Closed Bug 1837830 Opened 2 years ago Closed 2 years ago

Native messaging manifests no longer allow relative paths contaning a `..` component

Categories

(WebExtensions :: Compatibility, defect, P1)

Product:
WebExtensions
Component:
Compatibility
Version:
Firefox 114
Platform:
Unspecified
Windows
Type:
defect

Tracking

(firefox-esr102 unaffected, firefox114 fixed, firefox115 fixed, firefox116 fixed)

Status:
RESOLVED FIXED
Milestone:
116 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox114 --- fixed
firefox115 --- fixed
firefox116 --- fixed

People

(Reporter: emk, Assigned: robwu)

References

(Regression,
URL
)

Details

(Keywords: regression, Whiteboard: [addons-jira])

Attachments

(1 file, 1 obsolete file)

Bug 1837830 - Allow ".." relative path in NativeMessaging on Windows
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-beta+
pascalc
: approval-mozilla-release+
Details | Review

I do not use this site myself, but according to the announcement, it stopped working since Firefox 114 for Windows:
https://myna.go.jp/html/info/index.html#Login (Japanese)

Regression range:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6d838112fbd5b0dbc4b260e63abea99748e91587&tochange=cff507e2b180811754fda1c13649195b6d438f82

Component: Desktop → IOUtils and PathUtils
Keywords: regression
Product: Web Compatibility → Toolkit
Regressed by: 1772932

I got this error with broken build:

OperationError: PathUtils.joinRelative: Could not append to path: NS_ERROR_FILE_UNRECOGNIZED_PATH NativeMessaging.jsm:98:33
    startupPromise resource://gre/modules/NativeMessaging.jsm:98

Corresponding source location:
https://searchfox.org/mozilla-central/rev/aa7b0c53b36a74f7b1fc65b9f3c29320ad51cc0a/toolkit/components/extensions/NativeMessaging.sys.mjs#84

Set release status flags based on info from the regressing bug 1772932

:barret, since you are the author of the regressor, bug 1772932, could you take a look? Also, could you set the severity field?

For more information, please visit BugBot documentation.

status-firefox114: --- → affected
status-firefox115: --- → affected
status-firefox116: --- → affected
status-firefox-esr102: --- → unaffected
Flags: needinfo?(brennie)

PathUtils.joinRelative throws with the following parameters:

PathUtils.joinRelative("C:\\Users\\xxxx\\AppData\\Local\\MPA\\Firefox\\extension", "..\\bin\\MPA_Wrapper.exe");

On the other hand, OS.Path.join works:

OS.Path.join("C:\\Users\\xxxx\\AppData\\Local\\MPA\\Firefox\\extension", "..\\bin\\MPA_Wrapper.exe");

Apparently PathUtils.joinRelative rejects .. segments. Is this change intentional?

According to the Native messaging manifests spec, path may be relative to the manifest itself on Windows. So I think this is a bug.

Component: IOUtils and PathUtils → Compatibility
Product: Toolkit → WebExtensions
Summary: Cannot login to Mynaportal using Individual Number Card → Native messaging manifests no longer allow relative paths contaning a `..` component
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED

Due to this bug, in Firefox 114, personal authentication using IC card reader / writer device does not work on various sites that provide Japanese government services.
I think this bug will have a big impact on the reliability of Firefox, so I think it should be set as a high priority.

Individual Number Card - Wikipedia

Severity: -- → S3
Flags: needinfo?(brennie)
Priority: -- → P1

(In reply to Masatoshi Kimura [:emk] from comment #4)

Apparently PathUtils.joinRelative rejects .. segments. Is this change intentional?

This change is not intentional. This is already the 4th unique regression caused by the changes associated with the osfile refactor. I'm going to take a thorough look at the desired path forward to minimize further compatibility risk.

I'm going to author patches to fast-track a reliable fix here (not just the bug reported here, but potentially others).

Duplicate of this bug: 1837294

(In reply to Rob Wu [:robwu] from comment #8)

I'm going to author patches to fast-track a reliable fix here (not just the bug reported here, but potentially others).

Should I transfer the ownership of this bug?

I'll do that. And thanks for your helpful report and regression range!

Assignee: VYV03354 → rob
Whiteboard: [addons-jira]

NativeMessaging manifests on Windows are permitted to have relative
paths, including .. to traverse directories.

The original logic using OS.Path did not ".." in a special way, but the
replacement (PathUtils.joinRelative) from bug 1772932 does, by throwing.
To avoid the issue, we join these paths by string concatenation instead.
This is safe because:

  • The left side of the path is already an absolute path, to the
    directory of the native manifest.

  • The right side of the path is the command from the manifest. The path
    joining logic is only entered when the command is not an absolute
    path, which implies that the path is relative.

  • Directory traversal "attacks" are not a concern here, because the
    "path" field is already specified to be an arbitrary path to an
    arbitrary binary, as part of the NativeMessaging API.

For completeness, this patch does not only add a test case for ".." in
relative paths (=the bug being fixed on Windows), but also ".." and "."
in absolute paths (=no change in behavior, already working on every OS).

Attachment #9338516 - Attachment is obsolete: true
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/99743dbea63b Allow ".." relative path in NativeMessaging on Windows r=extension-reviewers,rpl

https://hg.mozilla.org/mozilla-central/rev/99743dbea63b

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox116: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 116 Branch

Please consider uplifting this to 115 and (hopefully) a dot release of 114.

Flags: needinfo?(rob)

Comment on attachment 9338762 [details]
Bug 1837830 - Allow ".." relative path in NativeMessaging on Windows

Beta/Release Uplift Approval Request

  • User impact if declined: Extensions cannot communicate with native messaging hosts that have been registered with a relative path containing ".." (on Windows). This includes an authentication mechanism for a Japanese government website (https://myna.go.jp) and the Adobe Acrobat extension.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Targeted change in NativeMessaging implementation, fully covered by unit tests.
  • String changes made/needed: none
  • Is Android affected?: No
Flags: needinfo?(rob)
Attachment #9338762 - Flags: approval-mozilla-release?
Attachment #9338762 - Flags: approval-mozilla-beta?

Comment on attachment 9338762 [details]
Bug 1837830 - Allow ".." relative path in NativeMessaging on Windows

Approved for 115.0b6.

Attachment #9338762 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Duplicate of this bug: 1838611
Duplicate of this bug: 1837952

Comment on attachment 9338762 [details]
Bug 1837830 - Allow ".." relative path in NativeMessaging on Windows

Approved for 104.0.2 next week, thanks.

Attachment #9338762 - Flags: approval-mozilla-release? → approval-mozilla-release+
Duplicate of this bug: 1837863
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: