yajun0601 / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

mac client: uploader.mm does not validate POST result string used to rename minidump #590

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
== What steps will reproduce the problem? ==
1. start a node.js instance running from code in 
https://github.com/atom/mini-breakpad-server
2. set the BreakpadTest.app Info.plist BreakpadURL key to 
http://localhost:1127/post
3. run BreakpadTest.app and press the crash with airbag installed button
4. click Send button of crash reporter dialog

== What is the expected output? ==
The minidump file in ~/Library/Breakpad/Breakpad_Test should keep its original 
filename
== What do you see instead? ==
The minidump file is renamed to ".dmp" in ~/Library/Breakpad/Breakpad_Test

== What version of the product are you using? ==
version: svn r1132
== On what operating system? ==
platform: OSX 10.9.3

== Please provide any additional information below. ==
uploader.mm expects the server upload POST reply to be a reportID, which it 
uses to rename the minidump file.

However uploader.mm doesn't validate the response from the server, which could 
be empty or contain characters unsuitable for simple filenames on macosx.

In the steps above, the minidump POST succeeds, but the mini-breakpad-server 
replies with an empty string. I will contact the developer with a fix for this.

But in any case, uploader.mm should always inspect the server response and 
either sanitize the string before using it to rename the minidump file, or skip 
the rename altogether.

Original issue reported on code.google.com by steve.ha...@gmail.com on 25 May 2014 at 3:53