Closed
Bug 267828
Opened 21 years ago
Closed 20 years ago
nsLocalFileWin::IsExecutable needs to trim trailing dots
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dbaron, Assigned: dougt)
References
Details
(Keywords: fixed-aviary1.0.1, fixed1.7.6, Whiteboard: ETA 2/11)
Attachments
(2 files, 3 obsolete files)
|
1000 bytes,
patch
|
dbaron
:
review+
dveditz
:
approval-aviary1.0.1+
dveditz
:
approval1.7.6+
dveditz
:
approval1.8b+
|
Details | Diff | Splinter Review |
|
1.37 KB,
text/html
|
Details |
This comes from investigation of bug 267122.
It seems that when saving a file in Windows, trailing dots are trimmed from the
filename. Therefore a file saved as "foo.exe." will be saved as "foo.exe", and
an attempt to read a file "foo.bar..." will read the file "foo.bar".
This means that nsLocalFile::IsExecutable in nsLocalFileWin needs to be fixed to
trim trailing dots before comparison.
(Perhaps normalization needs to happen at an earlier stage? Are there any other
functions in nsLocalFile that are security-sensitive?)
Do we need to trim any other characters as well?
|
||
Comment 1•21 years ago
|
||
note bug 246280
|
||
Comment 2•20 years ago
|
||
sounds like this is fixed for seamonkey and just needed for firefox.
Flags: blocking-aviary1.1?
Assignee: darin → roc
Flags: blocking1.7.6+
Flags: blocking-aviary1.0.1+
Assignee: roc → dougt
<roc> what I want to know is:
<roc> -- Does Windows strip trailing dots when you do a ShellExecute on a file?
<roc> -- Does Windows strip trailing dots when you create a file?
<roc> (i.e. via CreateFile API)
I put together a test app to find out:
ShellExecute(GetDesktopWindow(), "open", "test.txt...", NULL,
".", SW_RESTORE);
This opened "test.txt". I could not find a way to create a file with trailing
dots (I tried GUI apps, commandline, and cygwin).
CreateFile("test2.txt...", FILE_ALL_ACCESS, FILE_SHARE_READ, NULL,
CREATE_ALWAYS, 0, NULL);
This created a file called "test2.txt".
thanks Chris. Do you want to try making a fix for this bug?
|
|
||
Updated•20 years ago
|
Whiteboard: need ETA
|
|
||
Updated•20 years ago
|
Whiteboard: need ETA → ETA 2/11
|
Assignee | |
Comment 5•20 years ago
|
||
This patch does two things. First is normalizing the path in IsExecutable().
Secondly, and probably more importantly, we call IsExecutable() in Launch().
This will prevent us from executing processes that we have filtered out in
IsExecute.
Attachment #173992 -
Flags: review?(dbaron)
|
|
Assignee | |
Comment 6•20 years ago
|
||
dbaron, I am not sure if you had a particular test case that you wanted me to
try out. attached are a few that I was playing with to ensure nothing got
broken.
|
Reporter | |
Comment 7•20 years ago
|
||
Comment on attachment 173992 [details] [diff] [review]
Patch v.1
It doesn't look like the normalize function performs the normalization needed
to fix this bug.
(Do we need to do this for all components of the path, or just file names?)
Attachment #173992 -
Flags: review?(dbaron) → review-
|
|
Assignee | |
Comment 8•20 years ago
|
||
this corrects normalization as you suggested.
|
|
Assignee | |
Updated•20 years ago
|
Attachment #173992 -
Attachment is obsolete: true
Attachment #173996 -
Flags: review?(dbaron)
|
|
Reporter | |
Comment 9•20 years ago
|
||
Is Launch supposed to work on files that aren't executable (i.e., launch the
program that handles that type)?
|
|
Assignee | |
Comment 10•20 years ago
|
||
fix the bug, and nothing but the bug.
Attachment #173996 -
Attachment is obsolete: true
|
||
Comment 11•20 years ago
|
||
Launch() needs to work on any file type the OS knows how to launch ("equivalent
of doucle-clickin on the icon", like the documentation says).
Flags: blocking1.8b?
|
|
Reporter | |
Comment 12•20 years ago
|
||
Attachment #173996 -
Flags: review?(dbaron) → review-
|
|
Reporter | |
Comment 13•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review]
Patch v.3
So I did some quick tests and found that Windows seems to strip all trailing
dots and spaces off the last component of the path, but only a single trailing
dot off of preceding components. This patch thus doesn't seem to do quite
enough normalization. If you don't want to fix that here, could you please
file a followup bug on fixing that issue? There may be other dangers in doing
too little normalization (there's certainly danger in doing too much).
(Also, is there a system function we could call to normalize the path? Does
normalization differ across versions of Windows?)
