Closed
Bug 306354
Opened 19 years ago
Closed 19 years ago
xpi signature verification only looks in first chunk of data received
Categories
(Core Graveyard :: Installer: XPInstall Engine, defect)
Core Graveyard
Installer: XPInstall Engine
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bryner, Assigned: bryner)
References
Details
(Keywords: fixed1.8)
Attachments
(1 file)
604 bytes,
patch
|
darin.moz
:
review+
darin.moz
:
superreview+
dveditz
:
approval-aviary1.0.8-
cbeard
:
approval1.8b4+
|
Details | Diff | Splinter Review |
XPInstall's CertReader is designed to buffer up to 32KB of data to look for the signature, but its OnDataAvailable always returns NS_ERROR_BINDING_ABORTED, which means that if the signature is not in the first chunk of data read off the network (which can be well under 1500 bytes for slower connections), the XPI is treated as unsigned.
Assignee | ||
Comment 1•19 years ago
|
||
Attachment #194209 -
Flags: superreview?(darin)
Attachment #194209 -
Flags: review?(darin)
Comment 2•19 years ago
|
||
when will the signature not be in the first 32k?
Assignee | ||
Comment 3•19 years ago
|
||
(In reply to comment #2) > when will the signature not be in the first 32k? I think you misunderstood the bug. The signature should always be in the first 32k. The problem is that we may not have all the data we need for the signature in the first OnDataAvailable call.
Comment 4•19 years ago
|
||
ah. got it. sounds fine with me. I would just hope that we don't read any more than the smallest amount required to fit a cert.
Comment 5•19 years ago
|
||
Comment on attachment 194209 [details] [diff] [review] patch r+sr=darin
Attachment #194209 -
Flags: superreview?(darin)
Attachment #194209 -
Flags: superreview+
Attachment #194209 -
Flags: review?(darin)
Attachment #194209 -
Flags: review+
Assignee | ||
Comment 6•19 years ago
|
||
Comment on attachment 194209 [details] [diff] [review] patch Checked in on trunk... requesting approval for 1.8 branch, and I'd also like this to be considered for the 1.0.7 release since it's a very safe fix and has a high impact on extension authors who sign their XPIs.
Attachment #194209 -
Flags: approval1.8b4?
Attachment #194209 -
Flags: approval-aviary1.0.7?
Assignee | ||
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Updated•19 years ago
|
Flags: blocking1.8b4?
Updated•19 years ago
|
Flags: blocking1.8b4?
Flags: blocking1.8b4+
Flags: blocking-aviary1.0.7?
Comment 7•19 years ago
|
||
Comment on attachment 194209 [details] [diff] [review] patch approved for 1.8b4
Attachment #194209 -
Flags: approval1.8b4? → approval1.8b4+
Comment 9•19 years ago
|
||
*** Bug 297518 has been marked as a duplicate of this bug. ***
Updated•19 years ago
|
Flags: blocking1.7.12?
Updated•19 years ago
|
Flags: blocking1.7.13?
Flags: blocking1.7.13-
Flags: blocking-aviary1.0.8?
Flags: blocking-aviary1.0.8-
Comment 10•19 years ago
|
||
Comment on attachment 194209 [details] [diff] [review] patch not killing anyone on the old branch
Attachment #194209 -
Flags: approval-aviary1.0.8? → approval-aviary1.0.8-
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•