Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone] IPFS crash #23646

Closed
diracdeltas opened this issue Jun 23, 2022 · 3 comments · Fixed by brave/brave-core#13989
Closed

[hackerone] IPFS crash #23646

diracdeltas opened this issue Jun 23, 2022 · 3 comments · Fixed by brave/brave-core#13989
Assignees
@cypt4
Labels
crash feature/web3/ipfs OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Milestone
1.42.x - Release

Comments

@diracdeltas
Copy link
Member

diracdeltas commented Jun 23, 2022
edited
Loading

https://hackerone.com/reports/1610343
credit:
neeythann
@diracdeltas diracdeltas added priority/P2 A bad problem. We might uplift this to the next planned release. OS/Desktop feature/web3/ipfs security crash labels Jun 23, 2022
@diracdeltas
Copy link
Member Author

please don't share the link publicly that causes the crash

@cypt4 cypt4 mentioned this issue Jun 28, 2022
Merged
25 tasks
cypt4 added a commit to brave/brave-core that referenced this issue Jun 29, 2022
@cypt4
Do not proceed loading ipfs resources if ipfs is disabled
18eca00 
Resolves brave/brave-browser#23646
cypt4 added a commit to brave/brave-core that referenced this issue Jun 30, 2022
@cypt4
Do not proceed loading ipfs resources if ipfs is disabled
42e546f 
Resolves brave/brave-browser#23646
cypt4 added a commit to brave/brave-core that referenced this issue Jul 1, 2022
@cypt4
Do not proceed loading ipfs resources if ipfs is disabled
0fb80b9 
Resolves brave/brave-browser#23646
@cypt4 cypt4 added the QA/Yes label Jul 2, 2022
@brave-builds brave-builds added this to the 1.42.x - Nightly milestone Jul 2, 2022
@stephendonner
Copy link

@cypt4 @diracdeltas 👋 do you have a step-by-step testcase handy QA can follow? If there's something to be not made public in the verification, we can create an internal issue and cross-link here.

Marking QA/Blocked and QA/Test-Plan-Required until then. Thanks in advance!

@stephendonner
Copy link

stephendonner commented Jul 13, 2022
edited by btlechowski
Loading

Verified PASSED using

Brave 1.42.62 Chromium: 103.0.5060.114 (Official Build) beta (x86_64)
Revision a1c2360c5b02a6d4d6ab33796ad8a268a6128226-refs/branch-heads/5060@{#1124}
OS macOS Version 13.0 (Build 22A5295i)

Conversation with the original link (now defunct) and minimal testcase (which works) is in https://bravesoftware.slack.com/archives/G2KN13Z8C/p1657739382970029?thread_ts=1657733235.918989&cid=G2KN13Z8C

Steps:

  1. installed 1.42.62
  2. launched Brave
  3. created a minimal testcase from the above Slack link, and saved it
  4. set Method to resolve IPFS resources to Disabled, in brave://settings/ipfs
  5. loaded the minimal testcase

Confirmed I don't crash, and the IPFS resource was blocked

IPFS disabled testcase blocked
Screenshot 2022-07-13 at 12 50 08 PM Screenshot 2022-07-13 at 12 48 55 PM

Verification PASSED on

Brave | 1.42.80 Chromium: 104.0.5112.57 (Official Build) (64-bit)
-- | --
Revision | 212fd173a0da1e0a024f328295bb56a2529190bb-refs/branch-heads/5112@{#1042}
OS | Windows 10 Version 21H2 (Build 19044.1826)
  • Verified the steps above
  • Confirmed that there is no crash when the IPFS resource was blocked
IPFS disabled testcase blocked
image image

Verification passed on

Brave 1.42.81 Chromium: 104.0.5112.69 (Official Build) (64-bit)
Revision 7ce2902023c722af8564068e6b26e934b83fd774-refs/branch-heads/5112@{#1213}
OS Ubuntu 18.04 LTS
  • Verified the steps above
  • Confirmed that there is no crash when the IPFS resource was blocked
IPFS disabled testcase blocked
image image

@LaurenWags LaurenWags mentioned this issue Aug 2, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cypt4 cypt4

Labels
crash feature/web3/ipfs OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include security
Projects
None yet
Milestone
1.42.x - Release
Development

Successfully merging a pull request may close this issue.

Do not proceed loading ipfs resources if ipfs is disabled brave/brave-core
7 participants
@stephendonner @diracdeltas @LaurenWags @btlechowski @GeetaSarvadnya @brave-builds @cypt4