[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14716 [Tor Browser]: HTTP Basic Authentication prompt only displayed once

Subject: Re: [tor-bugs] #14716 [Tor Browser]: HTTP Basic Authentication prompt only displayed once
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 17 Apr 2015 19:44:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 17 Apr 2015 15:45:05 -0400
In-reply-to: <043.0acb2ea1799522bba6bd636e65dbebaa@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.0acb2ea1799522bba6bd636e65dbebaa@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14716: HTTP Basic Authentication prompt only displayed once
--------------------------+------------------------------------------------
     Reporter:  mcs       |      Owner:  mcs
         Type:  defect    |     Status:  new
     Priority:  normal    |  Milestone:
    Component:  Tor       |    Version:
  Browser                 |   Keywords:  tbb-usability-stoppoint-navigation
   Resolution:            |  Parent ID:
Actual Points:            |
       Points:            |
--------------------------+------------------------------------------------

Comment (by mcs):

 Replying to [comment:3 cypherpunks]:
 > Maybe also of note: choosing a New Identity from the onion menu doesn't
 resolve the problem, so this might be fingerprinting the browser instance
 as well.

 I am not 100% sure, but I think the reason failures continue even after
 New Identity is because the login manager code ends up in a bad state and
 stays that way until you restart the browser.

 The very first failure occurs inside
 toolkit/components/passwordmgr/nsLoginManager.js in the _storage getter.
 The root cause is deep inside NSS due to the lack of a key DB (due to
 #12998).  Kathy and I have experimented with two possible fixes:
 1. Add null checks for _storage in several places inside
 nsLoginManager.js.
 2. Put a hack inside NSC_InitPIN() (inside
 security/nss/lib/softoken/pkcs11.c) that returns CKR_OK instead of an
 error if there is no key DB and the password/pin has length zero. This
 fixes the problem because the fallback code uses a zero-length password to
 initialize an in-memory security DB.  And I think (but am not certain)
 that NSC_InitPIN() is trying to set a new password, which is an
 uninteresting thing to do in this case.

 The first approach is fairly straightforward but involves more changes.
 The second approach is more of an unknown but may possibly fix other
 "fallout" from #12998 (probably we would need to hold off until our next
 test release).

 Feedback welcome.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14716#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #15718 [Tor Browser]: Firefox popups disappear on first click (was: Firefox popups disappears on first click)
Next by Author: Re: [tor-bugs] #15718 [Tor Browser]: Firefox popups disappear on first click
Previous by thread: Re: [tor-bugs] #14716 [Tor Browser]: HTTP Basic Authentication prompt only displayed once
Next by thread: Re: [tor-bugs] #14716 [Tor Browser]: HTTP Basic Authentication prompt only displayed once
Index(es):
- Author
- Thread