Regression in TB 128.6.0: Drafts and templates which are S/MIME signed lose their content on reuse
Categories
(MailNews Core :: Security: S/MIME, defect, P1)
Tracking
(thunderbird_esr128 fixed, thunderbird135 fixed)
People
(Reporter: francesco, Assigned: KaiE)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [regression 128.5.2->128.6.0])
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
corey
:
approval-comm-beta+
corey
:
approval-comm-esr128+
|
Details | Review |
Set up an IMAP account using S/MIME and configure it so messages are signed by default.
Create a draft or template, then try to edit the draft or create a new message from the template.
Result: The compose window is empty.
This worked in 128.5.2, so some of the backports must have caused it:
https://hg.mozilla.org/releases/comm-esr128/pushloghtml?fromchange=c489b0433bc2&tochange=86c514fafdab,
likely bug 1852662 or bug 1919290.
I haven't tested with a POP3 account or using PGP.
|
||
Updated•1 year ago
|
|
Assignee | |
Comment 1•1 year ago
|
||
Thanks for the report, I can reproduce, it's caused by the new checks from bug 1919290.
|
|
Assignee | |
Comment 2•1 year ago
|
||
We fail here:
https://searchfox.org/comm-esr128/rev/f7ecd1ad34d07dc62c3eaac96952d2e789291522/mailnews/mime/src/mimemcms.cpp#134
We try to interpret the stream_closure as mime_stream_data, but that fails, because it has type mime_draft_data.
In the past, this can have coincidentally worked, because:
- the first data member that is accessed by the following code is mime_stream_data::channel
- in type mime_draft_data, in the memory layout of the structure, there is a pointer member "stream" which is currently unused per comments, and always zero.
- apparently that null value might have caused the check for a non-null nsCOMPtr to have to decide "empty pointer", and consequently, no other data members were accessed.
In this specific code location, if we don't return on the unexpected type, but let the remainder of the function continue, the draft is loaded correctly.
|
|
Assignee | |
Comment 3•1 year ago
|
||
I've reviewed all places that use AsMimeStreamData and AsMimeDraftData.
I found one additional place that would be affected by the same change of behavior.
I suggest to revert both places to the previous behavior, which is, let the code continue if we find the wrong type (which would previously happen when the mime_stream_data->channel member was null, which it was always when the pointer was pointing to an instance of type mime_draft_data).
|
|
Assignee | |
Comment 4•1 year ago
|
||
|
|
Assignee | |
Comment 5•1 year ago
|
||
(In reply to Kai Engert [:KaiE:] from comment #2)
In the past, this can have coincidentally worked, because:
- the first data member that is accessed by the following code is mime_stream_data::channel
- in type mime_draft_data, in the memory layout of the structure, there is a pointer member "stream" which is currently unused per comments, and always zero.
I missed to explain:
The mime_stream_data::channel members and the mime_draft_data::stream data members seem to be at the same memory offset in the object, which is the reason for the following behavior:
- apparently that null value might have caused the check for a non-null nsCOMPtr to have to decide "empty pointer", and consequently, no other data members were accessed.
In this specific code location, if we don't return on the unexpected type, but let the remainder of the function continue, the draft is loaded correctly.
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/32f816740a60
Fix a regression, allow S/MIME signed drafts to load. r=#thunderbird-back-end-reviewers
Working fine for S/MIME-signed drafts and templates, thanks for addressing this quickly.
|
|
Assignee | |
Comment 19•1 year ago
|
||
Comment on attachment 9446536 [details]
Bug 1940605 - Fix a regression, allow S/MIME signed drafts to load. r=#thunderbird-back-end-reviewers
[Approval Request Comment]
Regression caused by (bug #): 1919290
User impact if declined: forwarding or draft/template editing of s/mime messages unusable
Testing completed (on c-c, etc.): yes
Risk to taking this patch (and alternatives if risky): very low
[Approval Request Comment]
Regression caused by (bug #):
User impact if declined:
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky):
|
||
Comment 20•1 year ago
|
||
Comment on attachment 9446536 [details]
Bug 1940605 - Fix a regression, allow S/MIME signed drafts to load. r=#thunderbird-back-end-reviewers
[Triage Comment]
Approved for beta
Approved for esr128
|
|
||
Comment 35•1 year ago
|
||
Got landed for 128.6.1 (but no link here yet, so here it is)
https://hg.mozilla.org/releases/comm-esr128/rev/e103cf9cc8b363704fc21816121b39a4fd89e848
|
||
Comment 36•1 year ago
|
||
| bugherder uplift | ||
|
|
||
Comment 37•1 year ago
|
||
| bugherder uplift | ||
Description
•