Race condition causes persistent rnd separation between containers to…

… lea Fixes #369
kkapsner · Jun 14, 2019 · ea15fab · ea15fab
1 parent 03524fd
commit ea15fab
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/lib/randomSupplies.js b/lib/randomSupplies.js
@@ -63,6 +63,7 @@
 	};
 
 	const settings = require("./settings");
+	const logging = require("./logging");
 	const extension = require("./extension");
 
 	function getDomain(window){
@@ -81,7 +82,7 @@
 	}
 
 	var persistentRnd = Object.create(null);
-	let cookieStoreId = "";
+	let cookieStoreId = false;
 	settings.onloaded(function(){
 		try {
 			let storedData = JSON.parse(
@@ -121,6 +122,18 @@
 		});
 
 		return function getPersistentRnd(window){
+			while (cookieStoreId === false){
+				logging.message("Starting synchronous request to wait for cookie store id.");
+				try {
+					let xhr = new XMLHttpRequest();
+					xhr.open("GET", "https://[::]", false);
+					xhr.send();
+					xhr = null;
+				}
+				catch (e){
+					logging.verbose("Error in XHR:", e);
+				}
+			}
 			var domain = cookieStoreId + getDomain(window);
 			if (!persistentRnd[domain]){
 				// create the (sub-)domains random numbers if not existing
@@ -144,10 +157,7 @@
 		persistentRnd[domain] = new Uint8Array(rnd);
 	};
 	scope.persistent.setCookieStoreId = function(newCookieStoreId){
-		if (
-			typeof newCookieStoreId === "string" &&
-			newCookieStoreId !== "firefox-default"
-		){
+		if (typeof newCookieStoreId === "string"){
 			cookieStoreId = (
 				newCookieStoreId !== "" &&
 				newCookieStoreId !== "firefox-default"

diff --git a/releaseNotes.txt b/releaseNotes.txt
@@ -11,6 +11,7 @@ Version 0.5.11:
 	fixes:
 		- improved protection of (i)frame properties
 		- document.write and document.writeln protection broke pages
+		- race condition causes persistent rnd separation between containers to leak
 
 	known issues:
 		- if a data URL is blocked the page action button does not appear

diff --git a/versions/updates.json b/versions/updates.json
@@ -17,6 +17,10 @@
 				{
 					"version": "0.5.11Alpha20190612",
 					"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi"
+				},
+				{
+					"version": "0.5.11Alpha20190614",
+					"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190614-an+fx.xpi"
 				}
 			]
 		}