Closed Bug 1216986 Opened 10 years ago Closed 10 years ago

Password (form field) not stored for URLs using literal IPv6 addresses

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
41 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla45
Tracking Flags:
Tracking Status
firefox42 --- affected
firefox43 --- affected
firefox44 --- affected
firefox45 --- fixed

People

(Reporter: chkr, Assigned: MattN)

References

Details

Attachments

(2 files)

test.html
171 bytes, text/html
Details
MozReview Request: Bug 1216986 - Fix usage of nsIURI.host in password manager and prompt code to support IPv6. r=dolske,liuche,kanru
40 bytes, text/x-review-board-request
Dolske
: review+
kanru
: review+
liuche
: review+
Details
Attached file test.html
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Build ID: 20151015125802 Steps to reproduce: - use a web page having a password form field (or just put the attached test.html onto a web server accessible via IPv4 and IPv6) - access the web page using its IPv4 and its IPv6 address like http://[2001:0DB8::1]/test.html (use a global or unique local address) - fill out the password field and press enter to submit the form Actual results: IPv4: - password manager asks for storing the password - password is actually stored (Preferences -> Security -> Saved Passwords) IPv6: a) firefox 41.0.2 - password manager asks for storing the password - password is NOT stored b) today's nightly: 44.0a1 (2015-10-19) - password manager does not ask for storing the password - password is NOT stored Expected results: Even when using a literal IPv6 address (at least for global or unique local addresses) in the URL, the password manager should store the password.
Component: Untriaged → Password Manager
Product: Firefox → Toolkit
I used today's hg head for generating the log files. They contain all debug messages for the 3rd step in the initial description (fill out the field and press enter). -------------------- hg summary parent: 273813:45273bbed8ef tip -------------------- IPv6: observer notified for form submission. LoginManagerContent.jsm:44 Couldn't parse origin for http://2001:0DB8::1 LoginManagerContent.jsm:1179 TypeError: http://2001:0DB8::1 is not a valid URL. LoginManagerParent.jsm:184:25 _filterRecipesForForm undefined LoginRecipes.jsm:197 getFieldOverrides: filtered recipes: <unavailable> LoginRecipes.jsm:222 (form -- no username field found) LoginManagerContent.jsm:673 Password field <unavailable> has name: LoginManagerContent.jsm:683 nsLoginManager:Checking if logins to http://2001:0DB8::1 can be saved. nsLoginManager.js:434 Login storage:Getting login saving is enabled for http://2001:0DB8::1 storage-json.js:409 nsLoginManager:Searching for logins matching host: http://2001:0DB8::1 formSubmitURL: null httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 LoginManagerPrompter:===== initialized ===== nsLoginManagerPrompter.js:710 LoginManagerPrompter:_getShortDisplayHost couldn't process http://2001:0DB8::1 nsLoginManagerPrompter.js:1621 NS_ERROR_MALFORMED_URI: Component returned failure code: 0x804b000a (NS_ERROR_MALFORMED_URI) [nsIIOService2.newURI] nsLoginManagerPrompter.js:986:0 onDOMFormHasPassword: <unavailable> <unavailable> LoginManagerContent.jsm:281 Couldn't parse origin for http://2001:0DB8::1 LoginManagerContent.jsm:1179 nsLoginManager:Counting logins matching host: http://2001:0DB8::1 formSubmitURL: httpRealm: null nsLoginManager.js:405 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_countLogins: counted logins: 0 storage-json.js:469 Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.[Learn More] <unknown> Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.[Learn More] <unknown> nsLoginManager:Counting logins matching host: http://2001:0DB8::1 formSubmitURL: httpRealm: null nsLoginManager.js:405 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_countLogins: counted logins: 0 storage-json.js:469 IPv4: observer notified for form submission. LoginManagerContent.jsm:44 _filterRecipesForForm <unavailable> LoginRecipes.jsm:197 getFieldOverrides: filtered recipes: <unavailable> LoginRecipes.jsm:222 (form -- no username field found) LoginManagerContent.jsm:673 Password field <unavailable> has name: LoginManagerContent.jsm:683 nsLoginManager:Checking if logins to "http://127.0.0.1" can be saved. nsLoginManager.js:434 Login storage:Getting login saving is enabled for "http://127.0.0.1" storage-json.js:409 nsLoginManager:Searching for logins