Closed
Bug 1356581
Opened 7 years ago
Closed 7 years ago
null payload in history
Categories
(Firefox :: Sync, defect)
Firefox
Sync
Tracking
()
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox55 | --- | affected |
People
(Reporter: rnewman, Unassigned)
References
Details
Bug 1354935 was caused by an apparently otherwise well-formed history record -- valid HMAC, decrypted correctly, had an ID -- having a payload that was JSON "null". We assume that this record came from desktop, given the users who know of who were affected. Those aren't Nightly users. It's not impossible that node reassignment is causing users to see their own records, though, so I'll be filing another bug for iOS. The following seem like a good idea: * tcsc suggests adding validation to WBORecord.encrypt to refuse to encrypt null cleartext. (A second pass through .encrypt appears to be the only way to cause this, and that doesn't happen in the code…) * Extending Mark's about:sync add-on to let us detect and inspect these records on the server. Filed <https://github.com/mhammond/aboutsync/issues/26> for that. * More code reading to see if it's possible for us to upload malformed records like this. * More code reading to make sure desktop does the right thing if it encounters a record like this. What else?
Reporter | ||
Comment 2•7 years ago
|
||
We found the cause: the SwiftyJSON port was causing iOS itself to upload malformed records for some source data. Feel free to continue to harden desktop, of course!
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(markh)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•