[tor-bugs] #13670 [Tor Browser]: ensure OCSP & favicons respect URL bar domain isolation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 24 23:29:21 UTC 2015
#13670: ensure OCSP & favicons respect URL bar domain isolation
-------------------------+-------------------------------------------------
Reporter: | Owner: arthuredelstein
arthuredelstein | Status: needs_revision
Type: defect | Milestone:
Priority: normal | Version:
Component: Tor | Keywords: tbb-4.5-alpha,
Browser | TorBrowserTeam201503R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by arthuredelstein):
Replying to [comment:25 gk]:
> There is supposed to be something wrong with our debug symbols (#13917)
but I think the following might be helpful, though:
> {{{
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffdaafe700 (LWP 3114)]
> 0x00007ffff3287941 in mozilla::psm::CertIDHash(unsigned char (&) [48],
CERTCertificateStr const*, CERTCertificateStr const*, char const*) ()
> at /home/ubuntu/build/tor-
browser/security/certverifier/OCSPCache.cpp:79
> [snip]
This was indeed helpful. I think the issue is that `strlen(aIsolationKey)`
at `security/certverifier/OCSPCache.cpp:79` is segfaulting when
`aIsolationKey` is null.
So here is a new version that checks if `aIsolationKey` is null and avoids
calling `strlen` in that case:
https://github.com/arthuredelstein/tor-
browser/commit/a3a21f0fd4c8cac6cb1a430132eb2ac42273ae8b
Unfortunately my linux build of tor-browser.git is taking absolutely
forever inside VirtualBox, so I haven't had a chance to check this
directly myself. But I did confirm with a small test C program that
`strlen((char *) NULL)` segfaults.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13670#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list