Closed
Bug 1504510
Opened 6 years ago
Closed 6 years ago
Firefox is being crashed, everytime it find chunked stream ending with zero and sending data after that also
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1504512
People
(Reporter: saikumarssn.cse, Unassigned)
Details
Attachments
(1 file)
322 bytes,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 Steps to reproduce: Firefox is being crashed, when it tried to process the chunked data. when Transfer-Encoding header is used, we suppose to send the data in the chunks form. When all the chunks being transferred, we need to tell the client with chunk length zero. so that it understands chunked stream completed. But if we send the data after sending zero length, then firefox not able to understand it, and it being crashed. Example: 5 Don't 5 be af 5 firef 5 ox is 0 crash(after saying it is end, we still sending some data) \r\n ---->here we are saying no chunked data after this.so that it should end with \r\n. But we are sending some data after this also. Like steps to reproduce the crash 1)download the firefoxcrash.txt 2)nc -lp 8000 < firefoxcrash.txt 3)browe the url from firefox like http://localhost:8000 4)then close the netcat client. then you will obserev the firefox crash. Actual results: Mozilla firefox is unable to process the invalid chunk end length. It is being crashed every time when invalid chunk end length comes. Expected results: It should have not process the payload or it should raise an error instead of crashing.
Updated•6 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•1 year ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•