Closed Bug 213921 Opened 21 years ago Closed 21 years ago

[FIX]Backwards assumptions in helper app service could be security issues

Categories

(Core Graveyard :: File Handling, defect, P1)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
All
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.5beta

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Keywords: fixed1.4.4)

Attachments

(2 files)

Patch
5.08 KB, patch
Biesinger
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
Backport for 1.4
5.50 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
The assumptions are:

1)  Do not prompt unless the datasource says we should (this should be "prompt
    unless the datasource says we should not")
2)  If the action is unknown, that means we want to launch a helper app (this
    should be "if the action is unknown, save to disk")
Attached patch PatchSplinter Review 

    
  

        Attachment #128522 -
        Flags: superreview?(darin)

        Attachment #128522 -
        Flags: review?(cbiesinger)

    
  
Priority: -- → P1
Summary: Backwards assumptions in helper app service could be security issues → [FIX]Backwards assumptions in helper app service could be security issues
Target Milestone: --- → mozilla1.5beta

    
    

    
  
Comment on attachment 128522 [details] [diff] [review]
Patch

+  NS_NAMED_LITERAL_STRING(trueString, "true" );
+  NS_NAMED_LITERAL_STRING(falseString, "false" );

could you remove the space before the )

r=biesi with that

        Attachment #128522 -
        Flags: review?(cbiesinger) → review+

    
    

    
  
Comment on attachment 128522 [details] [diff] [review]
Patch

>Index: uriloader/exthandler/nsExternalHelperAppService.cpp

>+  if (stringValue && falseString.Equals(stringValue))
>     aMIMEInfo->SetAlwaysAskBeforeHandling(PR_FALSE);
>+  else
>+    aMIMEInfo->SetAlwaysAskBeforeHandling(PR_TRUE);

maybe make the conditional expression an argument to the function so we
don't generate code for two function calls?

    aMIMEInfo->SetAlwaysAskBeforeHandling(!stringValue ||
					  !falseString.Equals(stringValue)));

sr=darin either way

        Attachment #128522 -
        Flags: superreview?(darin) → superreview+

    
    

    
  
Fixed, with darin's suggestion added.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Backport for 1.4Splinter Review
      

    


  
This patch sort of slipped in during the 1.5 time frame, but I think I'd like
this for the 1.4 branch.  Here's a   Not much changed, but I'd just like a
sanity check, Boris.

        Attachment #175069 -
        Flags: review?(bzbarsky)

    
  

        Attachment #175069 -
        Flags: review?(bzbarsky) → review+
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: