psiphon

Security: Malicious content provider may be able to bypass rewriting

Bug #457460 reported by root on 2009-07-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	psiphon	Fix Committed	Unknown	Unassigned

Bug Description

* Rewriter acts on content by MIME type. HTML, JS, and CSS types have specific rewriting filters. Other types such as images are not rewritten.
            * Malicious content provider server can tag content with incorrect MIME type. E.g., tag HTML as image.
            * Some browsers are known to sometimes fudge MIME types (for example, IE will treat a JPEG file requested directly as HTML if that's what the file contains). What happens when an included Javascript file resource is mislabeled?
            * Some improvements can be made. When rewriting HTML, replace all Javascript/CSS includes with rewritten URLs that embed the expected content type. This will ensure that Psiphon will aggressively rewrite these resources regardless of the MIME type the content provider labels them with.

See original description

Tags:

Adam P (adam+) on 2009-10-29

Changed in psiphon:
status:	New → Confirmed

Rod (rod-psiphon) on 2009-11-24

visibility:

private → public

e.fryntov (e-fryntov) on 2010-05-06

tags:

added: category2

Revision history for this message

Adam P (adam+) wrote on 2010-05-07:

Probably related: bug #457471

e.fryntov (e-fryntov) on 2010-06-01

Changed in psiphon:
status:	Confirmed → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.