - Crash dump filename: /Users/cltbld/tasks/task_1555012452/build/tmpMb7Qwv.mozrunner/minidumps/49230F94-EDCC-4346-B7CC-5B0CB92DFA49.dmp
20:00:35 INFO - Operating system: Mac OS X
20:00:35 INFO - 10.10.5 14F27
20:00:35 INFO - CPU: amd64
20:00:35 INFO - family 6 model 69 stepping 1
20:00:35 INFO - 4 CPUs
20:00:35 INFO -
20:00:35 INFO - GPU: UNKNOWN
20:00:35 INFO -
20:00:35 INFO - Crash reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
20:00:35 INFO - Crash address: 0x0
20:00:35 INFO - Process uptime: 19 seconds
20:00:35 INFO -
20:00:35 INFO - Thread 0 (crashed)
20:00:35 INFO - 0 XUL!mozilla::net::nsHttpChannel::ContinueOnBeforeConnect(bool, nsresult) [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 630 + 0x29]
20:00:35 INFO - rax = 0x000000010ecb6492 rdx = 0x00007fff7db8d1f8
20:00:35 INFO - rcx = 0x00000001075966a8 rbx = 0x000000002e4fae01
20:00:35 INFO - rsi = 0x0001220000012200 rdi = 0x0001210000012203
20:00:35 INFO - rbp = 0x00007fff586b3940 rsp = 0x00007fff586b38e0
20:00:35 INFO - r8 = 0x00007fff586b3890 r9 = 0x00007fff7c28b300
20:00:35 INFO - r10 = 0x00007fff96ae95d2 r11 = 0x00007fff96ae9421
20:00:35 INFO - r12 = 0x000000012ed7d000 r13 = 0x0000000110a88da0
20:00:35 INFO - r14 = 0x000000012ed7d050 r15 = 0x0000000007dbef01
20:00:35 INFO - rip = 0x000000010817d4af
20:00:35 INFO - Found by: given as instruction pointer in context
20:00:35 INFO - 1 XUL!mozilla::net::nsHttpChannel::OnBeforeConnect() [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 584 + 0x13]
20:00:35 INFO - rbp = 0x00007fff586b3a10 rsp = 0x00007fff586b3950
20:00:35 INFO - rip = 0x000000010817be3c
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 2 XUL!mozilla::net::nsHttpChannel::ContinueBeginConnectWithResult() [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 6953 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b3a80 rsp = 0x00007fff586b3a20
20:00:35 INFO - rip = 0x00000001081a4063
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 3 XUL!mozilla::net::nsHttpChannel::BeginConnectActual() [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 6807 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b3ad0 rsp = 0x00007fff586b3a90
20:00:35 INFO - rip = 0x00000001081a422a
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 4 XUL!mozilla::net::nsHttpChannel::BeginConnect() [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 6756 + 0x5]
20:00:35 INFO - rbp = 0x00007fff586b3cf0 rsp = 0x00007fff586b3ae0
20:00:35 INFO - rip = 0x00000001081a2891
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 5 XUL!mozilla::net::nsHttpChannel::OnProxyAvailable(nsICancelable*, nsIChannel*, nsIProxyInfo*, nsresult) [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 7051 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b3d30 rsp = 0x00007fff586b3d00
20:00:35 INFO - rip = 0x00000001081a52b2
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 6 XUL!mozilla::net::nsAsyncResolveRequest::DoCallback() [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 396 + 0x23]
20:00:35 INFO - rbp = 0x00007fff586b3e10 rsp = 0x00007fff586b3d40
20:00:35 INFO - rip = 0x0000000107db1b92
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 7 XUL!nsresult std::__1::__invoke_void_return_wrapper<nsresult>::__call<mozilla::net::nsAsyncResolveRequest::ProcessLocally(mozilla::net::nsProtocolInfo&, nsIProxyInfo*, bool)::'lambda'(mozilla::net::nsAsyncResolveRequest*, nsIProxyInfo*, bool)&, mozilla::net::nsAsyncResolveRequest*, nsIProxyInfo*, bool>(mozilla::net::nsAsyncResolveRequest::ProcessLocally(mozilla::net::nsProtocolInfo&, nsIProxyInfo*, bool)::'lambda'(mozilla::net::nsAsyncResolveRequest*, nsIProxyInfo*, bool)&, mozilla::net::nsAsyncResolveRequest*&&, nsIProxyInfo*&&, bool&&) [__functional_base:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 318 + 0x33]
20:00:35 INFO - rbp = 0x00007fff586b3e40 rsp = 0x00007fff586b3e20
20:00:35 INFO - rip = 0x0000000107daf451
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 8 XUL!mozilla::net::nsAsyncResolveRequest::AsyncApplyFilters::Finish() [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 589 + 0x22]
20:00:35 INFO - rbp = 0x00007fff586b3ea0 rsp = 0x00007fff586b3e50
20:00:35 INFO - rip = 0x0000000107d74a5d
