Add path validation to prevent NTLM leak in getFileSystemInfo [chromium/src : main]
0 views
Skip to first unread message
Hamda Mare (Gerrit)
Apr 28, 2026, 11:50:40 PM (13 days ago) Apr 28
to Fredrik Söderquist, Menard, Alexis, Kevin McNee, Dirk Schulze, James Maclean, (Julie)Jeongeun Kim, Chromium Metrics Reviews, Lei Zhang, Nikhil Nayunigari, Stephen Chenney, Kevin Babbitt, android-bu...@system.gserviceaccount.com, Sebastien Lalancette, Chromium LUCI CQ, chromium...@chromium.org, michaelchec...@google.com, ios-revie...@chromium.org, scheduler...@chromium.org, tburkar...@chromium.org, fmalit...@chromium.org, gavin...@chromium.org, omnibox-...@chromium.org, prerenderi...@chromium.org, jdonnel...@chromium.org, ortuno...@chromium.org, media-cro...@chromium.org, language...@chromium.org, kouhe...@chromium.org, francisjp...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, jonmann+wa...@chromium.org, mac-r...@chromium.org, dgroga...@chromium.org, asvitkine...@chromium.org, dbaro...@chromium.org, jiajunz+wa...@google.com, accessibility-a...@google.com, jmedle...@chromium.org, print-revi...@chromium.org, dtseng...@chromium.org, yuzo+...@chromium.org, zol...@webkit.org, oshima...@chromium.org, drott...@chromium.org, josiah...@chromium.org, blink-re...@chromium.org, lucasrada...@google.com, blink-revi...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, titoua...@chromium.org, asvitki...@chromium.org, penghuan...@chromium.org, chromeos-gfx-...@google.com, abigailbk...@google.com, vaapi-...@chromium.org, nektar...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, marq+...@chromium.org, stevenjb+wa...@chromium.org, blink-...@chromium.org, yongshun+...@google.com, feature-me...@chromium.org, jackshira+w...@google.com, hsuregan+wa...@chromium.org, chrome-intelligence-te...@google.com, khorimoto+w...@chromium.org, ejcaruso+wa...@chromium.org, ios-rev...@chromium.org, chrome-intell...@chromium.org, pdr+svgw...@chromium.org, ios-r...@chromium.org, chadduffin+w...@chromium.org, cblume...@chromium.org, dewitt...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Attention needed from Sebastien Lalancette
Hamda Mare added 2 comments![]( "Open in Gerrit")
Commit Message
Line 13, Patchset 3:
BUG=501857663
Change-Id: I85191565ad48d76375111b9fd1557d8bbb6c9766Sebastien Lalancette . resolved
Hamda Mare```suggestion
Fixed: 501857663
Change-Id: I85191565ad48d76375111b9fd1557d8bbb6c9766
```
Done
File chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
Line 690, Patchset 3:
for (const auto& api_options_param : params->request.options) {
EXTENSION_FUNCTION_VALIDATE(base::IsStringUTF8(api_options_param.path));
base::FilePath file_path =
base::FilePath::FromUTF8Unsafe(api_options_param.path);
if (file_path.IsNetwork()) {
return RespondNow(Error("Invalid file path."));
}
}Sebastien Lalancette . resolved
Hamda MareIs that the right way to return an error? It is different than what we do if the path is not UTF-8:
https://source.chromium.org/chromium/chromium/src/+/main:extensions/browser/extension_function.h;l=62?q=EXTENSION_FUNCTION_VALIDATE&ss=chromiumWould it not be simpler to just do:
```suggestion
bool paths_are_all_utf8 = true;
bool paths_are_all_local = true;
for (const auto& api_options_param : params->request.options) {
if (!base::IsStringUTF8(api_options_param.path)) {
paths_are_all_utf8 = false;
break;
}base::FilePath file_path =
base::FilePath::FromUTF8Unsafe(api_options_param.path);
if (file_path.IsNetwork()) {
paths_are_all_local = false;
break;
}
}
EXTENSION_FUNCTION_VALIDATE(paths_are_all_utf8);
EXTENSION_FUNCTION_VALIDATE(paths_are_all_local);
```
Done
Related details
Attention is currently required from:
- Sebastien Lalancette
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Sebastien Lalancette (Gerrit)
Apr 29, 2026, 10:10:59 AM (12 days ago) Apr 29
