[tbb-bugs] #24622 [Applications/Tor Browser]: Torcrazybutton can't decipher website s3.amazonaws.com

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 9 09:14:28 UTC 2019 

#24622: Torcrazybutton can't decipher website s3.amazonaws.com
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-7.0-issues, tbb-regression,      |  Actual Points:
  tbb-linkability, GeorgKoppen201903,            |
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:46 acat]:
 > It was to make sure the special cases `about:` and `blob:` are still
 handled like before. If I'm not wrong, the error on those cases would
 still be `NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS` (empty host). So the
 condition needs to be `if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS &&
 !scheme.EqualsLiteral("about") && !scheme.EqualsLiteral("blob")`.

 Right. I am still not overly happy to mix this new check with scheme
 related ones. What about `return`ing both in the `about` if-clause and in
 the `blob` elseif-clause after the checks are done and then having an
 insufficient_domain_levels check in an own block afterwards in case the
 code still has not returned? Oh, and adding a comment above the
 `isInsufficientDomainLevels` declaration would be good about why we have
 this one at that place at all.

 I guess before we overengineer that on our side it might be worth getting
 this to review for Mozilla folks (I wanted to point you to try builds etc.
 after we have a reasonable Tor Browser patch, but it seems tjr has jumped
 the gun ;). So, in case tjr's try build looks good, could you request
 review on the Moz bug and then we'd basically take what Mozilla is happy
 with? Or you could post a revised patch based on my comments above (if
 they make sense to you) to the ticket and request review. Up to you.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24622#comment:47>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list