Bug 1754975 - Introduce a new error code for blocking a non-local con…

…nection, r=necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D146281

netwerk/base/nsSocketTransport2.cpp

@@ -1234,7 +1234,7 @@ nsresult nsSocketTransport::InitiateSocket() {
           "Browser services should be disabled or redirected to a local "
           "server.\n",
           mHost.get(), ipaddr.get());
-      MOZ_CRASH("Attempting to connect to non-local address!");
+      return NS_ERROR_NON_LOCAL_CONNECTION_REFUSED;
     }
   }
 

netwerk/protocol/http/HttpLog.h

@@ -37,6 +37,8 @@ namespace mozilla {
 namespace net {
 Maybe<nsCString> CallingScriptLocationString();
 void LogCallingScriptLocation(void* instance);
+void LogCallingScriptLocation(void* instance,
+                              const Maybe<nsCString>& aLogLocation);
 extern LazyLogModule gHttpLog;
 }  // namespace net
 }  // namespace mozilla

netwerk/protocol/http/nsHttp.cpp

@@ -795,7 +795,7 @@ ParsedHeaderValueListList::ParsedHeaderValueListList(
 }
 
 Maybe<nsCString> CallingScriptLocationString() {
-  if (!LOG4_ENABLED()) {
+  if (!LOG4_ENABLED() && !xpc::IsInAutomation()) {
     return Nothing();
   }
 
@@ -817,13 +817,18 @@ Maybe<nsCString> CallingScriptLocationString() {
 
 void LogCallingScriptLocation(void* instance) {
   Maybe<nsCString> logLocation = CallingScriptLocationString();
-  if (logLocation.isNothing()) {
+  LogCallingScriptLocation(instance, logLocation);
+}
+
+void LogCallingScriptLocation(void* instance,
+                              const Maybe<nsCString>& aLogLocation) {
+  if (aLogLocation.isNothing()) {
     return;
   }
 
   nsCString logString;
   logString.AppendPrintf("%p called from script: ", instance);
-  logString.AppendPrintf("%s", logLocation->get());
+  logString.AppendPrintf("%s", aLogLocation->get());
   LOG(("%s", logString.get()));
 }
 

netwerk/protocol/http/nsHttpChannel.cpp

@@ -5756,7 +5756,8 @@ nsHttpChannel::AsyncOpen(nsIStreamListener* aListener) {
       "security flags in loadInfo but doContentSecurityCheck() not called");
 
   LOG(("nsHttpChannel::AsyncOpen [this=%p]\n", this));
-  LogCallingScriptLocation(this);
+  mOpenerCallingScriptLocation = CallingScriptLocationString();
+  LogCallingScriptLocation(this, mOpenerCallingScriptLocation);
   NS_CompareLoadInfoAndLoadContext(this);
 
 #ifdef DEBUG
@@ -6779,6 +6780,17 @@ nsHttpChannel::OnStartRequest(nsIRequest* request) {
     mStatus = status;
   }
 
+  if (mStatus == NS_ERROR_NON_LOCAL_CONNECTION_REFUSED) {
+    MOZ_CRASH_UNSAFE(nsPrintfCString("Attempting to connect to non-local "
+                                     "address! opener is [%s], uri is "
+                                     "[%s]",
+                                     mOpenerCallingScriptLocation
+                                         ? mOpenerCallingScriptLocation->get()
+                                         : "unknown",
+                                     mURI->GetSpecOrDefault().get())
+                         .get());
+  }
+
   LOG(("nsHttpChannel::OnStartRequest [this=%p request=%p status=%" PRIx32
        "]\n",
        this, request, static_cast<uint32_t>(static_cast<nsresult>(mStatus))));

netwerk/protocol/http/nsHttpChannel.h

@@ -832,6 +832,7 @@ class nsHttpChannel final : public HttpBaseChannel,
   bool mDidReval{false};
 
   RefPtr<nsIEarlyHintObserver> mEarlyHintObserver;
+  Maybe<nsCString> mOpenerCallingScriptLocation;
 };
 
 NS_DEFINE_STATIC_IID_ACCESSOR(nsHttpChannel, NS_HTTPCHANNEL_IID)

xpcom/base/ErrorList.py

@@ -340,6 +340,9 @@ def SUCCESS(code):
     errors["NS_ERROR_HTTPS_ONLY"] = FAILURE(86)
     # A WebSocket connection is failed.
     errors["NS_ERROR_WEBSOCKET_CONNECTION_REFUSED"] = FAILURE(87)
+    # A connection to a non local address is refused because
+    # xpc::AreNonLocalConnectionsDisabled() returns true.
+    errors["NS_ERROR_NON_LOCAL_CONNECTION_REFUSED"] = FAILURE(88)
 
     # XXX really need to better rationalize these error codes.  are consumers of
     # necko really expected to know how to discern the meaning of these??