file: another stat() device bug for UNIX

VERIFIED DUPLICATE of bug 91657

Status

()

Core
Networking: File
--
critical
VERIFIED DUPLICATE of bug 91657
17 years ago
16 years ago

People

(Reporter: ISHIKAWA, Chiaki, Assigned: asa)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.6 i686)
BuildID:    20010715

(I lied about BuildID since the problem is observable
across any build so far from what I heard.)
The browser should not blindly
open and read file:/// URL.
Instead, the browser should stat
the pathname and decide to read
only the ordinary file and directories, and
ignore all th rest including
the block and char and other device files.

See the discussion on BugTraq that took place on July 16, 17, 18
of 2001. 

Reproducible: Always
Steps to Reproduce:
1. Just try to access file:///dev/zero, file:///dev/console, etc..
2. You will notice the apparent hung.
3. Repeatable all the time.

Actual Results:  The browser will get hung or 
worse sometimes keyboard input is no longer available, etc.


Bad URL includes
	file:///dev/pty0
	file:///dev/console
	file:///dev/tty0
	file:///dev/zero
		
	file:///con
	file:///nul
	file:///prn
	file:///clock
	..
Please check the disucssion that took place on bugtraq during
July 16-18, 2001.  

BugTraq mailing list archive is at www.securityfocus.com.

Comment 1

17 years ago
We have got it covered

*** This bug has been marked as a duplicate of 69070 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE

Comment 2

16 years ago
VERIFIED:
qa to me, -> file

Most of the entry points for this should be blocked now...

If you can still reproduce this, comment here, or mark this REOPENED.
Status: RESOLVED → VERIFIED
Component: Browser-General → Networking: File
QA Contact: doronr → benc

Comment 3

16 years ago
REOPEN:
I'm pulling all the "special file" bugs out of "checkURI" b/c I'm hoping to 
handle these problems in "file", esp since it sounds like we aren't doing 
everything properly.
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---

Updated

16 years ago
Summary: Security problem. Denial of service problem. → file: another stat() device bug for UNIX

Comment 4

16 years ago
RESOLVED/DUPE:
mstoltz is considering fixing this so even if checkloadURI is off, we are safe.

*** This bug has been marked as a duplicate of 91657 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago16 years ago
Keywords: verifyme
Resolution: --- → DUPLICATE

Comment 5

16 years ago
VERIFIED:
file: URL verification cleanup.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.