to Hamda Mare, Fredrik Söderquist, Menard, Alexis, Kevin McNee, Dirk Schulze, James Maclean, (Julie)Jeongeun Kim, Chromium Metrics Reviews, Lei Zhang, Nikhil Nayunigari, Stephen Chenney, Kevin Babbitt, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, michaelchec...@google.com, ios-revie...@chromium.org, scheduler...@chromium.org, tburkar...@chromium.org, fmalit...@chromium.org, gavin...@chromium.org, omnibox-...@chromium.org, prerenderi...@chromium.org, jdonnel...@chromium.org, ortuno...@chromium.org, media-cro...@chromium.org, language...@chromium.org, kouhe...@chromium.org, francisjp...@google.com, apavlo...@chromium.org, blink-rev...@chromium.org, jonmann+wa...@chromium.org, mac-r...@chromium.org, dgroga...@chromium.org, asvitkine...@chromium.org, dbaro...@chromium.org, jiajunz+wa...@google.com, accessibility-a...@google.com, jmedle...@chromium.org, print-revi...@chromium.org, dtseng...@chromium.org, yuzo+...@chromium.org, zol...@webkit.org, oshima...@chromium.org, drott...@chromium.org, josiah...@chromium.org, blink-re...@chromium.org, lucasrada...@google.com, blink-revi...@chromium.org, blink-re...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, titoua...@chromium.org, asvitki...@chromium.org, penghuan...@chromium.org, chromeos-gfx-...@google.com, abigailbk...@google.com, vaapi-...@chromium.org, nektar...@chromium.org, kinuko...@chromium.org, kyungjunle...@google.com, marq+...@chromium.org, stevenjb+wa...@chromium.org, blink-...@chromium.org, yongshun+...@google.com, feature-me...@chromium.org, jackshira+w...@google.com, hsuregan+wa...@chromium.org, chrome-intelligence-te...@google.com, khorimoto+w...@chromium.org, ejcaruso+wa...@chromium.org, ios-rev...@chromium.org, chrome-intell...@chromium.org, pdr+svgw...@chromium.org, ios-r...@chromium.org, chadduffin+w...@chromium.org, cblume...@chromium.org, dewitt...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org
Attention needed from Hamda Mare
Sebastien Lalancette added 2 comments![]( "Open in Gerrit")
Commit Message
Line 14, Patchset 14 (Latest):
Sebastien Lalancette . unresolved
Remove the extra line, as Gerrit only processes arguments in the last paragraph.
File chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
Line 682, Patchset 14 (Latest):
EnterpriseReportingPrivateGetFileSystemInfoFunction::Run() {Sebastien Lalancette . unresolved
Can you add a unit test to the existing suite?
Related details
Attention is currently required from:
- Hamda Mare
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
David Baron (Gerrit)
Apr 29, 2026, 10:23:52 AM (12 days ago) Apr 29
to Lei Zhang, Nikhil Nayunigari, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, Kevin McNee, Stephen Chenney, James Maclean, Fredrik Söderquist, (Julie)Jeongeun Kim, Menard, Alexis, Dirk Schulze, Kevin Babbitt, ortuno...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, pdr+svgw...@chromium.org, blink-re...@chromium.org, feature-me...@chromium.org, ios-r...@chromium.org, yuzo+...@chromium.org, kyungjunle...@google.com, blink-...@chromium.org, asvitki...@chromium.org, blink-revi...@chromium.org, kinuko...@chromium.org, jmedle...@chromium.org, dgroga...@chromium.org, vaapi-...@chromium.org, jonmann+wa...@chromium.org, zol...@webkit.org, accessibility-a...@google.com, apavlo...@chromium.org, francisjp...@google.com, josiah...@chromium.org, drott...@chromium.org, yongshun+...@google.com, stevenjb+wa...@chromium.org, jdonnel...@chromium.org, kouhe...@chromium.org, blink-re...@chromium.org, asvitkine...@chromium.org, scheduler...@chromium.org, dbaro...@chromium.org, gavin...@chromium.org, print-revi...@chromium.org, nektar...@chromium.org, cblume...@chromium.org, oshima...@chromium.org, abigailbk...@google.com, chromeos-gfx-...@google.com, dtseng...@chromium.org, tburkar...@chromium.org, blink-rev...@chromium.org, dewitt...@chromium.org, lucasrada...@google.com, chrome-intell...@chromium.org, penghuan...@chromium.org, titoua...@chromium.org, chadduffin+w...@chromium.org, jackshira+w...@google.com, ejcaruso+wa...@chromium.org, fmalit...@chromium.org, marq+...@chromium.org, hsuregan+wa...@chromium.org, jiajunz+wa...@google.com, michaelchec...@google.com, omnibox-...@chromium.org, mac-r...@chromium.org, media-cro...@chromium.org, ios-revie...@chromium.org, ios-rev...@chromium.org, language...@chromium.org, khorimoto+w...@chromium.org, chrome-intelligence-te...@google.com, David Baron
