Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#7290 closed defect (fixed)

Signature header generated by sitekey-frame page doesn't verify

Reported by: kzar Assignee: kvas
Priority: P3 Milestone:
Module: Sitescripts Keywords:
Cc: kvas, Ross, greiner Blocked By:
Blocking: #7164 Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/30011569

Description (last modified by kzar)

Environment

Chrome 71, Adblock Plus development build from current HEAD.

How to reproduce

  1. Modify Adblock Plus to log the result of verifySignature in adblockplus/lib/whitelisting.js.
  2. Rebuild the extension.
  3. Navigate to https://testpages.adblockplus.org/sitekey-frame

Observed behaviour

The signature verification fails.

Expected behaviour

The signature verification succeeds.

Notes

  • This likely means that sitescripts/sitescripts/testpages/web/sitekey_frame.py is using the wrong parameters to generate the signature. See this line:
key.sign_update('\x00'.join((
    request_path(environ), environ['HTTP_HOST'], environ['HTTP_USER_AGENT']
)))
  • When I run sitekey-frame locally using multiplexer.py the signature verifies OK. The values I see are /sitekey-frame, localhost:5000 and Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 respectively.

Change History (11)

comment:1 Changed 19 months ago by kzar

  • Description modified (diff)

comment:2 Changed 19 months ago by kzar

What do you think Vasily? Do you think request_path(environ), environ['HTTP_HOST'] and environ['HTTP_USER_AGENT'] are correct? Any idea how we can verify their values?

comment:3 Changed 19 months ago by kzar

  • Description modified (diff)

comment:4 Changed 19 months ago by kzar

  • Description modified (diff)

comment:5 Changed 19 months ago by greiner

  • Cc greiner added

comment:6 Changed 19 months ago by kvas

  • Owner set to kvas
  • Priority changed from Unknown to P3
  • Ready set

comment:7 Changed 19 months ago by kvas

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:8 Changed 19 months ago by abpbot

A commit referencing this issue has landed:
Issue 7290 - Fix signature production in sitekey_frame.py

comment:9 Changed 19 months ago by kzar

  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:10 Changed 19 months ago by kzar

Thanks again Vasily :)

comment:11 Changed 19 months ago by kvas

No problem. Thanks for the review!

Note: See TracTickets for help on using tickets.