Attachment #173998 -
Flags: review+
|
|
Assignee | |
Comment 14•20 years ago
|
||
i do not see any danger in leaving a trailing dot in a non terminal component of
a file path. I will check this in as is, and follow up with a new bug to review
and possibly clean up the windows normalization code. I do remember a Win32
function called *FixUp* that normalized. It might have been defined by windows
or maybe defined in another source base.
|
||
Comment 15•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review]
Patch v.3
a=dveditz for 1.7 and aviary1.0.1 branches
Attachment #173998 -
Flags: approval1.7.6+
Attachment #173998 -
Flags: approval-aviary1.0.1+
|
|
||
Comment 16•20 years ago
|
||
Comment on attachment 173998 [details] [diff] [review]
Patch v.3
a=dveditz for 1.8b too
Attachment #173998 -
Flags: approval1.8b+
|
|
Reporter | |
Comment 17•20 years ago
|
||
I'm actually wondering now whether IsExecutable should really be changing the
object by calling Normalize. We should probably be consistent across platforms
about this sort of thing.
Also, should we pull bug 187957 onto the branches? Does it have security
implications?
|
|
Assignee | |
Comment 18•20 years ago
|
||
dbaron and I agreed that IsExecutable should not mutate the object. The patch
that landed was slightly modifed -- we are not calling Normalize in
IsExecutable, but simply remove the trailing dots and spaces from the path
before we compare.
This patch landed on the trunk, 171, and avairy branches.
I created bug 281951 to track normalization cleanup, if any.
I am not sure if we need to back port normalize. As I remember, it was added to
fixup problem when creating nsLocalFile's using bad paths from javascript.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
||
Updated•20 years ago
|
Keywords: fixed-aviary1.0.1,
fixed1.7.6
|
||
Updated•20 years ago
|
Flags: blocking1.8b?
Flags: blocking-aviary1.1?
|
|
||
Comment 19•20 years ago
|
||
Doug: I am failing the testcases you posted. Not sure if I setup the
environment wrong or if this bug is not fixed. I put notepad.exe in the right
location and failed the last 5 tests:
success &= TestExecute("C:\\windows\\notepad.exe", true);
success &= TestExecute("C:\\windows\\notepad.exe .", false);
success &= TestExecute("C:\\windows\\notepad.exe . ", false);
success &= TestExecute("C:\\windows\\notepad.exe.", false);
success &= TestExecute("C:\\windows\\notepad.exe..", false);
success &= TestExecute("C:\\windows\\notepad.exe...", false);
I could not create any files with trailing dots or spaces, so not sure if I need
those files to exist. I'm guessing not, since the js code seems to handle all
that stuff. What am I doing wrong? And if nothing, should we reopen this bug?
I already reopened bug 275441 since it didn't look like the fix here worked for
those cases. I could be wrong, so please let me know what I can do to retest.
Thanks.
|
|
||
Comment 20•20 years ago
|
||
> success &= TestExecute("C:\\windows\\notepad.exe .", false);
isExecutable should be returning "true" for this case... so it looks like the
test is wrong?
|
|
||
Comment 21•20 years ago
|
||
reopening based on Jay's comment.
|
|
||
Comment 22•20 years ago
|
||
Er.. as far as I can tell, Jay's comment is based on incorrectly testing the fix.
|
|
Assignee | |
Comment 23•20 years ago
|
||
bz, the test was written when I thought that we shouldn't say a file is
executable if it ended in trailing spaces or dots.
|
|
Assignee | |
Comment 24•20 years ago
|
||
sorry jay -- I should have be more clear about the usage of this testcase.
|
|
||
Comment 25•20 years ago
|
||
Doug: So should all of those cases be using "true" as the param for
shouldExecute? We are trying to trim everything so that windows sees the file
eventually as just "notepad.exe", right? If that is the case, I already tested
with everything set to "true" and all the tests pass. If I'm still way off, let
me know how to properly test this. Thanks.
I'm guessin you guys might have already tested this again, but I still want to
figure out how this works for my own sanity. :-) Feel free to mark this fixed
again if you have verified it yourselves.
|
|
||
Comment 26•20 years ago
|
||
Updated testcase to pass correct param, and to eliminate the annoying multiple
security requests that encourage granting permanent god privileges to any
bugzilla attachment that comes along (which would be a really, really, bad
thing to do).
Attachment #173993 -
Attachment is obsolete: true
|
|
||
Comment 27•20 years ago
|
||
(In reply to comment #26)
> Updated testcase to pass correct param, and to eliminate the annoying multiple
> security requests
of course with default settings, no security request at all appears, and the
testcase just fails to work
|
|
||
Comment 28•20 years ago
|
||
The new testcase worked fine for me and passed all the tests.
|
|
||
Comment 29•20 years ago
|
||
This one does appear fixed, it just didn't fix bug 275441 as expected.
Keywords: fixed-aviary1.0.1,
fixed1.7.6
|
|
||
Updated•20 years ago
|
Group: security
|
|
||
Comment 30•20 years ago
|
||
This bug is fixed, comment 21 was a mistake.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•