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 9 XUL!mozilla::net::nsAsyncResolveRequest::AsyncApplyFilters::ProcessNextFilter() [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 500 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b3ef0 rsp = 0x00007fff586b3eb0
20:00:35 INFO - rip = 0x0000000107d7479f
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 10 XUL!mozilla::net::nsAsyncResolveRequest::AsyncApplyFilters::AsyncProcess(mozilla::net::nsAsyncResolveRequest*) [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 476 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b3f50 rsp = 0x00007fff586b3f00
20:00:35 INFO - rip = 0x0000000107d743cf
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 11 XUL!mozilla::net::nsAsyncResolveRequest::ProcessLocally(mozilla::net::nsProtocolInfo&, nsIProxyInfo*, bool) [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 253 + 0x10]
20:00:35 INFO - rbp = 0x00007fff586b3fc0 rsp = 0x00007fff586b3f60
20:00:35 INFO - rip = 0x0000000107d7b731
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 12 XUL!mozilla::net::nsProtocolProxyService::AsyncResolveInternal(nsIChannel*, unsigned int, nsIProtocolProxyCallback*, nsICancelable**, bool, nsIEventTarget*) [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 1552 + 0x25]
20:00:35 INFO - rbp = 0x00007fff586b40a0 rsp = 0x00007fff586b3fd0
20:00:35 INFO - rip = 0x0000000107d7a904
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 13 XUL!mozilla::net::nsProtocolProxyService::AsyncResolve2(nsIChannel*, unsigned int, nsIProtocolProxyCallback*, nsIEventTarget*, nsICancelable**) [nsProtocolProxyService.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 1572 + 0x12]
20:00:35 INFO - rbp = 0x00007fff586b40c0 rsp = 0x00007fff586b40b0
20:00:35 INFO - rip = 0x0000000107d7b7aa
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 14 XUL!mozilla::net::nsHttpChannel::ResolveProxy() [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 3329 + 0x15]
20:00:35 INFO - rbp = 0x00007fff586b4140 rsp = 0x00007fff586b40d0
20:00:35 INFO - rip = 0x0000000108192063
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 15 XUL!mozilla::net::nsHttpChannel::AsyncOpenFinal(mozilla::TimeStamp) [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 6486 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b4170 rsp = 0x00007fff586b4150
20:00:35 INFO - rip = 0x00000001081a15f5
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 16 XUL!mozilla::net::nsHttpChannel::AsyncOpen(nsIStreamListener*) [nsHttpChannel.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 6456 + 0x15]
20:00:35 INFO - rbp = 0x00007fff586b4210 rsp = 0x00007fff586b4180
20:00:35 INFO - rip = 0x00000001081a104c
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 17 XUL!mozilla::net::HttpChannelParent::InvokeAsyncOpen(nsresult) [HttpChannelParent.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 378 + 0x30]
20:00:35 INFO - rbp = 0x00007fff586b4250 rsp = 0x00007fff586b4220
20:00:35 INFO - rip = 0x000000010812a93d
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 18 XUL!mozilla::net::HttpChannelParent::TryInvokeAsyncOpen(nsresult) [HttpChannelParent.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 185 + 0xb]
20:00:35 INFO - rbp = 0x00007fff586b42a0 rsp = 0x00007fff586b4260
20:00:35 INFO - rip = 0x000000010812a697
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 19 XUL!mozilla::MozPromise<bool, nsresult, false>::ThenValue<mozilla::net::HttpChannelParent::DoAsyncOpen(mozilla::ipc::URIParams const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, unsigned int const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, unsigned int const&, nsTArray<mozilla::net::RequestHeaderTuple> const&, nsTString<char> const&, mozilla::Maybe<mozilla::ipc::IPCStream> const&, bool const&, short const&, unsigned int const&, unsigned char const&, bool const&, unsigned int const&, bool const&, unsigned long long const&, nsTString<char> const&, bool const&, nsTString<char> const&, bool const&, bool const&, bool const&, unsigned int const&, mozilla::Maybe<mozilla::net::LoadInfoArgs> const&, mozilla::Maybe<mozilla::net::nsHttpResponseHead> const&, nsTString<char> const&, unsigned int const&, unsigned long long const&, mozilla::Maybe<mozilla::net::CorsPreflightArgs> const&, unsigned int const&, bool const&, bool const&, bool const&, nsTString<char> const&, unsigned int const&, unsigned int const&, unsigned long long