Bug 616733: Disable websockets by default. r=peterv,jst a=beta8

Can be turned on by setting preference network.websocket.override-security-block. Websockets can only be used if override-security-block and network.websocket.enabled are both set to true. At a future time, with a more secure websocket protocol, the override-security-block preference can be removed. This action is based on the security concern over an HTTP cache poisoning attack as described in http://www.adambarth.com/experimental/websocket.pdf
2024-09-13 09:24:08 -07:00 · 2010-12-08 14:12:51 -08:00 · 2010-12-08 14:12:51 -08:00 · 725731c1fa
commit 725731c1fa
parent ce8ef3e4f7
6 changed files with 55 additions and 8 deletions
--- a/content/base/src/nsWebSocket.cpp
+++ b/content/base/src/nsWebSocket.cpp
@ -2924,9 +2924,7 @@ nsWebSocket::Initialize(nsISupports* aOwner,
 {
  nsAutoString urlParam, protocolParam;

-  PRBool prefEnabled =
-    nsContentUtils::GetBoolPref("network.websocket.enabled", PR_TRUE);
-  if (!prefEnabled) {
+  if (!PrefEnabled()) {
    return NS_ERROR_DOM_SECURITY_ERR;
  }

@ -3104,6 +3102,14 @@ nsWebSocket::CreateAndDispatchCloseEvent(PRBool aWasClean)
  return DispatchDOMEvent(nsnull, event, nsnull, nsnull);
 }

+PRBool
+nsWebSocket::PrefEnabled()
+{
+  return nsContentUtils::GetBoolPref("network.websocket.enabled", PR_TRUE) &&
+    nsContentUtils::GetBoolPref("network.websocket.override-security-block",
+                                PR_FALSE);
+}
+
 void
 nsWebSocket::SetReadyState(PRUint16 aNewReadyState)
 {
@ -3502,9 +3508,7 @@ nsWebSocket::Init(nsIPrincipal* aPrincipal,

  NS_ENSURE_ARG(aPrincipal);

-  PRBool prefEnabled =
-    nsContentUtils::GetBoolPref("network.websocket.enabled", PR_TRUE);
-  if (!prefEnabled) {
+  if (!PrefEnabled()) {
    return NS_ERROR_DOM_SECURITY_ERR;
  }

--- a/content/base/src/nsWebSocket.h
+++ b/content/base/src/nsWebSocket.h
@ -103,6 +103,9 @@ public:

  static void ReleaseGlobals();

+  // Determine if preferences allow WebSocket
+  static PRBool PrefEnabled();
+
 protected:
  nsresult ParseURL(const nsString& aURL);
  nsresult SetProtocol(const nsString& aProtocol);
--- a/content/base/test/test_websocket.html
+++ b/content/base/test/test_websocket.html
@ -593,6 +593,9 @@ function test22()
  };
 }

+var domBranch;
+var oldPrefVal;
+
 function finishWSTest()
 {
  for (i = 0; i < all_ws.length; ++i) {
@ -601,11 +604,20 @@ function finishWSTest()
      ok(false, "didn't called close on test " + all_ws[i]._testNumber + "!");
    }
  }
+  netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+  domBranch.setBoolPref("override-security-block", oldPrefVal);
  SimpleTest.finish();
 }

 function testWebSocket ()
 {
+  netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+  var prefService =
+      Components.classes["@mozilla.org/preferences-service;1"]
+      .getService(Components.interfaces.nsIPrefService);
+  domBranch = prefService.getBranch("network.websocket.");
+  oldPrefVal = domBranch.getBoolPref("override-security-block");
+  domBranch.setBoolPref("override-security-block", true);
  doTest(first_test);
 }

--- a/content/base/test/test_websocket_hello.html
+++ b/content/base/test/test_websocket_hello.html
@ -17,8 +17,24 @@
 <script class="testbody" type="text/javascript">

 var ws;
+var oldPrefVal;
+var domBranch;
+
+function finishWSTest() {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    domBranch.setBoolPref("override-security-block", oldPrefVal);
+    SimpleTest.finish();
+}

 function testWebSocket () {
+  netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+  var prefService =
+      Components.classes["@mozilla.org/preferences-service;1"]
+      .getService(Components.interfaces.nsIPrefService);
+  domBranch = prefService.getBranch("network.websocket.");
+  oldPrefVal = domBranch.getBoolPref("override-security-block");
+  domBranch.setBoolPref("override-security-block", true);
+
  ws = new WebSocket("ws://mochi.test:8888/tests/content/base/test/file_websocket_hello");
  ws.onopen = function(e) {
    ws.send("data");
@ -27,12 +43,12 @@ function testWebSocket () {
  }
  ws.onerror = function(e) {
    ok(false, "onerror called!");
-    SimpleTest.finish();
+    finishWSTest();
  }
  ws.onmessage = function(e) {
    is(e.data, "Hello world!", "Wrong data");
    ws.close();
-    SimpleTest.finish();
+    finishWSTest();
  }
 }

--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@ -6345,6 +6345,13 @@ nsWindowSH::GlobalResolve(nsGlobalWindow *aWin, JSContext *cx,
      return NS_OK;
    }

+    // For now don't expose web sockets unless user has explicitly enabled them
+    if (name_struct->mDOMClassInfoID == eDOMClassInfo_WebSocket_id) {
+      if (!nsWebSocket::PrefEnabled()) {
+        return NS_OK;
+      }
+    }
+
    // Create the XPConnect prototype for our classinfo, PostCreateProto will
    // set up the prototype chain.
    nsCOMPtr<nsIXPConnectJSObjectHolder> proto_holder;
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@ -752,6 +752,11 @@ pref("network.ftp.control.qos", 0);
 // </http>

 // <ws>: WebSocket
+// The -76 websocket network protocol may be subject to HTTP cache poisoning
+// attacks. Until there is a secure open standard available and implemented
+// in necko the override-security-block preference must be set to true before
+// the normal enabled preference is considered. Bug 616733
+pref("network.websocket.override-security-block", false);
 pref("network.websocket.enabled", true);
 // </ws>