Closed Bug 633644 Opened 14 years ago Closed 13 years ago

nsUrlClassifierDBServiceWorker::GetLookupFragments returns duplicate fragments in some cases

Categories

(Toolkit :: Safe Browsing, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 665930

People

(Reporter: mmm, Assigned: mmm)

Details

(Keywords: privacy)

It seems that GetLookupFragments will create duplicate fragments when the path ends in a "/". The following messages show up with debug output turned on:

GetLookupFragments: called with spec mozilla.com/en-US/firefox/
669188096[124f96790]: Chking mozilla.com/en-US/firefox/
669188096[124f96790]: Chking mozilla.com/
669188096[124f96790]: Chking mozilla.com/en-US/
669188096[124f96790]: Chking mozilla.com/en-US/firefox/

Similarly, when called on a spec like "mozilla.com/", two identical fragments are returned.
CC'ing Dave Camp as it looks like he has worked with this.
Assignee: nobody → mars.martian+bugmail
It looks like this is causing a problem with our HashCompleter requests.

Based on calls to the HashCompleter and requests seen with the HttpFox extension it looks like the following happens when you visit a "bad" site which ends in a slash. I'll use malware.testing.google.test/testing/malware/ as an example.

1. Type malware.testing.google.test/testing/malware/ into url bar.
2. testing.google.test is determined to be a bad domain but the complete hash of the bad URL is needed
3. SHA-256 hash is taken of "malware.testing.google.test/testing/malware/", the hex prefix ("51864045")
4. A few random entries from urlclassifier3.sqlite are picked as noise.
5. nsUrlClassifierHashCompleter::Complete is called for "51864045" twice and once for all the noise entries.
6. A request is made to Google's SB servers and in the request header we can see the "51864045" entry twice.

As I understand it, we add noise to obscure which site the user is actually making a request for. If so, this case renders the noise requirement useless.
Keywords: privacy
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.