Closed
Bug 1380148
Opened 7 years ago
Closed 5 years ago
HttpChannelChild will happily produce bogus null security info
Categories
(Core :: Networking: HTTP, enhancement, P3)
Tracking
()
RESOLVED
FIXED
mozilla66
People
(Reporter: bzbarsky, Assigned: valentin)
References
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
HttpChannelChild::OnStartRequest does: if (!securityInfoSerialization.IsEmpty()) { NS_DeserializeObject(securityInfoSerialization, getter_AddRefs(mSecurityInfo)); } Note the lack of checking of whether NS_DeserializeObject succeeded. When someone introduces a bug that makes it fail (see bug 1380132) we happily treat everything as insecure and _cache_ it that way in serviceworkers and whatnot. We should probably show an error page or something in this situation. Or something. Similar issue in HttpChannelChild::Redirect1Begin.
Comment 1•7 years ago
|
||
Blocking bug 1332190 because its try builds are somewhat suspect while we ignore these errors.
Blocks: 1332190
Comment 3•7 years ago
|
||
Jason, can you please find someone to work on this?
Assignee: nobody → jduell.mcbugs
Flags: needinfo?(honzab.moz)
Whiteboard: [necko-active]
Comment 4•7 years ago
|
||
This bug doesn't need to block 1332190. My understanding of the description is that this bug is filed to add some missing error checking which is needed with or without 1332190. Bug 1332190 caused bug 1332190 which is being addressed.
Comment 5•7 years ago
|
||
Bulk priority update: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Comment 6•7 years ago
|
||
P2 but would be nice to have ASAP.
Severity: critical → normal
status-firefox55:
--- → affected
status-firefox56:
--- → affected
status-firefox57:
--- → affected
status-firefox-esr52:
--- → affected
Priority: P1 → P2
Whiteboard: [necko-active]
Updated•7 years ago
|
Whiteboard: [necko-triaged]
Comment 7•6 years ago
|
||
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Assignee | ||
Updated•5 years ago
|
Assignee: jduell.mcbugs → valentin.gosu
Assignee | ||
Comment 8•5 years ago
|
||
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/bf2f21326169 Assert if securityInfo deserialization fails r=mayhemer
Comment 10•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/bf2f21326169
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox66:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Updated•5 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•