Closed Bug 1356581 Opened 7 years ago Closed 7 years ago

null payload in history

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox55 --- affected

People

(Reporter: rnewman, Unassigned)

References

Details

Bug 1354935 was caused by an apparently otherwise well-formed history record -- valid HMAC, decrypted correctly, had an ID -- having a payload that was JSON "null".

We assume that this record came from desktop, given the users who know of who were affected. Those aren't Nightly users. It's not impossible that node reassignment is causing users to see their own records, though, so I'll be filing another bug for iOS.

The following seem like a good idea:

* tcsc suggests adding validation to WBORecord.encrypt to refuse to encrypt null cleartext. (A second pass through .encrypt appears to be the only way to cause this, and that doesn't happen in the code…)

* Extending Mark's about:sync add-on to let us detect and inspect these records on the server. Filed <https://github.com/mhammond/aboutsync/issues/26> for that.

* More code reading to see if it's possible for us to upload malformed records like this.

* More code reading to make sure desktop does the right thing if it encounters a record like this.

What else?
See Also: → 1356582
NI to split this into actionable bugs.
Flags: needinfo?(markh)
We found the cause: the SwiftyJSON port was causing iOS itself to upload malformed records for some source data. Feel free to continue to harden desktop, of course!
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(markh)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.