matching host: "http://127.0.0.1" formSubmitURL: "http://127.0.0.1" httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 LoginManagerPrompter:===== initialized ===== nsLoginManagerPrompter.js:710 LoginManagerPrompter:"_getShortDisplayHost couldn't process http://127.0.0.1" nsLoginManagerPrompter.js:1621 nsLoginManager:Searching for logins matching host: "http://127.0.0.1" formSubmitURL: "http://127.0.0.1" httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 nsLoginManager:Searching for logins matching host: "http://127.0.0.1" formSubmitURL: "http://127.0.0.1" httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 onDOMFormHasPassword: <unavailable> <unavailable> LoginManagerContent.jsm:281 nsLoginManager:Counting logins matching host: "http://127.0.0.1" formSubmitURL: httpRealm: null nsLoginManager.js:405 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_countLogins: counted logins: 0 storage-json.js:469 Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.[Learn More] <unknown> nsLoginManager:Counting logins matching host: "http://127.0.0.1" formSubmitURL: httpRealm: null nsLoginManager.js:405 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_countLogins: counted logins: 0 storage-json.js:469 nsLoginManager:Searching for logins matching host: "http://127.0.0.1" formSubmitURL: "http://127.0.0.1" httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 nsLoginManager:Searching for logins matching host: "http://127.0.0.1" formSubmitURL: "http://127.0.0.1" httpRealm: null nsLoginManager.js:375 Login storage:_searchLogins: returning 0 logins storage-json.js:376 Login storage:_findLogins: returning 0 logins storage-json.js:451 nsLoginManager:Adding login nsLoginManager.js:302 Login crypto:SDR slot status is 5 crypto-SDR.js:174
Flags: needinfo?(chkr)
Thanks a lot! (In reply to Christian Krause from comment #2) > IPv6: > observer notified for form submission. LoginManagerContent.jsm:44 > Couldn't parse origin for http://2001:0DB8::1 LoginManagerContent.jsm:1179 > TypeError: http://2001:0DB8::1 is not a valid URL. This seems to be the problem.
The problem is that nsIURI.host doesn't include the square brackets around the IPv6 address (I guess because it's assumed it won't be used with a port?) whereas hostPort does the right thing. http://hg.mozilla.org/mozilla-central/diff/f169b5d66bc8/toolkit/components/passwordmgr/src/nsLoginManager.js changed from .hostPort to .host due to bug 396316 comment 20 but that problem has since been fixed: > Services.io.newURI("http://user@[2001:470:1:18::119]:80/foo/", null, null).hostPort > > "[2001:470:1:18::119]" > Services.io.newURI("http://user@[2001:470:1:18::119]:81/foo/", null, null).hostPort > > "[2001:470:1:18::119]:81" > Services.io.newURI("http://user@[2001:470:1:18::119]/foo/", null, null).port > > -1 I've been wanting to cleanup this code to use .hostPort for a while anyways…
Assignee: nobody → MattN+bmo
Blocks: 396316
Status: UNCONFIRMED → ASSIGNED
status-firefox42: --- → affected
status-firefox43: --- → affected
status-firefox44: --- → affected
status-firefox45: --- → affected
Ever confirmed: true
Bug 1216986 - Fix usage of nsIURI.host in password manager and prompt code to support IPv6. r=dolske,liuche,kanru
Attachment #8691777 - Flags: review?(liuche)
Attachment #8691777 - Flags: review?(kchen)
Attachment #8691777 - Flags: review?(dolske)
Attachment #8691777 - Flags: review?(kchen) → review+
Comment on attachment 8691777 [details] MozReview Request: Bug 1216986 - Fix usage of nsIURI.host in password manager and prompt code to support IPv6. r=dolske,liuche,kanru https://reviewboard.mozilla.org/r/26185/#review23567
I just tested the submitted patch: Both of my use cases (IPv4 and IPv6) work without any problems now. Thank you very much!
Comment on attachment 8691777 [details] MozReview Request: Bug 1216986 - Fix usage of nsIURI.host in password manager and prompt code to support IPv6. r=dolske,liuche,kanru https://reviewboard.mozilla.org/r/26185/#review23631
Attachment #8691777 - Flags: review?(dolske) → review+
Comment on attachment 8691777 [details] MozReview Request: Bug 1216986 - Fix usage of nsIURI.host in password manager and prompt code to support IPv6. r=dolske,liuche,kanru The Android parts look good to me!
Attachment #8691777 - Flags: review?(liuche) → review+
https://hg.mozilla.org/mozilla-central/rev/30f9c10a9e5b
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox45: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: