Closed Bug 1349903 Opened 7 years ago Closed 7 years ago

HttpChannelParent::DoAsyncOpen() would crash when a void LoadInfo is received

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla55
Tracking Flags:
Tracking Status
firefox55 --- fixed

People

(Reporter: hchang, Assigned: timhuang)

References

Details

(Whiteboard: [necko-active])

Attachments

(2 files)

Bug 1349903 - Remove the code section of getting originAttributes from loadInfo in HttpChannelParent::DoAsyncOpen() and add a null check for loadInfo.
59 bytes, text/x-review-board-request
mayhemer
: review+
Details
Remove the code section of getting originAttributes from loadInfo in HttpChannelParent::DoAsyncOpen() and add a null check for loadInfo. r?mayhemer
1.50 KB, patch
timhuang
: review+
Details | Diff | Splinter Review 
Tim, is looks like you did the HttpChannelParent.cpp change, you up to addressing this concern?
Flags: needinfo?(tihuang)
I am also aware the originAttributes we get from loadInfo is not used at all.
That part can be removed. The rest of concern is when we get a null loadInfo,
should we return error or pass it around. (loadInfo will be used to new the
actual channel a couple of lines below.)
The original purpose of the originAttributes here is for appId. However, the appId is gone. So I think we can remove this part of code. And I think we should return an error when we get a null loadInfo since every channel should have a loadInfo.
Assignee: nobody → tihuang
Status: NEW → ASSIGNED
Flags: needinfo?(tihuang)
Whiteboard: [necko-active]
originAttributes is heavily used by tor for segmenting things by first party.. does that apply here?
Comment on attachment 8851161 [details]
Bug 1349903 - Remove the code section of getting originAttributes from loadInfo in HttpChannelParent::DoAsyncOpen() and add a null check for loadInfo.

https://reviewboard.mozilla.org/r/123542/#review126264

has there been a test case for this?  seems like this has been reported w/o a crash report based only on code inspection
Attachment #8851161 - Flags: review?(honzab.moz) → review+
I spotted this issue when I was initiating the IPDL-based fuzzing work.

As a starter/exploration/experiment, I picked some typical protocols to handicraft
their fuzzer. Compared to low level IPC fuzzing, the intention of IPDL fuzzing is to
be able to assemble more parameter-type-aware IPC message so that we can try to
attack the "handler" level instead of merely the IPC infrastructure.

Since PHttpChannel is so frequently used and is managed by PNecko/PContent (which
is the most fundamental parent protocols), it's chosen as my very first fuzzer.
need final review/ship it on mozreview so that we can use the autoland feature.
Flags: needinfo?(tihuang)
Carrying r+ from Honza. Please land this patch instead of the patch from
mozreivew. Thanks a lot.
Attachment #8852344 - Flags: review+
Flags: needinfo?(tihuang)
Keywords: checkin-needed
Sheriff, could you please land the patch from comment 11 to inbound. Thanks a lot.
Pushed by ihsiao@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bef7c269687e
Remove the code section of getting originAttributes from loadInfo in HttpChannelParent::DoAsyncOpen() and add a null check for loadInfo. r=mayhemer
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/bef7c269687e
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: