Closed
Bug 411572
Opened 17 years ago
Closed 16 years ago
Unnamed attachments reveal full local paths when forwarded inline or edited as new
Categories
(MailNews Core :: Attachments, defect)
MailNews Core
Attachments
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla1.9beta4
People
(Reporter: rsx11m.pub, Assigned: rsx11m.pub)
Details
(Keywords: fixed1.8.1.13, privacy)
Attachments
(1 file)
|
3.08 KB,
patch
|
standard8
:
review+
Bienvenu
:
superreview+
dveditz
:
approval1.8.1.13+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9b3pre) Gecko/2008010802 SeaMonkey/2.0a1pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.9b3pre) Gecko/2008010802 SeaMonkey/2.0a1pre Initially observed by Rimas Kudelis, bug 190298 comment #19. When an attachment has no name, forwarding inline or editing as new results in the URI used as the attachment name. Following the discussion in bug 176016 comment #7, exposing relevant information on the profile or user/host-related name and file structures in an e-mail should be avoided. The "file:" URI may potentially expose the user name and local file structure by providing the full path to the temporary file. Thus, the fix for bug 176016 should be extended to also include this URI type. Reproducible: Always Steps to Reproduce: Forward inline or edit as new a message with unnamed attachment: > Content-Type: image/png > Content-Transfer-Encoding: base64 > Content-Disposition: inline Actual Results: Full path to temporary file, here exposing user name in Windows XP: > Content-Type: image/png; > name="file:///C:/DOCUME~1/(user)/LOCALS~1/TEMP/nsmail.png" > Content-Transfer-Encoding: base64 > Content-Disposition: inline; > filename="file:///C:/DOCUME~1/(user)/LOCALS~1/TEMP/nsmail.png" Expected Results: Neutral attachment name similar to mailbox: > Content-Type: image/png; > name="Attached Message Part" > Content-Transfer-Encoding: base64 > Content-Disposition: inline; > filename="Attached Message Part"
This patch hides the "file:" attachment name generated from the URI if no name is explicitly set. It has no effect on manually attached files, or files passed on the command line with the "-compose" option, as for those an explicit attachment name is generated. Tested with forwarding inline and editing as new, both for the original message and a forwarded message that was opened from a message/rfc822 attachment. The other option would be to process the temporary file name through a basename function, similar to attachments passed on the command line. However, as the temporary file name doesn't contain any significant information, using the generic partAttachmentSafeName appears to be sufficient.
|
||
Comment 2•17 years ago
|
||
Are you going to ask for review on the patch? (See http://developer.mozilla.org/en/docs/Getting_your_patch_in_the_tree if you're not familiar with the Mozilla development process.)
Attachment #296221 -
Flags: superreview?(bienvenu)
Attachment #296221 -
Flags: review?(bugzilla)
Done - thanks for the reminder and the link. I just wanted to wait until this has been confirmed, before officially requesting a review.
|
||
Updated•17 years ago
|
Keywords: regression
|
||
Updated•17 years ago
|
Keywords: regression
|
||
Comment 4•16 years ago
|
||
Comment on attachment 296221 [details] [diff] [review] Proposed fix ideally, wouldn't we use the leaf name of the file w/o the whole path?
Attachment #296221 -
Flags: superreview?(bienvenu) → superreview+
Thanks David. > wouldn't we use the leaf name of the file w/o the whole path? That's what I meant with "temporary file name doesn't contain any significant information" in comment #1. Given that the file is temporary, its name "nsmail*" doesn't seem to make much sense. Thus, I figured treating it similarly as the other URI's gives it a more descriptive name.
|
||
Comment 7•16 years ago
|
||
Comment on attachment 296221 [details] [diff] [review] Proposed fix Sorry for the delay in reviewing this. r=me.
Attachment #296221 -
Flags: review?(bugzilla) → review+
Thanks, marking for checkin then. As this is a privacy issue, should this go into trunk only or is this also suitable for the branch?
Keywords: checkin-needed
|
||
Updated•16 years ago
|
Assignee: nobody → rsx11m.pub
|
|
||
Comment 9•16 years ago
|
||
Checking in mailnews/compose/resources/content/MsgComposeCommands.js; /cvsroot/mozilla/mailnews/compose/resources/content/MsgComposeCommands.js,v <-- MsgComposeCommands.js new revision: 1.411; previous revision: 1.410 done Checking in mail/components/compose/content/MsgComposeCommands.js; /cvsroot/mozilla/mail/components/compose/content/MsgComposeCommands.js,v <-- MsgComposeCommands.js new revision: 1.125; previous revision: 1.124 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta4
|
Assignee | |
Comment 10•16 years ago
|
||
> Target Milestone | --- | mozilla1.9beta4
Ok, I'll take that as a "no" for the branch then.
The path issue is probably benign enough...|
|
||
Comment 11•16 years ago
|
||
(In reply to comment #10) > > Target Milestone | --- | mozilla1.9beta4 > > Ok, I'll take that as a "no" for the branch then. > The path issue is probably benign enough... You can still request approval. The TM has nothing to do with whether the patch can land on the branch or not. Make sure the patch applies on the branch and then request approval1.8.1.13.
|
|
Assignee | |
Comment 12•16 years ago
|
||
Comment on attachment 296221 [details] [diff] [review] Proposed fix Ah, I see. I verified that the code of the AddAttachment() function is identical in trunk and branch versions, and I had tested it against the branch before posting.
Attachment #296221 -
Flags: approval1.8.1.13?
|
||
Comment 13•16 years ago
|
||
For defensive programming, I could imagine a lot more types of URI schemes in that blacklist. Maybe gecko wants an isInternalProtocolScheme() function somewhere. I could also imagine this being a whitelist rather than a blacklist, though it might break functionality that we care about.
|
||
Comment 14•16 years ago
|
||
Comment on attachment 296221 [details] [diff] [review] Proposed fix approved for 1.8.1.13, a=dveditz,dmose for release-drivers
Attachment #296221 -
Flags: approval1.8.1.13? → approval1.8.1.13+
|
|
Assignee | |
Comment 15•16 years ago
|
||
Thanks to both of you - checkin for branch then, please.
Keywords: checkin-needed
|
|
||
Comment 16•16 years ago
|
||
Checked in on the MOZILLA_1_8_BRANCH Checking in mail/components/compose/content/MsgComposeCommands.js; /cvsroot/mozilla/mail/components/compose/content/MsgComposeCommands.js,v <-- MsgComposeCommands.js new revision: 1.72.2.32; previous revision: 1.72.2.31 done Checking in mailnews/compose/resources/content/MsgComposeCommands.js; /cvsroot/mozilla/mailnews/compose/resources/content/MsgComposeCommands.js,v <-- MsgComposeCommands.js new revision: 1.369.2.18; previous revision: 1.369.2.17 done
Keywords: checkin-needed → fixed1.8.1.13
|
||
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•