[tor-bugs] #21830 [Applications/Tor Browser]: Copying large text from web console leaks to /tmp

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 21 01:04:07 UTC 2017 

#21830: Copying large text from web console leaks to /tmp
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  neillm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak,                       |  Actual Points:
  TorBrowserTeam201707R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by neillm):

 Replying to [comment:12 arthuredelstein]:
 > Replying to [comment:8 neillm]:
 >
 > > This patch has been applied to tor-browser-52.2.0esr-7.0-1-build1 and
 tested on Ubuntu 16.04.2 LTS.
 >
 > Thanks -- I built with the patch and it worked as described. But the
 `aContext` argument of `nsTransferable::Init()` appears to have only one
 purpose, which is to check for PBM state. So I wonder if you think it
 would make sense to change the signature to `nsTransferable::Init(bool
 isPrivateBrowsingMode)`? Then perhaps the callers could be modified to
 provide PBM state, assuming they have that information:
 >
 > https://dxr.mozilla.org/mozilla-
 central/search?q=%2Bcallers%3A%22nsTransferable%3A%3AInit%28nsILoadContext+%2A%29%22
 >
 > (I'm not sure if this is a practical idea or not, so feel free to
 disagree.)

 It's a good idea, but I think practically speaking, it would be much more
 complicated.  The reason I say that is because all of those times where
 the nsTransferable is initialized without a context, it's because we
 (likely) don't actually know at that point if it's a private browsing mode
 or not.  After all, if we did, we could have loaded it with the context to
 begin with (although perhaps there are some lazy cases where it could be
 used and isn't).

 So for those remaining cases (without the context), while we may be able
 to load the preference default as this patch does, we would have to do it
 in a lot more places before we know what boolean to pass in to the Init
 (if modified).  Does that make sense?

 Other than that, you're right, it appears that it's only used for that
 reason at this point.  Assuming there are no other future uses of that
 context by the transferable, refactoring could work.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21830#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list