[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent

Subject: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 21 Jan 2014 06:08:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Jan 2014 01:08:25 -0500
In-reply-to: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
     Reporter:  sqrt2             |      Owner:  mikeperry
         Type:  defect            |     Status:  reopened
     Priority:  normal            |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------

Comment (by cypherpunks):

 {{{
            var call;
            if(params.length) call =
 "("+params.join().replace(/(?:)/g,function(){return "p"+(++x)})+")";
            else call = "()";
 -          if(method == "getTypeFromFile" || method ==
 "getTypeFromExtension" || method == "getTypeFromURI") {
 -           // XXX: Due to
 https://developer.mozilla.org/en/Exception_logging_in_JavaScript
 -           // this is necessary to prevent error console noise on the
 return to C++ code.
 -           // It is not technically correct, but as far as I can tell,
 returning null
 -           // here should be equivalent to throwing an error for the
 codepaths invovled
 -           var fun = "(function "+call+"{"+
 -              "if (arguments.length < "+wrapped[method].length+")"+
 -              "  throw Components.results.NS_ERROR_XPC_NOT_ENOUGH_ARGS;"+
 -              "try { return wrapped."+method+".apply(wrapped, arguments);
 }"+
 -              "catch(e) { if(e.result ==
 Components.results.NS_ERROR_NOT_AVAILABLE) return null; else throw e;}
 })";
 -            newObj[method] = eval(fun);
 -          } else {
 +          {
              var fun = "(function "+call+"{"+
                "if (arguments.length < "+wrapped[method].length+")"+
                "  throw Components.results.NS_ERROR_XPC_NOT_ENOUGH_ARGS;"+
 }}}
 Keep it simple.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:75>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10676 [Tor]: Verify urandom-style RNG is seeded before generating ID keys
Next by Author: Re: [tor-bugs] #5578 [Flashproxy]: Investigate WebRTC for flash proxy NAT punching
Previous by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Next by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Index(es):
- Author
- Thread