Closed
Bug 328692
Opened 19 years ago
Closed 19 years ago
Fix for Bug 319846 doesn't prevent overlong attribute names
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: moz_bug_r_a4, Assigned: dveditz)
Details
(Keywords: fixed1.8.1, verified1.7.13, verified1.8.0.2, Whiteboard: [sg:dos][rft-dl])
Attachments
(2 files)
717 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
2.55 KB,
patch
|
mrbkap
:
review+
benjamin
:
superreview+
timr
:
approval-aviary1.0.8+
timr
:
approval1.7.13+
benjamin
:
approval-branch-1.8.1+
timr
:
approval1.8.0.2+
|
Details | Diff | Splinter Review |
The fix for Bug 319846 prevents overlong attribute values, but doesn't prevent
overlong attribute names.
I should have seen this when I was playing with Bug 319846 and Bug 319847.
Reporter | ||
Comment 1•19 years ago
|
||
Assignee | ||
Updated•19 years ago
|
Flags: blocking1.8.0.2+
Flags: blocking1.7.13?
Flags: blocking-aviary1.0.8?
Whiteboard: [sg:dos]
Assignee | ||
Comment 2•19 years ago
|
||
If someone tries to persist an attribute whose namelength > 512 simply reject it. Unlike values, where truncating might make some sense if it's a text area or something, truncating the attribute name turns it into a different attribute so there's really no point in keeping it at all.
Even 512 feels too generous. no legit attribute name should be anywhere near that long, but the specs don't provide any limits. It's possible someone's carrying info in attribute names the way we sometimes do in pref names.
Attachment #213341 -
Flags: superreview?(benjamin)
Attachment #213341 -
Flags: review?(mrbkap)
Attachment #213341 -
Flags: approval1.8.0.2?
Attachment #213341 -
Flags: approval1.7.13?
Attachment #213341 -
Flags: approval-branch-1.8.1?(benjamin)
Attachment #213341 -
Flags: approval-aviary1.0.8?
Comment 3•19 years ago
|
||
Comment on attachment 213341 [details] [diff] [review]
reject overlong attribute names
I wish there was some way to avoid that strlen.
Attachment #213341 -
Flags: review?(mrbkap) → review+
Comment 4•19 years ago
|
||
a=timr for drivers. Extension of 319846 which as already declared blockers and fixed for 1.0.8/1.7.13. Some fix that was already reviewed. But stilla superview would be good. Benjamin?
Flags: blocking1.7.13?
Flags: blocking1.7.13+
Flags: blocking-aviary1.0.8?
Flags: blocking-aviary1.0.8+
Updated•19 years ago
|
Attachment #213341 -
Flags: superreview?(benjamin)
Attachment #213341 -
Flags: superreview+
Attachment #213341 -
Flags: approval-branch-1.8.1?(benjamin)
Attachment #213341 -
Flags: approval-branch-1.8.1+
Comment 5•19 years ago
|
||
Comment on attachment 213341 [details] [diff] [review]
reject overlong attribute names
a=timr for drivers.
Attachment #213341 -
Flags: approval1.7.13?
Attachment #213341 -
Flags: approval1.7.13+
Attachment #213341 -
Flags: approval-aviary1.0.8?
Attachment #213341 -
Flags: approval-aviary1.0.8+
Comment 6•19 years ago
|
||
Comment on attachment 213341 [details] [diff] [review]
reject overlong attribute names
a=timr for drivers.
Comment 7•19 years ago
|
||
Comment on attachment 213341 [details] [diff] [review]
reject overlong attribute names
a=timr for drivers. This is a simple completion of a previous approved security patch.
Attachment #213341 -
Flags: approval1.8.0.2? → approval1.8.0.2+
Assignee | ||
Comment 8•19 years ago
|
||
Fixed on trunk, moz17, aviary101, moz18 and moz180 branches
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 9•19 years ago
|
||
verified using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060227 Firefox/1.0.8 and Mozilla 1.7.13 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060228. Adding relevant keywords.
Comment 10•19 years ago
|
||
Marking [rft-dl] (ready for testing in Firefox 1.5.0.2 release candidates)
Whiteboard: [sg:dos] → [sg:dos][rft-dl]
Comment 11•19 years ago
|
||
verified on the 1.8.0.2 branch using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060306 Firefox/1.5.0.2. Adding keyword.
Keywords: fixed1.8.0.2 → verified1.8.0.2
Assignee | ||
Updated•19 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•