+++ This bug was initially created as a clone of Bug #1412081 +++ (In reply to Richard Pospesel (Tor Browser Dev) from Bug 1412081 comment #125) > Yeah so the issue here is that sWhitelist is only populated after a call to > PathWhitelist(). The various directories are whitelisted during firefox > init (and sWhitelist is populated) in AllowUNCDirectory(char const*) by way > of InitDirectoriesWhitelist(). However, the call to PathWhitelist() does > not occur until the end of AllowUNCDirectory(), and only if the directory > resolves to an SMB path (ie, begins with \\). So, unless one of the special > dirs live on an SMB share, sWhitelist will never be populated, and the call > to IsBlockedUNCPath() will always early out due to the !sWhiteList check. > > The !sWhitelist check should be removed, since the underlying pointer is > never accessed directly, and always through the PathWhitelist() > getter/initializer.

Comment on attachment 9000184 [details] Bug 1483377 - Use static array for FilePreferences whitelist instead of StaticAutoPtr r=mayhemer Honza Bambas (:mayhemer) has approved the revision.

Comment on attachment 9000184 [details] Bug 1483377 - Use static array for FilePreferences whitelist instead of StaticAutoPtr r=mayhemer [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is required to completely fix TOR bug 1413868. User impact if declined: Users using TOR and smb may be deanonymized. Fix Landed on Version: This patch matches what is already on mozilla-central (mozilla63). The patch that got uplifted to ESR had this small difference which triggers the bug. Risk to taking this patch (and alternatives if risky): Very low risk. It brings the ESR version in line with what is already on m-c and plugs the corner case for TOR. String or UUID changes made by this patch: None.

Confirmed with Valentin over IRC that this is an esr60-only issue.

Comment on attachment 9000184 [details] Bug 1483377 - Use static array for FilePreferences whitelist instead of StaticAutoPtr r=mayhemer Follow-up fix to get ESR60 in sync with the patches that landed on 62+. Approved for ESR 60.2.