Attention needed from Hamda Mare
Hamda Mare has uploaded the change for review![]( "Open in Gerrit")
David Baron removed Lei Zhang, Nikhil Nayunigari, Akihiro Ota, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, Kevin McNee, Stephen Chenney, James Maclean, Fredrik Söderquist, (Julie)Jeongeun Kim, Menard, Alexis, Dirk Schulze, Nektarios Paisios, Kevin Babbitt, ortuno...@chromium.org, blink-rev...@chromium.org, blink-rev...@chromium.org, pdr+svgw...@chromium.org, blink-re...@chromium.org, feature-me...@chromium.org, ios-r...@chromium.org, yuzo+...@chromium.org, kyungjunle...@google.com, blink-...@chromium.org, asvitki...@chromium.org, blink-revi...@chromium.org, kinuko...@chromium.org, jmedle...@chromium.org, dgroga...@chromium.org, vaapi-...@chromium.org, jonmann+wa...@chromium.org, zol...@webkit.org, accessibility-a...@google.com, apavlo...@chromium.org, francisjp...@google.com, josiah...@chromium.org, drott...@chromium.org, yongshun+...@google.com, stevenjb+wa...@chromium.org, jdonnel...@chromium.org, kouhe...@chromium.org, blink-re...@chromium.org, asvitkine...@chromium.org, scheduler...@chromium.org, dbaro...@chromium.org, gavin...@chromium.org, print-revi...@chromium.org, nektar...@chromium.org, cblume...@chromium.org, oshima...@chromium.org, abigailbk...@google.com, chromeos-gfx-...@google.com, dtseng...@chromium.org, tburkar...@chromium.org, blink-rev...@chromium.org, dewitt...@chromium.org, lucasrada...@google.com, chrome-intell...@chromium.org, penghuan...@chromium.org, titoua...@chromium.org, chadduffin+w...@chromium.org, jackshira+w...@google.com, ejcaruso+wa...@chromium.org, fmalit...@chromium.org, marq+...@chromium.org, hsuregan+wa...@chromium.org, jiajunz+wa...@google.com, michaelchec...@google.com, omnibox-...@chromium.org, mac-r...@chromium.org, media-cro...@chromium.org, ios-revie...@chromium.org, ios-rev...@chromium.org, language...@chromium.org, khorimoto+w...@chromium.org and chrome-intelligence-te...@google.com from reviewers of this change.
Commit message
Add path validation to prevent NTLM leak in getFileSystemInfo
This CL adds validation in the browser process to reject network paths
provided to the getFileSystemInfo API, preventing outbound SMB connections
and potential NTLM leak in the unsandboxed utility process.
Fixed: 501857663
Change-Id: I85191565ad48d76375111b9fd1557d8bbb6c9766
Change diff
diff --git a/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc b/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
index 87f91d7..cd861c8 100644
--- a/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
+++ b/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
@@ -686,15 +686,23 @@
args());
EXTENSION_FUNCTION_VALIDATE(params);
- // Verify that all file paths are UTF8.
+ // Verify that all file paths are UTF8 and strictly local.
bool paths_are_all_utf8 = true;
+ bool paths_are_all_local = true;
for (const auto& api_options_param : params->request.options) {
if (!base::IsStringUTF8(api_options_param.path)) {
paths_are_all_utf8 = false;
break;
}
+ base::FilePath file_path =
+ base::FilePath::FromUTF8Unsafe(api_options_param.path);
+ if (file_path.IsNetwork()) {
+ paths_are_all_local = false;
+ break;
+ }
}
EXTENSION_FUNCTION_VALIDATE(paths_are_all_utf8);
+ EXTENSION_FUNCTION_VALIDATE(paths_are_all_local);
auto aggregation_request = CreateAggregationRequest(signal_name());
aggregation_request.file_system_signal_parameters =
Change information
Files:
- M chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
Change size: S
Delta: 1 file changed, 9 insertions(+), 1 deletion(-)
Related details
Attention is currently required from:
- Hamda Mare
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages