Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#7290 closed defect (fixed)

Signature header generated by sitekey-frame page doesn't verify

Reported by: kzar Assignee: kvas
Priority: P3 Milestone:
Module: Sitescripts Keywords:
Cc: kvas, Ross, greiner Blocked By:
Blocking: #7164 Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/30011569

Description (last modified by kzar)

Environment

Chrome 71, Adblock Plus development build from current HEAD.

How to reproduce

  1. Modify Adblock Plus to log the result of verifySignature in adblockplus/lib/whitelisting.js.
  2. Rebuild the extension.
  3. Navigate to https://testpages.adblockplus.org/sitekey-frame

Observed behaviour

The signature verification fails.

Expected behaviour

The signature verification succeeds.

Notes

  • This likely means that sitescripts/sitescripts/testpages/web/sitekey_frame.py is using the wrong parameters to generate the signature. See this line:
key.sign_update('\x00'.join((
    request_path(environ), environ['HTTP_HOST'], environ['HTTP_USER_AGENT']
)))
  • When I run sitekey-frame locally using multiplexer.py the signature verifies OK. The values I see are /sitekey-frame, localhost:5000 and Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 respectively.

Change History (11)

comment:1 Changed 9 months ago by kzar

  • Description modified (diff)

comment:2 Changed 9 months ago by kzar

What do you think Vasily? Do you think request_path(environ), environ['HTTP_HOST'] and environ['HTTP_USER_AGENT'] are correct? Any idea how we can verify their values?

comment:3 Changed 9 months ago by kzar

  • Description modified (diff)

comment:4 Changed 9 months ago by kzar

  • Description modified (diff)

comment:5 Changed 9 months ago by greiner

  • Cc greiner added

comment:6 Changed 9 months ago by kvas

  • Owner set to kvas
  • Priority changed from Unknown to P3
  • Ready set

comment:7 Changed 9 months ago by kvas

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:8 Changed 9 months ago by abpbot

A commit referencing this issue has landed:
Issue 7290 - Fix signature production in sitekey_frame.py

comment:9 Changed 9 months ago by kzar

  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:10 Changed 9 months ago by kzar

Thanks again Vasily :)

comment:11 Changed 9 months ago by kvas

No problem. Thanks for the review!

Note: See TracTickets for help on using tickets.