New issue
Advanced search Search tips

Issue 818315 link

Starred by 1 user
Status: Assigned
Owner:
lazyboy@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Invalid verified_contents.json can be written to disk if hash fetcher fetched wrong response

Project Member Reported by lazyboy@chromium.org, Mar 2 2018 
In content_hash_fetcher.cc, we fetch verified_contents.json from network if the file on disk was missing/corrupt. However, if the fetch fails, e.g. got a 404 page response, content_hash_fetcher.cc will write that response to disk before checking if it was a valid looking verified_contents first.

This is not the end of the world as we will later read the file, JSON parse it, and the outcome will be failure anyway. But it definitely seems a bit odd where the failure could have been identified earlier and with less cost (i.e. less file read + json parse).

I noticed this while writing a test, filing to track the issue.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 3 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4dacae9837240e8c9f74f7db10662cb8eab5bba3

commit 4dacae9837240e8c9f74f7db10662cb8eab5bba3
Author: Istiaque Ahmed <lazyboy@chromium.org>
Date: Sat Mar 03 07:01:42 2018

Add two tests for content hash fetch failure.

This CL adds two tests to exercise scenarios where verified_contents.json fetch
can fail. The tests make sure that the fetch fails and ContentHashFetcher
responds correctly.

FetchInvalidVerifiedContents: Fetched hash contains invalid signature content.
Fetch404VerifiedContents: Hash fetch results in 404.

Bug: 818315, 796395
Change-Id: I3606bf504bf1e710705d2020bdf0ac3afa84d77a
Reviewed-on: https://chromium-review.googlesource.com/942182
Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540747}
[modify] https://crrev.com/4dacae9837240e8c9f74f7db10662cb8eab5bba3/extensions/browser/content_hash_fetcher_unittest.cc
[modify] https://crrev.com/4dacae9837240e8c9f74f7db10662cb8eab5bba3/extensions/test/data/content_hash_fetcher/missing_verified_contents/README.txt
[add] https://crrev.com/4dacae9837240e8c9f74f7db10662cb8eab5bba3/extensions/test/data/content_hash_fetcher/missing_verified_contents/invalid_verified_contents.json

Sign in to add a comment