Closed
Bug 926042
Opened 11 years ago
Closed 10 years ago
Crash on overly long path during digest authentication
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
VERIFIED
FIXED
mozilla29
People
(Reporter: mbechler, Assigned: bagder)
Details
Attachments
(3 files)
When a resource with a overly long path (~40kb in my case) is opened inside a HTTP digest authentication realm (previously authenticated) is openened the application (here: Firefox 17.0.9 ESR, gentoo) crashes with mozalloc_abort, backtrace attached. Test page attached, or full test case available here: http://mbechler.eenterphace.org/firefox-test.htm Not marking for Security as this seems to be DOS only and requires previous authentication to the realm, so only minor impact is expected.
Reporter | ||
Comment 1•11 years ago
|
||
Assignee | ||
Comment 2•10 years ago
|
||
Confirmed. The test page crashes my fresh (Jan 20 2014) mozilla-central build as well.
Assignee | ||
Comment 3•10 years ago
|
||
The attached patch makes the problem go away for me. The problem was that the path length was stored in a *signed* 16 bit variable so it wrapped over 32K which then caused the code to pass in a negative length where a positive was assumed and.... *bang*
Assignee: nobody → daniel
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8362491 -
Flags: review?(jduell.mcbugs)
Comment 4•10 years ago
|
||
Comment on attachment 8362491 [details] [diff] [review] patch fixing this issue Review of attachment 8362491 [details] [diff] [review]: ----------------------------------------------------------------- Looks good!
Attachment #8362491 -
Flags: review?(jduell.mcbugs) → review+
Updated•10 years ago
|
Keywords: checkin-needed
Comment 5•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/fc5112c72bba Thanks for the patch, Daniel! One request, please make sure that future patches include commit information when requesting checkin. Makes life much easier for those landing on your behalf :) https://developer.mozilla.org/en-US/docs/Mercurial_FAQ#How_can_I_generate_a_patch_for_somebody_else_to_check-in_for_me.3F
Keywords: checkin-needed
Comment 6•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/fc5112c72bba
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
Comment 7•10 years ago
|
||
The testcase in comment 0 crashes the 01/03 mozilla-central like this: https://crash-stats.mozilla.com/report/index/4379ca97-f989-4400-ad9f-7c8f32140326. Firefox 29.0b2 doesn't crash with the same testcase. Tested on Ubuntu 12.10 x86_x64.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in
before you can comment on or make changes to this bug.
Description
•