Bug 302342

Summary: KWebView with remote file url causes endless KIO redirections when kde-runtime is built without samba libraries
Product: [Unmaintained] kdelibs Reporter: Andre Heinecke <aheinecke>
Component: kdewebkitAssignee: webkit-devel
Status: RESOLVED WORKSFORME    
Severity: normal CC: adawit, grote, ps_ml
Priority: NOR Keywords: triaged
Version: 4.9-Git   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: All   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Test exposing the problem
Manipulated html mail triggering the problem
proposed patch

Description Andre Heinecke 2012-06-22 10:18:53 UTC 
Afaik this bug is not really about kio and mroe about KWebView and KIO. 

I first experienced this bug after switching to Qt4.8 on Windows. There were some "remote" file links in the kontact about screen.
   <img src=file://c/program files/foo/bar/foo.png/> for example. 
Notice that in that case c is detected as a host. This caused an endless loop of kio jobs redirecting to smb and back to local and to smb again.
I could not reproduce this bug by using the kio tests. They redirected once to smb, could not find the file and exited. So i've appended another / to the file:// call and now it does not happen anymore on windows, but with that additional / it now happens on Linux.

This is the debug output that is looped:
KWebPageTest_Gui(6386)/kio (KIOJob) KIO::StatJobPrivate::slotRedirection: KUrl("file://foo") -> KUrl("smb://foo")
KWebPageTest_Gui(6386)/kio (Scheduler) KIO::SchedulerPrivate::jobFinished: KIO::StatJob(0x2446dc0) KIO::Slave(0x23930b0)
KWebPageTest_Gui(6386)/kio (Scheduler) KIO::SchedulerPrivate::doJob: KIO::SimpleJob(0x2402000)
kio_file(6213) FileProtocol::stat: redirecting to  "smb://foo"

I'm clueless how the interaction between KIO and KWebView works. Please see my attached test case that exposes the problem.

Reproducible: Always

Steps to Reproduce:
See attached test case
Actual Results:  
Endless kio activity

Expected Results:  
Should exit when not finding the file
Comment 1 Andre Heinecke 2012-06-22 10:22:04 UTC 
Created attachment 72039 [details]
Test exposing the problem
Comment 2 Andre Heinecke 2012-07-11 17:28:16 UTC 
Created attachment 72458 [details]
Manipulated html mail triggering the problem

While this bug does only occur on invalid file urls. Which probably don't occur in the code for Linux. Even on Linux systems this opens a vulnerability to manipulated mails as the one that i have attached.
You need the setting "prefer html over plain text" then viewing the attached Message in KMail triggers the bug.
Comment 3 Andre Heinecke 2012-07-17 16:18:34 UTC 
Just updated my builds to current master and noticed that i did not had the samba client libraries installed for kde-runtime. With them this problem does not occur.
Still needs to be fixed but now I understand why this does not happen more often.
Comment 4 Patrick Spendrin 2012-08-05 11:21:58 UTC 
This is reproduceable on msvc.
Comment 5 Nico Kruber 2013-12-09 03:38:09 UTC 
Git commit d177fd620dd7a7eea9e85d7cbc64e7bb12913667 by Nico Kruber.
Committed on 09/12/2013 at 03:33.
Pushed by nkruber into branch 'kde-4.12'.

kdepim: update patches and re-apply a fix reverted upstream

please check whether the fix_introduction_screen.diff patch is really still needed or whether it has been fixed otherwise in the meantime

A  +25   -0    portage/kde/kdepim/0001-fixed-windows-x64-build.patch
M  +27   -27   portage/kde/kdepim/fix_introduction_screen.diff
M  +4    -9    portage/kde/kdepim/kdepim-20080202.py
D  +0    -36   portage/kde/kdepim/kdepim-4.10.0.diff
D  +0    -56   portage/kde/kdepim/kdepim-app-icons.diff

http://commits.kde.org/emerge/d177fd620dd7a7eea9e85d7cbc64e7bb12913667
Comment 6 Dawit Alemayehu 2013-12-21 16:33:47 UTC 
Created attachment 84216 [details]
proposed patch

Can you try the attached patch and see if it resolves the issue for you? I purposefully avoided adding KDE's local schemes to QWebSecurityOrigin, but in hind sight I should have and let applications remove the local protocols they want to allow.
Comment 7 Dawit Alemayehu 2013-12-21 16:34:29 UTC 
See comment #6.
Comment 8 Andrew Crouthamel 2018-09-25 03:42:07 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days, the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please set the bug status as REPORTED so that the KDE team knows that the bug is ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 9 Andrew Crouthamel 2018-10-27 04:20:56 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information.

For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!