Bug 1596234 - TRR: Check that pushed entry is not used after DNS suffix list changes r=JuniorHsu
authorValentin Gosu <valentin.gosu@gmail.com>
Fri, 15 Nov 2019 16:00:28 +0000
changeset 502276 ffc51f312b5a44b57997bb3cae8cbb18a8234053
parent 502275 f7679d8469b66ed60ad902806b67ebfff4c58e5f
child 502277 6a6de47cc1f6fc63af0ec1172712213507a40021
push id114172
push userdluca@mozilla.com
push dateTue, 19 Nov 2019 11:31:10 +0000
treeherdermozilla-inbound@b5c5ba07d3db [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersJuniorHsu
bugs1596234
milestone72.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1596234 - TRR: Check that pushed entry is not used after DNS suffix list changes r=JuniorHsu - changes moz-http2.js so that the pushed entry is created using dnsPacked.encode in order to make the code clearer - the pushed TRR entry is not push.example.org (instead of push.example.com) so the pushed entry is not same origin with the DoH endpoint. - makes sure that when checking DnsSuffixInMode(3) we have the bootstrap address set Differential Revision: https://phabricator.services.mozilla.com/D52912
netwerk/test/unit/test_trr.js
testing/xpcshell/moz-http2/moz-http2.js
--- a/netwerk/test/unit/test_trr.js
+++ b/netwerk/test/unit/test_trr.js
@@ -255,19 +255,19 @@ add_task(async function test5() {
 add_task(async function test5b() {
   // At this point the second host name should've been pushed and we can resolve it using
   // cache only. Set back the URI to a path that fails.
   // Don't clear the cache, otherwise we lose the pushed record.
   Services.prefs.setCharPref(
     "network.trr.uri",
     `https://foo.example.com:${h2Port}/404`
   );
-  dump("test5b - resolve push.example.now please\n");
+  dump("test5b - resolve push.example.org please\n");
 
-  await new DNSListener("push.example.com", "2018::2018");
+  await new DNSListener("push.example.org", "2018::2018");
 });
 
 // verify AAAA entry
 add_task(async function test6() {
   Services.prefs.setBoolPref("network.trr.wait-for-A-and-AAAA", true);
 
   dns.clearCache(true);
   Services.prefs.setBoolPref("network.trr.early-AAAA", true); // ignored when wait-for-A-and-AAAA is true
@@ -1090,38 +1090,40 @@ add_task(async function test_clearCacheO
 });
 
 add_task(async function test_dnsSuffix() {
   async function checkDnsSuffixInMode(mode) {
     dns.clearCache(true);
     Services.prefs.setIntPref("network.trr.mode", mode);
     Services.prefs.setCharPref(
       "network.trr.uri",
-      `https://localhost:${h2Port}/doh?responseIP=1.2.3.4`
+      `https://foo.example.com:${h2Port}/doh?responseIP=1.2.3.4&push=true`
     );
-    await new DNSListener("test.com", "1.2.3.4");
-    dns.clearCache(true);
-    Services.prefs.setIntPref("network.trr.mode", mode);
+    await new DNSListener("example.org", "1.2.3.4");
+    await new DNSListener("push.example.org", "2018::2018");
 
-    dns.clearCache(true);
     let networkLinkService = {
-      dnsSuffixList: ["test.com"],
+      dnsSuffixList: ["example.org"],
       QueryInterface: ChromeUtils.generateQI([Ci.nsINetworkLinkService]),
     };
     Services.obs.notifyObservers(
       networkLinkService,
       "network:link-status-changed",
       "changed"
     );
-    await new DNSListener("test.com", "127.0.0.1");
+    await new DNSListener("example.org", "127.0.0.1");
+    // Also test that we don't use the pushed entry.
+    await new DNSListener("push.example.org", "127.0.0.1");
 
     // Attempt to clean up, just in case
     networkLinkService.dnsSuffixList = [];
     Services.obs.notifyObservers(
       networkLinkService,
       "network:link-status-changed",
       "changed"
     );
   }
 
   await checkDnsSuffixInMode(2);
+  Services.prefs.setCharPref("network.trr.bootstrapAddress", "127.0.0.1");
   await checkDnsSuffixInMode(3);
+  Services.prefs.clearUserPref("network.trr.bootstrapAddress");
 });
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -583,22 +583,33 @@ function handleRequest(req, res) {
       if (req.headers['authorization'] != "user:password") {
         res.writeHead(401);
         res.end("bad boy!");
         return;
       }
     }
 
     if (u.query["push"]) {
-      // push.example.com has AAAA entry 2018::2018
-      var pcontent= Buffer.from("0000010000010001000000000470757368076578616D706C6503636F6D00001C0001C00C001C000100000037001020180000000000000000000000002018", "hex");
+      // push.example.org has AAAA entry 2018::2018
+      let pcontent = dnsPacket.encode({
+        id: 0,
+        type: 'response',
+        flags: dnsPacket.RECURSION_DESIRED,
+        questions: [ { name: 'push.example.org', type: 'AAAA', class: 'IN' } ],
+        answers: [ { name: 'push.example.org',
+                     type: 'AAAA',
+                     ttl: 55,
+                     class: 'IN',
+                     flush: false,
+                     data: '2018::2018' } ],
+      });
       push = res.push({
         hostname: 'foo.example.com:' + serverPort,
         port: serverPort,
-        path: '/dns-pushed-response?dns=AAAAAAABAAAAAAAABHB1c2gHZXhhbXBsZQNjb20AABwAAQ',
+        path: '/dns-pushed-response?dns=AAAAAAABAAAAAAAABHB1c2gHZXhhbXBsZQNvcmcAABwAAQ',
         method: 'GET',
         headers: {
           'accept' : 'application/dns-message'
         }
       });
       push.writeHead(200, {
         'content-type': 'application/dns-message',
         'pushed' : 'yes',