[tor-bugs] #21830 [Applications/Tor Browser]: Copying large text from web console leaks to /tmp

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 20 02:34:51 UTC 2017 

#21830: Copying large text from web console leaks to /tmp
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  neillm
     Type:  defect                    |         Status:  assigned
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-disk-leak             |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by neillm):

 After inspecting this issue for some time (very easily reproducible by the
 original reporter's steps), as well as examining the previous solution
 (#9701) and finding the shortcomings, I propose that this issue can be
 addressed as follows:

 {{{
 diff --git a/widget/nsTransferable.cpp b/widget/nsTransferable.cpp
 index e99d454..976180c 100644
 --- a/widget/nsTransferable.cpp
 +++ b/widget/nsTransferable.cpp
 @@ -39,6 +39,7 @@ Notes to self:
  #include "nsIFile.h"
  #include "nsILoadContext.h"
  #include "mozilla/UniquePtr.h"
 +#include "mozilla/Preferences.h"

  NS_IMPL_ISUPPORTS(nsTransferable, nsITransferable)

 @@ -248,6 +249,11 @@ nsTransferable::Init(nsILoadContext* aContext)

    if (aContext) {
      mPrivateData = aContext->UsePrivateBrowsing();
 +  } else {
 +    // without aContext here to provide PrivateBrowsing information,
 +    // we defer to the active configured setting
 +    mPrivateData =
 +      mozilla::Preferences::GetBool("browser.privatebrowsing.autostart");
    }
  #ifdef DEBUG
    mInitialized = true;
 }}}

 There are a number of times a transferable is initialized without a
 context that it can use to determine if we're in private browsing mode or
 not (which dictates the value of mPrivateData as seen above).  Rather than
 assuming that we are not by default (the security leak reported), I think
 the TorBrowser should go with the configured 'privatebrowsing' default
 (which is on by default, though it can be disabled in the preferences,
 which resorts to the current/unpatched behavior).

 This patch has been applied to tor-browser-52.2.0esr-7.0-1-build1 and
 tested on Ubuntu 16.04.2 LTS.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21830#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list