[tor-bugs] #31567 [Applications/Tor Browser]: NS_tsnprintf() does not handle %s correctly on Windows

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Sep 1 16:02:25 UTC 2019


#31567: NS_tsnprintf() does not handle %s correctly on Windows
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  gk
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  ff68-esr, tbb-9.0-must-alpha,        |  Actual Points:
  TorBrowserTeam201908                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:30 gk]:
 > I see. Well, it could be that Martin's patch opened a new hole while
 closing the previous bug. Or it could still be an issue with my setup. Or
 it could be related to me not using a full update setup but rather just
 your script. However, I somehow doubt the latter at least as using the
 updater executable from 9.0a4 + the newly created .mar file works.
 Additionally, it could be that you replacing the format specifiers killed
 that second, different bug as well. And there are probably some more
 explanations I forgot right now. :) Anyway, I've uploaded both my .exe and
 the signed .mar file I used, so folks can look at that independently from
 me and building own bundles.
 >
 > https://people.torproject.org/~gk/testbuilds/31567_3.exe
 > https://people.torproject.org/~gk/testbuilds/31567_3.exe.asc
 >
 > https://people.torproject.org/~gk/testbuilds/tor-browser-win64-tbb-
 nightly_en-US.mar
 > https://people.torproject.org/~gk/testbuilds/tor-browser-win64-tbb-
 nightly_en-US.mar.asc

 Here is what I have learned so far:
 1) Using my own build (with Martin's patch + my own signing certificate +
 my own mar file + my own update server) worked when I did the update
 interactively within Firefox. That's good news.

 2) When I tried again using my `updater-test.cmd` script with my same
 build and mar file I saw the `UPDATE_SETTINGS_FILE_CHANNEL` error. Next I
 added some logging and saw that the path for `update-settings.ini` was
 missing the `/Browser` path component at the end. When I fixed my test
 script by appending `/Browser` to`INSTALLDIR` (and to correctly copy the
 mar file to update.mar) it worked! My script now looks similar to the
 following:
 {{{
 set MARFILE=tor-browser-win64-tbb-nightly_en-US.mar
 set INSTALLDIR=C:\Users\USER\Desktop\tbtest\Browser
 set UPDATEDIR=%INSTALLDIR%\TorBrowser\UpdateInfo\updates\0

 mkdir %UPDATEDIR%
 copy %MARFILE% %UPDATEDIR%\update.mar
 pushd %INSTALLDIR%
 updater %UPDATEDIR% %INSTALLDIR% %INSTALLDIR%
 popd
 }}}

 3) The same script worked using the exe and mar file from comment:30.

 My conclusion is that Martin's patches fix this bug.

 And please accept my apology for wasting people's time by not getting the
 args right the first time for the manual/command line updater test!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31567#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list