Race condition causes persistent rnd separation between containers to lea

Fixes #369
2024-12-22 12:50:36 +01:00 · 2019-06-14 10:51:26 +02:00 · 2019-06-14 10:51:26 +02:00 · ea15fabad9
commit ea15fabad9
parent 03524fd789
3 changed files with 20 additions and 5 deletions
--- a/lib/randomSupplies.js
+++ b/lib/randomSupplies.js
@ -63,6 +63,7 @@
 	};

 	const settings = require("./settings");
+	const logging = require("./logging");
 	const extension = require("./extension");
 	
 	function getDomain(window){
@ -81,7 +82,7 @@
 	}

 	var persistentRnd = Object.create(null);
-	let cookieStoreId = "";
+	let cookieStoreId = false;
 	settings.onloaded(function(){
 		try {
 			let storedData = JSON.parse(
@ -121,6 +122,18 @@
 		});
 		
 		return function getPersistentRnd(window){
+			while (cookieStoreId === false){
+				logging.message("Starting synchronous request to wait for cookie store id.");
+				try {
+					let xhr = new XMLHttpRequest();
+					xhr.open("GET", "https://[::]", false);
+					xhr.send();
+					xhr = null;
+				}
+				catch (e){
+					logging.verbose("Error in XHR:", e);
+				}
+			}
 			var domain = cookieStoreId + getDomain(window);
 			if (!persistentRnd[domain]){
 				// create the (sub-)domains random numbers if not existing
@ -144,10 +157,7 @@
 		persistentRnd[domain] = new Uint8Array(rnd);
 	};
 	scope.persistent.setCookieStoreId = function(newCookieStoreId){
-		if (
-			typeof newCookieStoreId === "string" &&
-			newCookieStoreId !== "firefox-default"
-		){
+		if (typeof newCookieStoreId === "string"){
 			cookieStoreId = (
 				newCookieStoreId !== "" &&
 				newCookieStoreId !== "firefox-default"
--- a/releaseNotes.txt
+++ b/releaseNotes.txt
@ -11,6 +11,7 @@ Version 0.5.11:
 	fixes:
 		- improved protection of (i)frame properties
 		- document.write and document.writeln protection broke pages
+		- race condition causes persistent rnd separation between containers to leak
 	
 	known issues:
 		- if a data URL is blocked the page action button does not appear
--- a/versions/updates.json
+++ b/versions/updates.json
@ -17,6 +17,10 @@
 				{
 					"version": "0.5.11Alpha20190612",
 					"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi"
+				},
+				{
+					"version": "0.5.11Alpha20190614",
+					"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190614-an+fx.xpi"
 				}
 			]
 		}