Closed Bug 1663219 Opened 4 years ago Closed 4 years ago

mimeVerify.onStopRequest attempts to check for a null url, but has already defined it as an empty object

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr78 fixed, thunderbird81 fixed)

Status:
RESOLVED FIXED
Milestone:
82 Branch
Tracking Flags:
Tracking Status
thunderbird_esr78 --- fixed
thunderbird81 --- fixed

People

(Reporter: standard8, Assigned: mkmelin)

Details

Attachments

(1 file, 1 obsolete file)

bug1663219_pgp_url_check.patch
2.22 KB, patch
patrick
: review+
rjl
: approval-comm-beta+
wsmwk
: approval-comm-esr78+
Details | Diff | Splinter Review

I can only reproduce this with my Conversations add-on in-testing, so I don't think this would be hit normally, however it still looks like a bug in the code:

https://searchfox.org/comm-central/rev/08446144d5725b6e9c2b5f206da75a565910ae55/mail/extensions/openpgp/content/modules/mimeVerify.jsm#423,515

let url = {};
...
if (this.msgUriSpec) {
  url = EnigmailCompat.getUrlFromUriSpec(this.msgUriSpec);
}
...
if (this.uri && url) {

The url check is always going to pass since the empty object is not null.

I spotted this, because when the url hasn't been assigned, the subsequent call to EnigmailURIs.msgIdentificationFromUrl throws.

Attached patch bug1663219_pgp_url_check.patch (obsolete) — Splinter Review

Move definition down to where it's first used, and make it null when not set.
We're also already inside if (this.uri)

Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Attachment #9174089 - Flags: review?(patrick)
Attachment #9174089 - Attachment is obsolete: true
Attachment #9174089 - Flags: review?(patrick)
Attachment #9174090 - Flags: review?(patrick)
Attachment #9174090 - Flags: review?(patrick) → review+
status-thunderbird81: --- → affected
status-thunderbird_esr78: --- → affected
Keywords: checkin-needed-tb
Target Milestone: --- → 82 Branch

please uplift correctness fixes to 78 for code consistency

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/1a13d435f8ae
fix url check in MimeVerify.onStopRequest. r=PatrickBrunschwig

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9174090 [details] [diff] [review]
bug1663219_pgp_url_check.patch

[Approval Request Comment]
Code correction fix, unclear if it has user impact in practice. Should be safe.

Attachment #9174090 - Flags: approval-comm-esr78?
Attachment #9174090 - Flags: approval-comm-beta?

Comment on attachment 9174090 [details] [diff] [review]
bug1663219_pgp_url_check.patch

[Triage Comment]
Approved for 81.0b3 by wsmwk via Matrix.

Attachment #9174090 - Flags: approval-comm-beta? → approval-comm-beta+

Comment on attachment 9174090 [details] [diff] [review]
bug1663219_pgp_url_check.patch

[Triage Comment]
Approved for esr78.

Attachment #9174090 - Flags: approval-comm-esr78? → approval-comm-esr78+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: