Edge crashes when opening files (.pdf, .html etc) from UNC path if it does not have 'List Directory' permission to every parent folder.

Fixed Issue #16446148

Details

Author
Steven E.
Created
Mar 18, 2018
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
16.16299
Reports
Reported by 2 people

Sign in to watch or report this issue.

Steps to reproduce

When attempting to open a PDF or HTML file from a UNC path (for example, \Server\Share$\Folder), Edge will crash if it does not have List Directory permission to the share and every child folder to the destination path. In our organisation we use redirected user folders to home drive, and the user has traverse permission on every folder until their home folder (which they have full permission to). This is sufficient for Internet Explorer, Chrome and Firefox to load files from the UNC path, but not for Edge. As a workaround we had to add list folder permission to the child folders, but we do not want our users to be able to browse those shares and folders.

Attachments

Comments and activity

  • Issue is still present in Win10 1803 (Edge version 11.0.17127.1)

  • Microsoft Edge Team

    Changed Assigned To to “Steven K.”

    Changed Assigned To to “wprpprtri”

    Changed Assigned To to “Vidya N.”

    Changed Assigned To to “Venkat K.”

    Changed Status to “Confirmed”

    Changed Assigned To from “Venkat K.” to “Steve B.”

    Changed Status from “Confirmed” to “Needs root cause”

    Changed Assigned To to “Dave B.”

    Changed Assigned To from “Dave B.” to “Bruce M.”

    Changed Assigned To from “Bruce M.” to “Mara P.”

    Changed Assigned To from “Mara P.” to “Navin A.”

  • Hi Steven,

    I tried to reproduce this in 17134.167 and was not able to.  Have you tested this in a recent release?  If not, will you and let us know?

    I created the following structure:
    C:\code\share\level1\level2\level3\d3.pdf

    Created a network share for:
    C:\code\share.

    Then I added a DACL to deny folder listing on level2.
    get-acl -Path “C:\code\share\level1\level2” | Format-List -Property Access, Sddl

    D:AI(D;CI;CCSWWPLORC;;;WD)

    I was able to open the d3.pdf file by pasting the share into Edge’s address bar:
    \HOSTNAME\share\level1\level2\level3\d3.pdf

    Steve

  • I am still able to produce this on 17134.167 and 17134.191, but after some more testing it only appears to happen with a redirected user profile. I am able to open PDFs and HTML files from a \Server\Share\DeniedListFolder\FullPermissionsFolder when it is just a mapped drive or browsing the share manually, but when it is mapped to H: with folders redirected this no longer works.

    My repro steps:

    Environment:
    Server 2016 Core File Server (10.0.14393.2339)
    Server 2016 Core Domain Controllers (10.0.14393.2339)

    Test user in our AD (testuser), home drive path mapped to H: “\FS01\Students$\Year 12\testuser”
    https://i.imgur.com/l1rFgaT.png

    testuser part of following groups:
    Domain Users
    Students
    Year 12
    https://i.imgur.com/PUKp13k.png

    testuser has full permissions to own user folder. (https://i.imgur.com/j6NXey4.png).

    Login as ‘testuser’ with folder redirections in place via GPO (https://i.imgur.com/izOlasq.png), and no deny entry for ‘list folder’ - PDF works (https://i.imgur.com/3qf2dJI.png)

    Add deny ‘List folder’ permission for ‘Students’ group on ‘Year 12’ folder or ‘Students$’ share (individual user also reproduces this - https://i.imgur.com/GfhPQeE.png)

    Login again test user. Folder redirections still in place. Attempting to open a PDF from any location on H: results in the original error provided. Sometimes trying to launch them will produce ‘File system error -2147219196’ (screenshot https://i.imgur.com/5fQk1pj.png), and then attempting to re-launch it will just produce the original error again (Edge instantly closes after opening).

    Let me know if I can provide any more info.

  • Through more testing I am also able to get the following error when opening some PDFs from redirected user profile:

    https://i.imgur.com/QASekJD.png

  • Hi Steven,

    Appreciate the update and details.  Does Edge still crash in all scenarios?  If not, will you specify which test caused a crash and which returned the "Error Code: INET_E_DATA_NOT_AVAILABLE"/ms-appx-web results?

