Closed
Bug 1029240
Opened 10 years ago
Closed 10 years ago
exponential backoff in safebrowsing code is completely broken
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mmc, Unassigned)
Details
Caller in listmanager.js: if (!status) { status = 500; } status = parseInt(status, 10); this.requestBackoffs_[updateUrl].noteServerResponse(status); Callee in nsUrlClassifierHashCompleter.js: noteServerResponse: function HC_noteServerResponse(aSuccess) { if (aSuccess) { this._backoff = false; this._nextRequestTime = 0; this._backoffTime = 0; return; } So this code backs off when the HTTP status code is 0 (which is never because the caller ensures that). Also the caller calls nextRequestDelay instead of nextRequestTime.
Reporter | ||
Comment 1•10 years ago
|
||
Sigh, the callee is actually request-backoff.js, not the hash completer. Delightfully they have interfaces with the same name with different semantics. http://mxr.mozilla.org/mozilla-central/source/toolkit/components/url-classifier/content/request-backoff.js
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 2•10 years ago
|
||
Well, it actually is completely broken, but for a different reason. In the downloadError callback, these lines schedule a non-repeating alarm that never gets upgraded to a repeating one, even if the download succeeds. This will be fixed in bug 1021419 so there's no need to keep this one open. this.currentUpdateChecker_ = 445 new G_Alarm(BindToObject(this.checkForUpdates, this), 446 this.requestBackoff_.nextRequestDelay());
You need to log in
before you can comment on or make changes to this bug.
Description
•