const&, nsTString<char16_t> const&, unsigned long long const&, nsTArray<mozilla::net::PreferredAlternativeDataTypeParams> const&, unsigned long long const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, bool const&, mozilla::TimeStamp const&)::$_18, mozilla::net::HttpChannelParent::DoAsyncOpen(mozilla::ipc::URIParams const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, unsigned int const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, mozilla::Maybe<mozilla::ipc::URIParams> const&, unsigned int const&, nsTArray<mozilla::net::RequestHeaderTuple> const&, nsTString<char> const&, mozilla::Maybe<mozilla::ipc::IPCStream> const&, bool const&, short const&, unsigned int const&, unsigned char const&, bool const&, unsigned int const&, bool const&, unsigned long long const&, nsTString<char> const&, bool const&, nsTString<char> const&, bool const&, bool const&, bool const&, unsigned int const&, mozilla::Maybe<mozilla::net::LoadInfoArgs> const&, mozilla::Maybe<mozilla::net::nsHttpResponseHead> const&, nsTString<char> const&, unsigned int const&, unsigned long long const&, mozilla::Maybe<mozilla::net::CorsPreflightArgs> const&, unsigned int const&, bool const&, bool const&, bool const&, nsTString<char> const&, unsigned int const&, unsigned int const&, unsigned long long const&, nsTString<char16_t> const&, unsigned long long const&, nsTArray<mozilla::net::PreferredAlternativeDataTypeParams> const&, unsigned long long const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, mozilla::TimeStamp const&, bool const&, mozilla::TimeStamp const&)::$_19>::DoResolveOrRejectInternal(mozilla::MozPromise<bool, nsresult, false>::ResolveOrRejectValue&) [MozPromise.h:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 0 + 0x5]
20:00:35 INFO - rbp = 0x00007fff586b42d0 rsp = 0x00007fff586b42b0
20:00:35 INFO - rip = 0x00000001081708fb
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 20 XUL!mozilla::MozPromise<bool, nsresult, false>::ThenValueBase::ResolveOrRejectRunnable::Run() [MozPromise.h:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 393 + 0x30]
20:00:35 INFO - rbp = 0x00007fff586b42f0 rsp = 0x00007fff586b42e0
20:00:35 INFO - rip = 0x000000010816eff1
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 21 XUL!nsThread::ProcessNextEvent(bool, bool*) [nsThread.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 1180 + 0x6]
20:00:35 INFO - rbp = 0x00007fff586b4800 rsp = 0x00007fff586b4300
20:00:35 INFO - rip = 0x0000000107c37ed0
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 22 XUL!NS_ProcessPendingEvents(nsIThread*, unsigned int) [nsThreadUtils.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 434 + 0xe]
20:00:35 INFO - rbp = 0x00007fff586b4850 rsp = 0x00007fff586b4810
20:00:35 INFO - rip = 0x0000000107c34de1
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 23 XUL!nsBaseAppShell::NativeEventCallback() [nsBaseAppShell.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 87 + 0x14]
20:00:35 INFO - rbp = 0x00007fff586b4880 rsp = 0x00007fff586b4860
20:00:35 INFO - rip = 0x000000010b7963bf
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 24 XUL!nsAppShell::ProcessGeckoEvents(void*) [nsAppShell.mm:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 440 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b48e0 rsp = 0x00007fff586b4890
20:00:35 INFO - rip = 0x000000010b80dd59
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 25 CoreFoundation + 0x80a01
20:00:35 INFO - rbp = 0x00007fff586b48f0 rsp = 0x00007fff586b48f0
20:00:35 INFO - rip = 0x00007fff94e1ca01
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 26 CoreFoundation + 0x72b8d
20:00:35 INFO - rbp = 0x00007fff586b4950 rsp = 0x00007fff586b4900
20:00:35 INFO - rip = 0x00007fff94e0eb8d
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 27 CoreFoundation + 0x721bf
20:00:35 INFO - rbp = 0x00007fff586b5630 rsp = 0x00007fff586b4960
20:00:35 INFO - rip = 0x00007fff94e0e1bf
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 28 CoreFoundation + 0x71bd8
20:00:35 INFO - rbp = 0x00007fff586b5690 rsp = 0x00007fff586b5640
20:00:35 INFO - rip = 0x00007fff94e0dbd8
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 29 HIToolbox + 0x3256f
20:00:35 INFO - rbp = 0x00007fff586b56d0 rsp = 0x00007fff586b56a0
20:00:35 INFO - rip = 0x00007fff98d7456f
