Closed
Bug 267828
Opened 20 years ago
Closed 19 years ago
nsLocalFileWin::IsExecutable needs to trim trailing dots
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dbaron, Assigned: dougt)
References
Details
(Keywords: fixed-aviary1.0.1, fixed1.7.6, Whiteboard: ETA 2/11)
Attachments
(2 files, 3 obsolete files)
1000 bytes,
patch
|
dbaron
:
review+
dveditz
:
approval-aviary1.0.1+
dveditz
:
approval1.7.6+
dveditz
:
approval1.8b+
|
Details | Diff | Splinter Review |
1.37 KB,
text/html
|
Details |
This comes from investigation of bug 267122. It seems that when saving a file in Windows, trailing dots are trimmed from the filename. Therefore a file saved as "foo.exe." will be saved as "foo.exe", and an attempt to read a file "foo.bar..." will read the file "foo.bar". This means that nsLocalFile::IsExecutable in nsLocalFileWin needs to be fixed to trim trailing dots before comparison. (Perhaps normalization needs to happen at an earlier stage? Are there any other functions in nsLocalFile that are security-sensitive?) Do we need to trim any other characters as well?
Comment 1•20 years ago
|
||
note bug 246280
Comment 2•20 years ago
|
||
sounds like this is fixed for seamonkey and just needed for firefox.
Flags: blocking-aviary1.1?
Assignee: darin → roc
Flags: blocking1.7.6+
Flags: blocking-aviary1.0.1+
Assignee: roc → dougt
<roc> what I want to know is: <roc> -- Does Windows strip trailing dots when you do a ShellExecute on a file? <roc> -- Does Windows strip trailing dots when you create a file? <roc> (i.e. via CreateFile API) I put together a test app to find out: ShellExecute(GetDesktopWindow(), "open", "test.txt...", NULL, ".", SW_RESTORE); This opened "test.txt". I could not find a way to create a file with trailing dots (I tried GUI apps, commandline, and cygwin). CreateFile("test2.txt...", FILE_ALL_ACCESS, FILE_SHARE_READ, NULL, CREATE_ALWAYS, 0, NULL); This created a file called "test2.txt".
thanks Chris. Do you want to try making a fix for this bug?
Updated•20 years ago
|
Whiteboard: need ETA
Updated•20 years ago
|
Whiteboard: need ETA → ETA 2/11
Assignee | ||
Comment 5•20 years ago
|
||
This patch does two things. First is normalizing the path in IsExecutable(). Secondly, and probably more importantly, we call IsExecutable() in Launch(). This will prevent us from executing processes that we have filtered out in IsExecute.
Attachment #173992 -
Flags: review?(dbaron)
Assignee | ||
Comment 6•20 years ago
|
||
dbaron, I am not sure if you had a particular test case that you wanted me to try out. attached are a few that I was playing with to ensure nothing got broken.
Reporter | ||
Comment 7•20 years ago
|
||
Comment on attachment 173992 [details] [diff] [review] Patch v.1 It doesn't look like the normalize function performs the normalization needed to fix this bug. (Do we need to do this for all components of the path, or just file names?)
Attachment #173992 -
Flags: review?(dbaron) → review-
Assignee | ||
Comment 8•20 years ago
|
||
this corrects normalization as you suggested.
Assignee | ||
Updated•20 years ago
|
Attachment #173992 -
Attachment is obsolete: true
Attachment #173996 -
Flags: review?(dbaron)
Reporter | ||
Comment 9•20 years ago
|
||
Is Launch supposed to work on files that aren't executable (i.e., launch the program that handles that type)?
Assignee | ||
Comment 10•20 years ago
|
||
fix the bug, and nothing but the bug.
Attachment #173996 -
Attachment is obsolete: true
Comment 11•20 years ago
|
||
Launch() needs to work on any file type the OS knows how to launch ("equivalent of doucle-clickin on the icon", like the documentation says).
Flags: blocking1.8b?
Reporter | ||
Comment 12•20 years ago
|
||
Comment on attachment 173996 [details] [diff] [review] Patch v.2 r- per comment 11
Attachment #173996 -
Flags: review?(dbaron) → review-
Reporter | ||
Comment 13•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review] Patch v.3 So I did some quick tests and found that Windows seems to strip all trailing dots and spaces off the last component of the path, but only a single trailing dot off of preceding components. This patch thus doesn't seem to do quite enough normalization. If you don't want to fix that here, could you please file a followup bug on fixing that issue? There may be other dangers in doing too little normalization (there's certainly danger in doing too much). (Also, is there a system function we could call to normalize the path? Does normalization differ across versions of Windows?)
