SimplePortal

Development => Bugs => Fixed or Bogus Bugs => Topic started by: Insanity01 on September 20, 2015, 01:34:30 PM

Title: Chrome NULL terminator crashes pages
Post by: Insanity01 on September 20, 2015, 01:34:30 PM
You can crash chrome by going to the url: http://a/%%30%30
Furthermore, just hovering over such a URL will crash the tab. Now this is an issue in chromium and thus of little relevance to you. However, it does affect your forum engine in a larger way than I have found on other websites.

When you enter the following as your profile signature, we have some bad behaviour.
Code: [Select]
[img]http://a/%%30%30[/img]
After entering that as my profile picture, any page on which I had left a comment would crash. I get that this is kind of an issue in chromium, but it seems to me that having a check to make sure the URL does not contain a malicious string of this kind would be a good thing. I get why this happens - you probably send a GET request to the URL I have entered each time I load a page where I commented, which results in the rather unwanted behaviour. I also get that this problem *should* get fixed by the chromium developers but not everyone updates their browser!

Anyway, I just thought I'd leave this here, even if you guys decide to just wait untill it gets fixed in chromium!

Title: Re: Chrome NULL terminator crashes pages
Post by: ♦ Ninja ZX-10RR ♦ on September 20, 2015, 08:09:26 PM
Insanity01,

Thank you for your report... I have to admit I was like "Huh?" when I was reading it and couldn't believe it until I actually hovered that link and saw Chrome crashing in front of me... Well, I sent them a rather angry feedback about it.
By the way it's not really a SimplePortal bug, and not even an SMF one. However, since it does affect the whole forum software itself, I'd say it should be addressed by the SMF devs, so that *everyone* can have a fix for that, because if we fix it on our end then only SimplePortal users will have it fixed.

Note: credits to BurkeKnight, it also crashes on Opera (because it's based on Chrome).

Regards
Title: Re: Chrome NULL terminator crashes pages
Post by: Insanity01 on September 20, 2015, 10:07:58 PM
Insanity01,

Thank you for your report... I have to admit I was like "Huh?" when I was reading it and couldn't believe it until I actually hovered that link and saw Chrome crashing in front of me... Well, I sent them a rather angry feedback about it.
By the way it's not really a SimplePortal bug, and not even an SMF one. However, since it does affect the whole forum software itself, I'd say it should be addressed by the SMF devs, so that *everyone* can have a fix for that, because if we fix it on our end then only SimplePortal users will have it fixed.

Note: credits to BurkeKnight, it also crashes on Opera (because it's based on Chrome).

Regards

That's an error of my part, I wasn't sure where to post this. I figured either SP or SMF, and I opted for this one. But yes, it should be globally solved for people running the software.. Furthermore, I think that this might open the road for other security issues - as I don't have to hover over the link anymore to make it crash. Anyone opening a thread where I commented will just crash - without even my signature being seen by them. I'm not sure if this raises other security issues - but I will check this out a bit further and if I find any more things I can 'break' with this approach, I'll post it on SMF or here for sure.

Thanks for your feedback, and I hope this ends up at the right party to solve this issue.

Regards,

Dylan
Title: Re: Chrome NULL terminator crashes pages
Post by: ♦ Ninja ZX-10RR ♦ on September 21, 2015, 12:27:45 AM
I posted it immediately on sm.org after you opened the topic already :) http://www.simplemachines.org/community/index.php?topic=539935.0

They will yell at you if you say there are security issues though :P I also think it can be somewhat annoying, but I don't get the insta-crash when I open this topic at least.

Regards
Title: Re: Chrome NULL terminator crashes pages
Post by: ccbtimewiz on September 21, 2015, 05:40:38 PM
You can add this into the word censors of your board:

Code: [Select]
http://a/%
This will prevent users from using the link at all in their signatures and posts.

You can also edit the parse_bbc function and modify how it produces URL, IMG, and IURL, if for whatever reason you don't want to use the board censors.

In /Sources/Subs.php

There are 6 instances.

Find:
Code: [Select]
$data = \'http://\' . $data;
Replace with:
Code: [Select]
$data = \'http://\' . $data;
$data = str_replace(array(\'http://a/%\', \'https://a/%\'), array(\'http://\', \'https://\'), $data);

However, this issue will most likely be fixed very soon by the Chrome developers according to this source (https://code.google.com/p/chromium/issues/detail?id=533361).
Title: Re: Chrome NULL terminator crashes pages
Post by: ♦ Ninja ZX-10RR ♦ on September 21, 2015, 05:52:58 PM
Nice, I had to login on Firefox to read the reply because it crashes even before opening the topic now. Yep Sayaka you can do that but I don't think it will work for all cases, it's not just that link at fault, I found others on the net.
Title: Re: Chrome NULL terminator crashes pages
Post by: ccbtimewiz on September 25, 2015, 01:33:33 PM
This is no longer a problem.
Title: Re: Chrome NULL terminator crashes pages
Post by: ♦ Ninja ZX-10RR ♦ on September 25, 2015, 10:24:46 PM
Confirmed. I think I'll go ahead and mark this as solved since the Chrome devs fixed it.
SimplePortal 2.3.8 © 2008-2024, SimplePortal