1388836 - segfault in http basic auth (related to privacybadger?)

Status: RESOLVED DUPLICATE of bug 1382178

(Core :: Networking: HTTP, defect)

Description

[Brian Gomes Bascoy]

Attachment: request.pcap

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170808130316

Steps to reproduce:

Requires: Privacy Badger 2017.7.24

Trying to access the following URL will generate a segfault if the user cancels the request when the popup shows up:
http://MIDI_ExtraLink:0@mdxonline.mydns.jp/_/MIDI_ExtraLink/

Interestingly if you remove the path, canceling the request will proceed as expected.

I am not sure if it's relevant, but just in case I have attached the basic auth request.


Actual results:

Firefox crashes (I submitted a separated report for this)


Expected results:

Display the 401 unauthorized error message probably, or just a white page.

Comment 1

[:Gijs (he/him)]

(In reply to pera from comment #0)
> Firefox crashes (I submitted a separated report for this)

Can you provide a link to this report (go to about:crashes, click the link corresponding to the time of the crash, copy and paste URL here) ?

Comment 2

[Brian Gomes Bascoy]

Forgot that, sorry: https://crash-stats.mozilla.com/report/index/7a1ab2e1-38b1-418f-a25c-325a60170809

Comment 3

[:Gijs (he/him)]

:bagder, is this basically bug 1382178 , given this is 55? Should we uplift 1382178 to 56? (Am I right in thinking this is a nullptr deref so it doesn't need to be sec-sensitive)

Comment 4

[Daniel Stenberg [:bagder]]

Yes, it looks like that bug exactly and yes, uplifting seems like a great idea!