Opened 6 years ago

Last modified 20 months ago

#8132 assigned defect

[CHROME] Cookies rewriting infinite loop w/ Keep MORE|MY opt-outs installed

Reported by: dtauerbach Owned by: dtauerbach
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Normal Keywords:
Cc: kjd Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Forked from https://trac.torproject.org/projects/tor/ticket/6613. This is to track the issue of HTTPS Everywhere writing secure cookies and KMOO presumably re-writing insecure cookies, leading to an infinite loop. I do not believe that this is related to the core CPU issue in ticket 6613.

Child Tickets

Change History (5)

comment:1 Changed 6 years ago by dtauerbach

Owner: changed from pde to dtauerbach
Status: newassigned

comment:2 Changed 6 years ago by dtauerbach

Looking at the code, it seems KMOO uses "url" (with scheme) instead of "domain" to decide whether to regenerate a cookie:

https://code.google.com/p/chrome-opt-out-extension/source/browse/trunk/chrome/KMOO.Cookie.js#119
https://code.google.com/p/chrome-opt-out-extension/source/browse/trunk/chrome/KMOO.PolicyRegistry.js#85

If this extension used domain instead, then I think that would avoid the infinite loop we're seeing.

comment:3 Changed 6 years ago by dtauerbach

Actually I think the issue is that HTTPS Everywhere removes and regenerates cookies with secure flag set. KMOO catches the removal of the insecure cookie and creates another insecure cookie, which HTTPS E catches, removes and regenerates.

comment:4 Changed 6 years ago by dtauerbach

From http://developer.chrome.com/extensions/cookies.html:

"As a special case, note that updating a cookie's properties is implemented as a two step process: the cookie to be updated is first removed entirely, generating a notification with "cause" of "overwrite" . Afterwards, a new cookie is written with the updated values, generating a second notification with "cause" "explicit". "

HTTPS Everywhere is calling chrome.cookies.set() and KMOO has an onChanged handler seeing that an (insecure) cookie is being deleted and trying to recreate it.

I think we need KMOO to change its behavior for this to work by checking for any valid version of a cookie before attempting to re-create it. I will point Mike West to this thread.

comment:5 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.