Closed
Bug 744126
Opened 12 years ago
Closed 12 years ago
[Security Review][Action Item]Snappy Symbolic Server - Code Review
Categories
(mozilla.org :: Security Assurance, task)
mozilla.org
Security Assurance
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: curtisk, Assigned: dchanm+bugzilla)
References
()
Details
(Whiteboard: [Snappy:P1][secr:dchan])
code is located here https://github.com/vdjeric/Snappy-Symbolication-Server/
Updated•12 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Updated•12 years ago
|
Whiteboard: [pending code review] → [pending code review][Snappy]
![]() |
Reporter | |
Updated•12 years ago
|
Assignee: nobody → dchan+bugzilla
Status: NEW → ASSIGNED
Updated•12 years ago
|
Whiteboard: [pending code review][Snappy] → [pending code review][Snappy:P1]
Assignee | ||
Comment 1•12 years ago
|
||
:vladan :lmandel I've finishing reviewing the code and testing the server. There wasn't much to test since the fields were validated with regexes and there is a try/catch around most of the code. Even if a thread dies, the server continues to run. I couldn't think of a way to DOS the server. I'll close off this bug when the blockers are addressed. The broken pipe error may have to be addressed with timeouts or something similar. I can't imagine the lookup taking more than a couple seconds.
Crash Signature: t
Comment 2•12 years ago
|
||
Patch with all the sec-review fixes: https://github.com/vdjeric/Snappy-Symbolication-Server/commit/67705706c605984e220f69469a68b455813923f5 I worked around the broken pipe problem by adding a 10 second timeout to the read from the connection socket. I have marked the dependency bugs resolved, please re-open if that was the wrong thing to do.
Crash Signature: t
Assignee | ||
Comment 3•12 years ago
|
||
I went through and VERIFIED that the fixes caught the exceptions. Closing out this bug.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•12 years ago
|
Whiteboard: [pending code review][Snappy:P1] → [Snappy:P1][secr:dchan]
Assignee | ||
Updated•12 years ago
|
Keywords: sec-review-complete
Updated•12 years ago
|
Keywords: sec-review-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•