Attachment #173998 -
Flags: review+
Assignee | ||
Comment 14•20 years ago
|
||
i do not see any danger in leaving a trailing dot in a non terminal component of a file path. I will check this in as is, and follow up with a new bug to review and possibly clean up the windows normalization code. I do remember a Win32 function called *FixUp* that normalized. It might have been defined by windows or maybe defined in another source base.
Comment 15•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review] Patch v.3 a=dveditz for 1.7 and aviary1.0.1 branches
Attachment #173998 -
Flags: approval1.7.6+
Attachment #173998 -
Flags: approval-aviary1.0.1+
Comment 16•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review] Patch v.3 a=dveditz for 1.8b too
Attachment #173998 -
Flags: approval1.8b+
Reporter | ||
Comment 17•20 years ago
|
||
I'm actually wondering now whether IsExecutable should really be changing the object by calling Normalize. We should probably be consistent across platforms about this sort of thing. Also, should we pull bug 187957 onto the branches? Does it have security implications?
Assignee | ||
Comment 18•20 years ago
|
||
dbaron and I agreed that IsExecutable should not mutate the object. The patch that landed was slightly modifed -- we are not calling Normalize in IsExecutable, but simply remove the trailing dots and spaces from the path before we compare. This patch landed on the trunk, 171, and avairy branches. I created bug 281951 to track normalization cleanup, if any. I am not sure if we need to back port normalize. As I remember, it was added to fixup problem when creating nsLocalFile's using bad paths from javascript.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Keywords: fixed-aviary1.0.1,
fixed1.7.6
Updated•20 years ago
|
Flags: blocking1.8b?
Flags: blocking-aviary1.1?
Comment 19•19 years ago
|
||
Doug: I am failing the testcases you posted. Not sure if I setup the environment wrong or if this bug is not fixed. I put notepad.exe in the right location and failed the last 5 tests: success &= TestExecute("C:\\windows\\notepad.exe", true); success &= TestExecute("C:\\windows\\notepad.exe .", false); success &= TestExecute("C:\\windows\\notepad.exe . ", false); success &= TestExecute("C:\\windows\\notepad.exe.", false); success &= TestExecute("C:\\windows\\notepad.exe..", false); success &= TestExecute("C:\\windows\\notepad.exe...", false); I could not create any files with trailing dots or spaces, so not sure if I need those files to exist. I'm guessing not, since the js code seems to handle all that stuff. What am I doing wrong? And if nothing, should we reopen this bug? I already reopened bug 275441 since it didn't look like the fix here worked for those cases. I could be wrong, so please let me know what I can do to retest. Thanks.
Comment 20•19 years ago
|
||
> success &= TestExecute("C:\\windows\\notepad.exe .", false);
isExecutable should be returning "true" for this case... so it looks like the
test is wrong?
Comment 21•19 years ago
|
||
reopening based on Jay's comment.
Comment 22•19 years ago
|
||
Er.. as far as I can tell, Jay's comment is based on incorrectly testing the fix.
Assignee | ||
Comment 23•19 years ago
|
||
bz, the test was written when I thought that we shouldn't say a file is executable if it ended in trailing spaces or dots.
Assignee | ||
Comment 24•19 years ago
|
||
sorry jay -- I should have be more clear about the usage of this testcase.
Comment 25•19 years ago
|
||
Doug: So should all of those cases be using "true" as the param for shouldExecute? We are trying to trim everything so that windows sees the file eventually as just "notepad.exe", right? If that is the case, I already tested with everything set to "true" and all the tests pass. If I'm still way off, let me know how to properly test this. Thanks. I'm guessin you guys might have already tested this again, but I still want to figure out how this works for my own sanity. :-) Feel free to mark this fixed again if you have verified it yourselves.
Comment 26•19 years ago
|
||
Updated testcase to pass correct param, and to eliminate the annoying multiple security requests that encourage granting permanent god privileges to any bugzilla attachment that comes along (which would be a really, really, bad thing to do).
Attachment #173993 -
Attachment is obsolete: true
Comment 27•19 years ago
|
||
(In reply to comment #26) > Updated testcase to pass correct param, and to eliminate the annoying multiple > security requests of course with default settings, no security request at all appears, and the testcase just fails to work
Comment 28•19 years ago
|
||
The new testcase worked fine for me and passed all the tests.
Comment 29•19 years ago
|
||
This one does appear fixed, it just didn't fix bug 275441 as expected.
Keywords: fixed-aviary1.0.1,
fixed1.7.6
Updated•19 years ago
|
Group: security
Comment 30•19 years ago
|
||
This bug is fixed, comment 21 was a mistake.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•