tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 53aba3edf211844074e5b3b22fa85366cc9d2905
parent ab3c53cbb554b8a6c9a0adbd60ea5415cbd8e511
Author: Valentin Gosu <valentin.gosu@gmail.com>
Date:   Mon,  6 Oct 2025 09:10:26 +0000

Bug 1983426 - Initialize UsedPrivateDNS in CommonSocketControl constructor r=keeler

The race here is caused by the fact that CommonSocketControl::mUsedPrivateDNS was
initialized to false in the constructor, and then set to
`SetUsedPrivateDNS(GetProviderFlags() & nsISocketProvider::USED_PRIVATE_DNS);`
in SetCertVerificationResult.

However, these flags don't change, so we can just initialize it in the constructor.

Differential Revision: https://phabricator.services.mozilla.com/D267401

Diffstat:

Mnetwerk/protocol/http/QuicSocketControl.cpp | 1-


Msecurity/manager/ssl/CommonSocketControl.cpp | 2+-


Msecurity/manager/ssl/CommonSocketControl.h | 4----


Msecurity/manager/ssl/NSSSocketControl.cpp | 1-


4 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/netwerk/protocol/http/QuicSocketControl.cpp b/netwerk/protocol/http/QuicSocketControl.cpp
@@ -30,7 +30,6 @@ QuicSocketControl::QuicSocketControl(const nsCString& aHostName, int32_t aPort,
 
 void QuicSocketControl::SetCertVerificationResult(PRErrorCode errorCode) {
   COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
-  SetUsedPrivateDNS(GetProviderFlags() & nsISocketProvider::USED_PRIVATE_DNS);
 
   if (errorCode) {
     mFailedVerification = true;
diff --git a/security/manager/ssl/CommonSocketControl.cpp b/security/manager/ssl/CommonSocketControl.cpp
@@ -43,7 +43,7 @@ CommonSocketControl::CommonSocketControl(const nsCString& aHostName,
       mServerCert(nullptr),
       mCertificateTransparencyStatus(0),
       mMadeOCSPRequests(false),
-      mUsedPrivateDNS(false),
+      mUsedPrivateDNS(aProviderFlags & nsISocketProvider::USED_PRIVATE_DNS),
       mNPNCompleted(false),
       mResumed(false),
       mIsBuiltCertChainRootBuiltInRoot(false) {
diff --git a/security/manager/ssl/CommonSocketControl.h b/security/manager/ssl/CommonSocketControl.h
@@ -63,10 +63,6 @@ class CommonSocketControl : public nsITLSSocketControl {
     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     return mMadeOCSPRequests;
   }
-  void SetUsedPrivateDNS(bool aUsedPrivateDNS) {
-    COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
-    mUsedPrivateDNS = aUsedPrivateDNS;
-  }
   bool GetUsedPrivateDNS() {
     COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
     return mUsedPrivateDNS;
diff --git a/security/manager/ssl/NSSSocketControl.cpp b/security/manager/ssl/NSSSocketControl.cpp
@@ -407,7 +407,6 @@ void NSSSocketControl::SetCertVerificationWaiting() {
 // callbacks.
 void NSSSocketControl::SetCertVerificationResult(PRErrorCode errorCode) {
   COMMON_SOCKET_CONTROL_ASSERT_ON_OWNING_THREAD();
-  SetUsedPrivateDNS(GetProviderFlags() & nsISocketProvider::USED_PRIVATE_DNS);
   MOZ_ASSERT(mCertVerificationState == WaitingForCertVerification,
              "Invalid state transition to AfterCertVerification");