Issue metadata
Sign in to add a comment
|
Invalid content settings patterns can be stored but not re-constructed correctly
Reported by
jeff.v...@gmail.com,
Mar 1 2017
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/55.0.2883.87 Chrome/55.0.2883.87 Safari/537.36 Steps to reproduce the problem: I haven't tried to reproduce it on another computer. What is the expected behavior? Chromium does not attempt to open files to which it does not use. What went wrong? Here's an extract from my syslog: Mar 1 07:35:13 behemoth chromium-browser.desktop[6013]: [6013:6013:0301/073513: ERROR:content_settings_pref.cc(469)] Invalid pattern strings: file:///home/jeff/ Videos/Screencast%20from%2025-01-16%2011:14:51.webm,* Mar 1 07:35:13 behemoth chromium-browser.desktop[6013]: [6013:6013:0301/073513: ERROR:content_settings_pref.cc(469)] Invalid pattern strings: file:///home/jeff/ Videos/Screencast%20from%2026-01-16%2002:21:43.webm,* Mar 1 07:35:13 behemoth chromium-browser.desktop[6013]: [6013:6013:0301/073513: ERROR:content_settings_pref.cc(469)] Invalid pattern strings: file:///home/jeff/ localmail/jeff.veit/.Drafts/cur/1404166991.M501786P27884.nutkin,S=7991,W=8193:2, D,* Mar 1 07:35:13 behemoth chromium-browser.desktop[6013]: [6013:6013:0301/073513: ERROR:content_settings_pref.cc(469)] Invalid pattern strings: file:///home/jeff/localmail/jeff.veit/.Sent/cur/1396310064.M823445P3404.nutkin,S=5426,W=5574:2,S,* Mar 1 07:35:13 behemoth chromium-browser.desktop[6013]: [6013:6013:0301/073513:ERROR:content_settings_pref.cc(469)] Invalid pattern strings: file:///home/jeff/localmail/jeff.veit/.Sent/cur/1396323598.M490897P3417.nutkin,S=9764,W=10008:2,S,* I'm not sure why Chromium would be trying to open those files. I see from the code at https://github.com/crosswalk-project/chromium-crosswalk/blob/master/components/content_settings/core/browser/content_settings_pref.cc that it's scanning when this happens. I'm not sure how it comes to be scanning what appears to be home files. Did this work before? N/A Chrome version: 55.0.2883.87 Channel: stable OS Version: Ubuntu 16.04.2 LTS 64-bit Flash Version: I can only think there's a bug. I do have extensions loaded. Most recently I added the Pintrest extension. I do have an incognito window open, with a movie playing. I use an adblocker, so it's unlikely to be a website causing this. I use apparmor, but it was in complain mode when I spotted this. I'm classing this as a security issue because it appears as if Chromium is looking at files it shouldn't be.
,
Mar 1 2017
,
Mar 1 2017
I think I've tracked it down, and I don't think this is a security issue any longer. I think what is happening: I open a new incognito window, then history is copied for the window, and there's a bug in the parser or in the way history was written that generates the error I've seen. I think this because I can generate the error by opening an incognito window, and I've recognised those URLs as things I've looked at through my browser. So it may be reproducible for any file you view in your browser using 'file:///some/path/to/a/file' when you subsequently open an incognito window. I'd say it's a minor bug.
,
Mar 1 2017
And the title is misleading now.
,
Mar 1 2017
I think #3 is sort of on the right lines. I think it's to do with the path being stored being incompatible with the way content settings work. It's something to look at but definitely not a security bug.
,
Nov 10 2017
,
Feb 18 2018
,
Oct 11
Do we have an understanding of how those invalid patterns were created in the first place? |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Mar 1 2017