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 30 HIToolbox + 0x322ea
20:00:35 INFO - rbp = 0x00007fff586b5750 rsp = 0x00007fff586b56e0
20:00:35 INFO - rip = 0x00007fff98d742ea
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 31 HIToolbox + 0x3212b
20:00:35 INFO - rbp = 0x00007fff586b5770 rsp = 0x00007fff586b5760
20:00:35 INFO - rip = 0x00007fff98d7412b
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 32 AppKit + 0x918ab
20:00:35 INFO - rbp = 0x00007fff586b5be0 rsp = 0x00007fff586b5780
20:00:35 INFO - rip = 0x00007fff8cc6d8ab
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 33 AppKit + 0x90e58
20:00:35 INFO - rbp = 0x00007fff586b5e80 rsp = 0x00007fff586b5bf0
20:00:35 INFO - rip = 0x00007fff8cc6ce58
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 34 XUL!-[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] [nsAppShell.mm:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 168 + 0x2c]
20:00:35 INFO - rbp = 0x00007fff586b5ef0 rsp = 0x00007fff586b5e90
20:00:35 INFO - rip = 0x000000010b80ccfe
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 35 AppKit + 0x86af3
20:00:35 INFO - rbp = 0x00007fff586b5f70 rsp = 0x00007fff586b5f00
20:00:35 INFO - rip = 0x00007fff8cc62af3
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 36 XUL!nsAppShell::Run() [nsAppShell.mm:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 703 + 0x1a]
20:00:35 INFO - rbp = 0x00007fff586b5fc0 rsp = 0x00007fff586b5f80
20:00:35 INFO - rip = 0x000000010b80e6ef
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 37 XUL!nsAppStartup::Run() [nsAppStartup.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 270 + 0xf]
20:00:35 INFO - rbp = 0x00007fff586b5fe0 rsp = 0x00007fff586b5fd0
20:00:35 INFO - rip = 0x000000010ce5cbbe
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 38 XUL!XREMain::XRE_mainRun() [nsAppRunner.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 4572 + 0x16]
20:00:35 INFO - rbp = 0x00007fff586b6110 rsp = 0x00007fff586b5ff0
20:00:35 INFO - rip = 0x000000010cfe4f4c
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 39 XUL!XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) [nsAppRunner.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 4710 + 0x8]
20:00:35 INFO - rbp = 0x00007fff586b61f0 rsp = 0x00007fff586b6120
20:00:35 INFO - rip = 0x000000010cfe5cff
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 40 XUL!XRE_main(int, char**, mozilla::BootstrapConfig const&) [nsAppRunner.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 4791 + 0x10]
20:00:35 INFO - rbp = 0x00007fff586b6340 rsp = 0x00007fff586b6200
20:00:35 INFO - rip = 0x000000010cfe6c9c
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 41 firefox!main [nsBrowserApp.cpp:acb04833e713061274e2f2221aa0b84cf2c2a8ab : 291 + 0x59]
20:00:35 INFO - rbp = 0x00007fff586b6790 rsp = 0x00007fff586b6350
20:00:35 INFO - rip = 0x0000000107549f26
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 42 libdyld.dylib + 0x35c9
20:00:35 INFO - rbp = 0x00007fff586b67a8 rsp = 0x00007fff586b67a0
20:00:35 INFO - rip = 0x00007fff96ae95c9
20:00:35 INFO - Found by: previous frame's frame pointer
20:00:35 INFO - 43 libdyld.dylib + 0x35c9
20:00:35 INFO - rbp = 0x00007fff586b67a8 rsp = 0x00007fff586b67a8
20:00:35 INFO - rip = 0x00007fff96ae95c9
20:00:35 INFO - Found by: stack scanning

Flags: needinfo?(ehsan)

So what I said in comment 5 wasn't super accurate... The storage checks do check the private browsing status of the channel into account but not in every case, for example when network.cookie.cookieBehavior != 4. So we need to check both isIsolated and mPrivateBrowsing in ContinueOnBeforeConnect.

Flags: needinfo?(ehsan)
Flags: needinfo?(ehsan)

Please note that patch in bug 1542835 needs to land before this patch.

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/938a637c68f0
Ensure that TLS session resumption tickets are only consumed if the channel isn't isolated by anti-tracking checks; r=michal,baku
Flags: needinfo?(ehsan) → needinfo?(senglehardt)
Keywords: dev-doc-needed
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Thank you all for the work on this issue. I couldn’t have predicted the resolution but I’m really glad I submitted this request. Cheers and be well.

Whiteboard: [necko-triaged] → [necko-triaged][adv-main68-]
You need to log in before you can comment on or make changes to this bug.