TaintLess: Insecure updates taint the Objective Tracker
Calling ObjectiveTracker_Update from an insecure execution path taints the objective tracker until the interface is reloaded. When the tracker is tainted, LFG group creation through it may fail, and future calls to ObjectiveTracker_Update may taint the execution, causing e.g. EditModeManager to taint other registered systems.
Status: ¯\_(ツ)_/¯ (11.0 rewrites portions of the objective tracker).
To reproduce
- Run the following macro:
Ordinarily, addons would not call this function directly, but may taint one of paths leading to such a call in FrameXML.Patch 10.0.2
/run ObjectiveTracker_Update()
- ObjectiveTrackerFrame
.isOnLeftSideOfScreen is tainted. - To check LFG impact:
- Collapse and expand the Quests tracking category.
- Click on a "Find Group" LFG button next to a group quest, then click "Start a group".
Interface action failed because of an AddOn:Interface/FrameXML/LFGList.lua:2118 An action was blocked because of taint from *** ForceTaint_Strong *** - CreateListing() Interface/FrameXML/LFGList.lua:1056 LFGListEntryCreation_ListGroupInternal() Interface/FrameXML/LFGList.lua:1118 LFGListEntryCreation_CheckAutoCreate() Interface/FrameXML/LFGList.lua:659 LFGListEntryCreation_Show() Interface/FrameXML/LFGList.lua:2118
- To check EditMode impact:
- Enter and exit Edit Mode.
MainMenuBar.flyoutDirection is tainted at this point. - Change action bar pages (e.g. /changeactionbar 2).
ActionButton1.action is tainted at this point. - Trigger any ability using the main action bar.
*** ForceTaint_Strong *** has been blocked from an action only available to the Blizzard UI. You can disable this addon and reload the UI.Interface/FrameXML/ActionButton.lua:1071 UpdateFlyout() An action was blocked because of taint from *** ForceTaint_Strong *** - UseAction() Interface/FrameXML/SecureTemplates.lua:364 handler() Interface/FrameXML/SecureTemplates.lua:690 PerformAction() Interface/FrameXML/SecureTemplates.lua:704 OnActionButtonClick() Interface/FrameXML/SecureTemplates.lua:746 SecureActionButton_OnClick() Interface/FrameXML/ActionButton.lua:109 TryUseActionButton() Interface/FrameXML/ActionButton.lua:144 ActionButtonDown() ACTIONBUTTON3:2
- Enter and exit Edit Mode.
AddOn workaround
This issue is mitigated by TaintLess.