[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR

Subject: Re: [tor-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 02 Oct 2014 20:40:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 02 Oct 2014 16:40:51 -0400
In-reply-to: <049.6c53b957439e8faf712fb62be848fef3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.6c53b957439e8faf712fb62be848fef3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13019: New locale fingerprinting capabilities in FF31ESR
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-fingerprinting,
  Browser                |  MikePerry201409R, TorBrowserTeam201410
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:5 mikeperry]:
 > There are a couple issues with this patch. You shouldn't need to store
 the current locale just to have something to do in
 DefaultJSLocaleSetter::Run() when the pref is empty. If the pref is empty,
 just do nothing. This eliminates the need to export JS_GetDefaultLocale()
 as well.

 My thinking is that it is nice to be able to set this pref at runtime. So
 if the user sets the pref to empty at some point, then the original locale
 will be restored. That's why we need to store the original locale on
 startup. Otherwise we would have to require restarting the browser
 whenever the pref is changed.

 > But beyond this, there's actually two bugs in the storage of this locale
 information. In the case of DefaultJSLocaleSetter::jsLocale, you leak it
 on XPCOM shutdown. In the case of DefaultJSLocaleSetting::systemLocale,
 you are keeping a pointer to a static buffer, so that subsequent calls to
 setlocale may cause this memory to get replaced with something else. It
 probably will always contain the actual current locale, but this seems a
 bit sloppy to rely on.

 Thanks for catching these two bad mistakes. I believe I've fixed them in
 the new patch version, added above. I also changed the implementation to
 use Preferences::RegisterCallback/UnRegisterCallback, which is more
 concise than the nsIObserver approach.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13019#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #13325 [- Select a component]: Tor crash on OpenBSD-current since 2014-08-10
Next by Author: Re: [tor-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR
Previous by thread: Re: [tor-bugs] #13325 [Tor]: Tor crash on OpenBSD-current since 2014-08-10
Next by thread: Re: [tor-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR
Index(es):
- Author
- Thread