No upper limit on digest256 list file size

RESOLVED FIXED in Firefox 48

Status

()

Toolkit
Safe Browsing
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mwobensmith, Assigned: dimi)

Tracking

43 Branch
mozilla43
Points:
---

Firefox Tracking Flags

(firefox48 fixed)

Details

(Whiteboard: tpe-seceng)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

Some error/boundary tests revealed that Firefox accepted and parsed an 88mb list file. We don't anticipate ever supporting a list file that big, and in fact would like to limit the list size to something more reasonable, such as 32mb. 

As per discussion with François, we'd probably want to reject this condition at download time, parse time, or both.
Blocks: 1149867
Component: DOM: Security → Safe Browsing
Product: Core → Toolkit
Summary: No upper limit on shaver list file size → No upper limit on digest256 list file size
See also bug 1212601.
Assignee: francois → nobody
Whiteboard: tpe-seceng
(Assignee)

Updated

2 years ago
Assignee: nobody → dlee
(Assignee)

Comment 2

2 years ago
Created attachment 8735383 [details]
MozReview Request: Bug 1212600 - No upper limit on digest256 list file size. r=francois

Review commit: https://reviewboard.mozilla.org/r/42765/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/42765/
Attachment #8735383 - Flags: review?(francois)
Comment on attachment 8735383 [details]
MozReview Request: Bug 1212600 - No upper limit on digest256 list file size. r=francois

https://reviewboard.mozilla.org/r/42765/#review39233
Attachment #8735383 - Flags: review?(francois) → review+
Comment on attachment 8735383 [details]
MozReview Request: Bug 1212600 - No upper limit on digest256 list file size. r=francois

gcp, does that look reasonable to you too?
Attachment #8735383 - Flags: review?(gpascutto)
Comment on attachment 8735383 [details]
MozReview Request: Bug 1212600 - No upper limit on digest256 list file size. r=francois

https://reviewboard.mozilla.org/r/42765/#review39479

Looks fine, but we should consider gathering these limits together. (i.e. this + MAX_CHUNK_SIZE, MAX_CHUNK_RANGE, etc)
Attachment #8735383 - Flags: review?(gpascutto) → review+
(Assignee)

Updated

2 years ago
Keywords: checkin-needed

Comment 6

2 years ago
https://hg.mozilla.org/integration/fx-team/rev/7c857bd36bc2
Keywords: checkin-needed

Comment 7

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/7c857bd36bc2
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox48: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.