Web Authentication - Prohibit use for IP Addresses
Categories
(Core :: DOM: Web Authentication, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox75 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
()
Details
Attachments
(3 files)
WebAuthn is only permitted for host types, not IP addresses, so we need to enforce that and add a Web Platform Test.
|
Assignee | |
Comment 1•4 years ago
|
||
WebAuthn needs to write a test to confirm it's prohibited when accessed via
an IP address. This adds the capability to get a SecureContext for an IP host.
It uses 127.0.0.2 so as to bypass restrictions on 127.0.0.1, and the use of .1
as a special-market in ssltunnel.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
Boris, I'm looking for advice:
WebAuthn needs to check that the origin has a domain [-1], or maybe more explicitly, that the host is a domain and not an IP4/6 address.
- nsIPrincipal doesn't have a method or attribute for it (though BasePrincipal has
mHasExplicitDomainbut it's unavailable and I'm not clear on its semantics). - nsContentUtils has some formatting methods for IPv6 strings [0] but nothing to tell whether it is an IP address
- One can cheat like nsNavHistory does using nsIEffectiveTLDService's
getBaseDomain[1] and looking forNS_ERROR_HOST_IS_IP_ADDRESS - Or one can go full NSPR and call
PR_StringToNetAddr()
As far as I can tell, other than going via nsIEffectiveTLDService, my real path here is to implement another method in BasePrincipal, and have that either call PR_StringToNetAddr or do regexes.
- Would adding to BasePrincipal match up with your preferences -- or do you think this is a matter for nsContentUtils?
- Would you prefer the NSPR route, processing from
nsIEffectiveTLDService::getBaseDomain, or regexes?
[-1] https://github.com/w3c/webauthn/issues/1358#issuecomment-588453058
[0] https://searchfox.org/mozilla-central/rev/5a10be606f2d76ef22f1f44565749490de991d35/dom/base/nsContentUtils.cpp#7171
[1] https://searchfox.org/mozilla-central/rev/5a10be606f2d76ef22f1f44565749490de991d35/toolkit/components/places/nsNavHistory.cpp#828
|
|
Assignee | |
Comment 3•4 years ago
|
||
Depends on D63570
|
||
Comment 4•4 years ago
|
||
mHasExplicitDomain is not what you want here. That's "document.domain was set" stuff.
In general, people are trying to remove the ability to get a URI from a principal; see bug 1577165 and its dependencies. So the right thing is probably to have an API on nsIPrincipal or BasePrincipal to ask the question you want to ask, and then implement either via PR_StringToNetAddr or using the nsIEffectiveTLDService. Please do not manually do string matching to make this determination!
As far as TLD service via direct NSPR, the former has a bit more overhead, possibly, but also caches the result. Then again, for the common, non-IP, case, it does all sorts of work you don't care about... So my temptation would be to just PR_StringToNetAddr.
|
|
Assignee | |
Comment 5•4 years ago
|
||
Adds an infallable boolean attribute to nsIPrincipal that indicates whether
the principal's host is an IP address.
Adds a gtest to exercise that part of the nsIPrincipal.
/**
- Returns if the principal is an IP address.
*/
[infallible] readonly attribute boolean isIpAddress;
Depends on D63570
|
|
||
Updated•4 years ago
|
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f8632635a60c Add an IPv4 secure service to mochitests' ssltunnel r=keeler https://hg.mozilla.org/integration/autoland/rev/d7a04fa898d2 Add isIpAddress to nsIPrincipal r=ckerschb https://hg.mozilla.org/integration/autoland/rev/006a9bbd98d7 Prohibit IP addresses for WebAuthn operations r=keeler
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/f8632635a60c
https://hg.mozilla.org/mozilla-central/rev/d7a04fa898d2
https://hg.mozilla.org/mozilla-central/rev/006a9bbd98d7
Description
•