Closed Bug 375740 Opened 18 years ago Closed 14 years ago

ensure files that a mar updates are relative (not absolute) and are safe

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla5

People

(Reporter: moco, Assigned: robert.strong.bugs)

References

Details

ensure files that a mar updates are relative (not absolute) and are safe. pointed out today at window's talk, so there might be a bug on this already (but I haven't seen it.) thanks to window and her team for pointing this out. see http://lxr.mozilla.org/seamonkey/source/toolkit/mozapps/update/src/updater/updater.cpp for example, we should fix: 653 int 654 AddFile::Parse(char *line) 655 { 656 // format "<newfile>" 657 658 mFile = mstrtok(kQuote, &line); 659 if (!mFile) 660 return PARSE_ERROR; 661 662 return OK; 663 } so that if mFile is absolute (or contains unsafe characters) we should report an error and not apply the mar.
Not that we shouldn't fix this, but why is it security sensitive? If you have a bad MAR, there are lots of ways to exploit it (bsdiff is probably very easy to exploit). We inherently trust the contents of a MAR, which is why we verify the signature carefully before staging.
> Not that we shouldn't fix this, but why is it security sensitive? I was erring on the side of caution.
Group: security
Product: Firefox → Toolkit
Fixing this in bug 386760. I mainly want this for when we have a service performing updates.
Depends on: 386760
Fixed by bug 386760
Assignee: nobody → robert.bugzilla
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla5
You need to log in before you can comment on or make changes to this bug.