Closed Bug 1734435 Opened 4 years ago Closed 4 years ago

HttpChannel bypassProxy flag does not honor network.proxy.failover_direct pref

Categories

(Core :: Networking: HTTP, defect, P1)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
95 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- unaffected
firefox-esr91 --- unaffected
firefox93 --- unaffected
firefox94 - disabled
firefox95 + fixed

People

(Reporter: dveditz, Assigned: mixedpuppy)

References

(Regression)

Details

(Keywords: csectype-disclosure, regression, sec-moderate, Whiteboard: [addons-jira][necko-triaged])

A bypassProxy flag was introduced on nsIHttpChannelInternal in bug 1732388, but it does not honor the network.proxy.failover_direct pref. That pref was added so that use-cases like the Tor Browser can say "Never bypass the proxy under any circumstances!" Lives could literally be at stake.

I believe the flag was added in Firefox 94 but isn't used until the bugs depending on that change land in Fx95. Could be fair to call this "disabled" in the status-Firefox94 box.

status-firefox93: --- → unaffected
status-firefox94: --- → affected
status-firefox95: --- → affected
tracking-firefox95: --- → +
Whiteboard: [addons-jira]
Severity: -- → S3
Priority: -- → P1
Whiteboard: [addons-jira] → [addons-jira][necko-triaged]

Set release status flags based on info from the regressing bug 1732388

status-firefox-esr78: --- → unaffected
status-firefox-esr91: --- → unaffected
Blocks: 1732792

IIUC, we don't need this in 94 anymore. Un-tracking accordingly.

status-firefox94: affecteddisabled
tracking-firefox94: +-

Shane, just to double check, in ESR 91 there is no mechanism where we would fall back to bypassing the proxy correct? And that this bug is about ensuring that the pref is respected in 95+?

Flags: needinfo?(mixedpuppy)

Nothing uses the bypass flag right now. The code landed as preparation for later patches, and those patches will have a pref. Because this is not proxy failover, I am using a different pref than network.proxy.failover_direct, so we can make tor aware of the other patches and the pref involved. That work is in Bug 1732792 and associated bugs, and we're intending to land next week on nightly.

Flags: needinfo?(mixedpuppy)

I've moved the pref to static prefs and added a check when attempting to set the bypass flag. This is in the patch for Bug 1732792, so this bug could be closed upon landing that patch.

Group: network-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox95: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-

https://phabricator.services.mozilla.com/D127170 has not landed yet.

Flags: needinfo?(mixedpuppy)

There is no sec issue yet, as there were no consumers before, and the first user of the bypassProxy flag already checks the pref.
The Implementation of that landed in bug 1732792, at https://hg.mozilla.org/mozilla-central/rev/d1a755a61abf#l3.48

https://phabricator.services.mozilla.com/D127170 will introduce another consumer, and along with it check the pref in the network layer (in case a caller forgets to check the network.proxy.allow_bypass pref).

Flags: needinfo?(mixedpuppy)
Has Regression Range: --- → yes
Keywords: regression
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.