Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible security issue when deleting databases for IndexedDB #25320

Open
rasviitanen opened this issue Dec 17, 2019 · 0 comments
Open

Possible security issue when deleting databases for IndexedDB #25320

rasviitanen opened this issue Dec 17, 2019 · 0 comments
Labels
A-content/indexeddb A-security

Comments

@rasviitanen
Copy link
Contributor

@rasviitanen rasviitanen commented Dec 17, 2019

When handeling the SyncOperation::DeleteDatabase case in handle_sync_operation we sanitize the name through an IndexedDBDescription and run std::fs::remove_dir_all(...) with this name.
If std::fs::remove_dir_all gets the wrong input, things can go very badly and start to delete the wrong files instead of the database files.

We should evaluate if this is a true security issue, or if the string sanitation covers all malicious input.

function:
handle_sync_operation
files:
components\net\indexeddb\idb_thread.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/indexeddb A-security
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@jdm @rasviitanen
You can’t perform that action at this time.