Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1770313004:
Not saving whitelist icon paths that reference the parent. (Closed)
DescriptionNot saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
Committed: https://crrev.com/6b03d171d4137691637129ebad5cab20f4babbbb
Cr-Commit-Position: refs/heads/master@{#381557}
Patch Set 1 #
Total comments: 3
Patch Set 2 : #
Total comments: 2
Patch Set 3 : Addressing Bernhard's comment #Messages
Total messages: 20 (8 generated)
atanasova@chromium.org changed reviewers: + treib@chromium.org
https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... File chrome/browser/component_updater/supervised_user_whitelist_installer.cc (right): https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... chrome/browser/component_updater/supervised_user_whitelist_installer.cc:83: return base::FilePath(); Probably the same should apply below for the raw whitelist path? Maybe worth making a helper like "GetSafeFilePath(dict, key)"?
https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... File chrome/browser/component_updater/supervised_user_whitelist_installer.cc (right): https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... chrome/browser/component_updater/supervised_user_whitelist_installer.cc:83: return base::FilePath(); On 2016/03/09 14:50:53, Marc Treib wrote: > Probably the same should apply below for the raw whitelist path? Maybe worth > making a helper like "GetSafeFilePath(dict, key)"? Done.
LGTM!
Description was changed from
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
==========
to
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
==========
atanasova@chromium.org changed reviewers: + sorin@chromium.org
Adding Soring for OWNERS approval
atanasova@chromium.org changed reviewers: + bauerb@chromium.org
Friendly ping
https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... File chrome/browser/component_updater/supervised_user_whitelist_installer.cc (right): https://codereview.chromium.org/1770313004/diff/1/chrome/browser/component_up... chrome/browser/component_updater/supervised_user_whitelist_installer.cc:83: return base::FilePath(); On 2016/03/09 14:50:53, Marc Treib wrote: > Probably the same should apply below for the raw whitelist path? Maybe worth > making a helper like "GetSafeFilePath(dict, key)"? (The raw whitelists are read with ReadFileToString, which already refuses to load a file that references a parent directory, but it's good to fail early here.) https://codereview.chromium.org/1770313004/diff/20001/chrome/browser/componen... File chrome/browser/component_updater/supervised_user_whitelist_installer.cc (right): https://codereview.chromium.org/1770313004/diff/20001/chrome/browser/componen... chrome/browser/component_updater/supervised_user_whitelist_installer.cc:72: base::FilePath path; Move this to where it's used.
https://codereview.chromium.org/1770313004/diff/20001/chrome/browser/componen... File chrome/browser/component_updater/supervised_user_whitelist_installer.cc (right): https://codereview.chromium.org/1770313004/diff/20001/chrome/browser/componen... chrome/browser/component_updater/supervised_user_whitelist_installer.cc:72: base::FilePath path; On 2016/03/15 09:34:52, bauerb catching up on reviews wrote: > Move this to where it's used. Done.
lgtm Thank you! I apologize for the late review. Please always IM me when I am not responding to reviews right away.
The CQ bit was checked by atanasova@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from treib@chromium.org Link to the patchset: https://codereview.chromium.org/1770313004/#ps40001 (title: "Addressing Bernhard's comment")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1770313004/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1770313004/40001
Message was sent while issue was closed.
Description was changed from
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
==========
to
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
==========
Message was sent while issue was closed.
Committed patchset #3 (id:40001)
Message was sent while issue was closed.
Description was changed from
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
==========
to
==========
Not saving whitelist icon paths that reference the parent.
If the icon path that we get from the manifest contains a reference to
the parent directory ("..") we would not save it and associate with the
whitelist. This is done in order to avoid malicious access to parent
folders.
Committed: https://crrev.com/6b03d171d4137691637129ebad5cab20f4babbbb
Cr-Commit-Position: refs/heads/master@{#381557}
==========
Message was sent while issue was closed.
Patchset 3 (id:??) landed as https://crrev.com/6b03d171d4137691637129ebad5cab20f4babbbb Cr-Commit-Position: refs/heads/master@{#381557} |
