[Pkg-mozext-commits] [perspectives-extension] 01/02: Backport security fix from 4.3.6
David Prévot
taffit at alioth.debian.org
Mon Sep 30 01:33:12 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch wheezy
in repository perspectives-extension.
commit a3f0c5cf448ca71719d607ce367472d96cc522b1
Author: David Prévot <taffit at debian.org>
Date: Thu Sep 26 19:24:03 2013 -0400
Backport security fix from 4.3.6
Incorrect quorum length with low number of notaries and/or low quorum
percentage.
Closes: #724960
Git-Dch: Full
---
...t_policy-Add-checks-against-quorum-size-0.patch | 50 ++++++++++++++++++++
...s-Move-quorum-calculation-to-its-own-func.patch | 43 +++++++++++++++++
...s-Add-min-and-max-bounds-on-getQuorumAsIn.patch | 40 ++++++++++++++++
debian/patches/series | 3 ++
4 files changed, 136 insertions(+)
diff --git a/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch b/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch
new file mode 100644
index 0000000..f49adc8
--- /dev/null
+++ b/debian/patches/0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch
@@ -0,0 +1,50 @@
+From: Dave Schaefer <dave.schaefer at gmail.com>
+Date: Wed, 18 Sep 2013 21:26:48 -0600
+Subject: Pers_client_policy - Add checks against quorum size 0
+
+We should never return true nor report any duration for sizes < 1.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/cb3d9913217afb0973281275cd4269ed0c1acc2c
+Bug: https://github.com/danwent/Perspectives/issues/87
+---
+ plugin/chrome/content/client_policy.js | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/plugin/chrome/content/client_policy.js b/plugin/chrome/content/client_policy.js
+index fd74f43..72f31c6 100644
+--- a/plugin/chrome/content/client_policy.js
++++ b/plugin/chrome/content/client_policy.js
+@@ -119,6 +119,10 @@ get_all_key_changes : function(results) {
+ } ,
+
+ check_current_consistency : function(test_key,results,quorum_size,stale_limit_secs,cur_time) {
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
+ //get_all_key_changes(results);
+ var num_valid = Pers_client_policy.get_num_valid_notaries(test_key,results,stale_limit_secs,cur_time);
+ Pers_debug.d_print("policy",
+@@ -127,6 +131,10 @@ check_current_consistency : function(test_key,results,quorum_size,stale_limit_se
+ },
+
+ has_quorum_at_time : function(test_key, results, quorum_size, time) {
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
+ Pers_debug.d_print("policy", "testing quorum for time " + time +
+ " and key: " + test_key);
+ var total_valid = 0;
+@@ -156,6 +164,11 @@ has_quorum_at_time : function(test_key, results, quorum_size, time) {
+ // returns duration in seconds - i.e. days * 24 * 3600.
+ get_quorum_duration : function(test_key, results, quorum_size, stale_limit_secs, unixtime) {
+
++ if (quorum_size < 1) {
++ Pers_debug.d_print("error", "ERROR: quorum size cannot be less than 1.");
++ return false;
++ }
++
+ if(! Pers_client_policy.check_current_consistency(test_key,results,quorum_size,
+ stale_limit_secs,unixtime)) {
+ Pers_debug.d_print("policy","current_consistency_failed");
diff --git a/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch b/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch
new file mode 100644
index 0000000..11c39ee
--- /dev/null
+++ b/debian/patches/0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch
@@ -0,0 +1,43 @@
+From: Dave Schaefer <dave.schaefer at gmail.com>
+Date: Sat, 21 Jul 2012 13:04:45 -0700
+Subject: Perspectives - Move quorum calculation to its own function
+
+This is in anticipation of writing code that will also call the function.
+Let's separate some functionality to make things more object-oriented
+and easier to use.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/fe6551ee7d26829bf69d00f49579fc1be48f42a8
+---
+ plugin/chrome/content/notaries.js | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js
+index 2bdecb6..cb12d61 100644
+--- a/plugin/chrome/content/notaries.js
++++ b/plugin/chrome/content/notaries.js
+@@ -391,6 +391,14 @@ var Perspectives = {
+ }
+ },
+
++ // return the quorum as an integer
++ // e.g. useful for comparing against the number of results
++ getQuorumAsInt: function() {
++ var q_thresh = Perspectives.root_prefs.
++ getIntPref("perspectives.quorum_thresh") / 100;
++ return Math.round(this.all_notaries.length * q_thresh);
++ },
++
+ notaryQueriesComplete: function(ti) {
+ try {
+ if(Perspectives.strbundle == null) {
+@@ -404,9 +412,7 @@ var Perspectives = {
+ var test_key = ti.cert.md5Fingerprint.toLowerCase();
+ // 2 days (FIXME: make this a pref)
+ var max_stale_sec = 2 * 24 * 3600;
+- var q_thresh = Perspectives.root_prefs.
+- getIntPref("perspectives.quorum_thresh") / 100;
+- var q_required = Math.round(this.all_notaries.length * q_thresh);
++ var q_required = Perspectives.getQuorumAsInt();
+ var unixtime = Pers_util.get_unix_time();
+ var quorum_duration = Pers_client_policy.get_quorum_duration(test_key,
+ server_result_list, q_required, max_stale_sec,unixtime);
diff --git a/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch b/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
new file mode 100644
index 0000000..ab23245
--- /dev/null
+++ b/debian/patches/0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
@@ -0,0 +1,40 @@
+From: Dave Schaefer <dave.schaefer at gmail.com>
+Date: Wed, 18 Sep 2013 21:30:00 -0600
+Subject: Perspectives - Add min and max bounds on getQuorumAsInt()
+
+These were somewhat enforced in the UI, but we need to also
+enforce them here in case the user picks a really low value.
+
+Origin: upstream, https://github.com/danwent/Perspectives/commit/1f85a52364d59199babfb0d55ea48a38ce0e32ae
+Bug: https://github.com/danwent/Perspectives/issues/87
+---
+ plugin/chrome/content/notaries.js | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/plugin/chrome/content/notaries.js b/plugin/chrome/content/notaries.js
+index cb12d61..cc9ba28 100644
+--- a/plugin/chrome/content/notaries.js
++++ b/plugin/chrome/content/notaries.js
+@@ -394,9 +394,21 @@ var Perspectives = {
+ // return the quorum as an integer
+ // e.g. useful for comparing against the number of results
+ getQuorumAsInt: function() {
++ var MIN_NOTARY_COUNT = 1;
++ //FIXME: we can cache the value inside getNotaryList() if calling is too slow.
++ var notary_count = this.getNotaryList().length;
+ var q_thresh = Perspectives.root_prefs.
+ getIntPref("perspectives.quorum_thresh") / 100;
+- return Math.round(this.all_notaries.length * q_thresh);
++ var q_count = Math.round(notary_count * q_thresh);
++
++ if (q_count < MIN_NOTARY_COUNT) {
++ q_count = MIN_NOTARY_COUNT;
++ }
++ else if (q_count > notary_count) {
++ q_count = notary_count;
++ }
++
++ return q_count;
+ },
+
+ notaryQueriesComplete: function(ti) {
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..648809c
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+0001-Pers_client_policy-Add-checks-against-quorum-size-0.patch
+0002-Perspectives-Move-quorum-calculation-to-its-own-func.patch
+0003-Perspectives-Add-min-and-max-bounds-on-getQuorumAsIn.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/perspectives-extension.git
More information about the Pkg-mozext-commits
mailing list