    Also interested in what client OS versions you are using.  I.e. which client produced this image? https://i.imgur.com/5fQk1pj.png

    Can you verify the image added for this statement:

    "Add deny ‘List folder’ permission for ‘Students’ group on ‘Year 12’ folder or ‘Students$’ share (individual user also reproduces this - https://i.imgur.com/GfhPQeE.png)"

    I am seeing the same error as you most recently posted (

    https://i.imgur.com/QASekJD.png).  This is 
    when using a mapped shared drive on a remote computer.  Creating a mapped share on the same machine does not cause the issue.

    Steve

  • Microsoft Edge Team

    Changed Assigned To to “Dave B.”

    Changed Assigned To from “Dave B.” to “Bruce M.”

  • Okay so I did a bit more testing, and I am able to consistently reproduce this. I tested with a PDF I created in MS Word, and was able to open this PDF even from a network share on our file server with deny ‘list folder’ permissions in place. I then tried other PDFs and was unable to open them.

    As these other PDF files I was testing were downloaded from the Internet (or our local Intranet), and the files were ‘blocked’ as they originated from an external location (https://i.imgur.com/5kRgWNV.png). When ‘list folder’ permission is allowed, these files will open in Edge fine even with the block status on them. After adding the deny list folder permission, I can no longer open them in Edge. However, if I right-click these PDFs and tick Unblock, I am then able to open them in Edge with list folder deny permission in place.

    It appears that the combination of having the file originating from an external location, and having deny list folder permission on the path causes Edge to display this error (I can consistently make it display the last one I posted). Different PDFs however will cause the instant crash, and others will cause “unable to reach this page” (https://i.imgur.com/QASekJD.png). It seems random on which PDF will produce which error.

    It might also be worth noting that we have Microsoft Edge SmartScreen disabled in our environment via GP. I also tried opening these PDFs with SmartScreen in Edge enabled and get the exact same results, so I don’t believe SmartScreen to be part of the problem.

  • Sorry for the flood of posts, but I have also found some more details from testing. Unblocked PDFs still will not open when attempting to open them from different locations in a redirected user profile.

    Here’s the following results I got:
    Open unblocked TestPDF.pdf from redirected desktop (H:\Desktop) - File system error (-2147219196).
    Copy and paste TestPDF to Documents, Desktop, Downloads and Pictures and unblock the file - all folders redirected to H:.
    Open TestPDF from Desktop (H:\Desktop) - File system error (-2147219196)
    Open TestPDF from redirected Documents folder (H:) - Instant crash, with original event viewer error.
    Open TestPDF from redirected Downloads (H:\Downloads) folder - opens fine.
    Open TestPDF from redirected Pictures (H:\Pictures) - opens fine.

  • Microsoft Edge Team

    Changed Assigned To from “Bruce M.” to “Deepak A.”

    Changed Status from “Needs root cause” to “Confirmed”

  • Keep the flood coming.  :-)

    Your updates are very helpful.

    I am curious about the two different error conditions you are seeing with different PDF files.  Can you provide two PDF files so that we can reproduce each error?  You can pre-pend "private-" to the files so only Microsoft can see them or you can e-mail them to me.

    Steve

  • A way to source the root cause of this issue much faster is if you could collect a crash dump.  The instructions for how to do that are below.  This would be very helpful.  :)

         

    Download
    Debug Diagnostic Tool v1.2 from
    https://www.microsoft.com/en-us/download/details.aspx?id=26798

    2)   

    Launch
    Edge and navigate to any URL. 
    E.g. Microsoft.com

    3)   

    Open
    Task manager to get the process id for that specific process. 
    I.e. the one that is showing the URL used
    above

    4)   

    Once
    installed open “DebugDiag 2 Collection”

    5)   

    Click
    the “Add Rule…” button

    6)   

    Select
    the rule type ‘Crash’ and click next.

    7)   

    Under
    Select target type select ‘

    A
    specific process’
    and
    click next.

    8)   

    Select
    the process with the process id found above. 

    Should be named “MicrosoftEdgeCP.exe”. 

    Click next.

    9)   

    Under
    “Action type for unconfigured first chance exceptions” select “Mini Userdump”

    10) 

    Under “Action limit for unconfigured
    first chance exceptions” enter “10”

    11) 

    Change or make a note of the path for
    the dump files and click next.

    12) 

    Click Finish to activate the rule.

    13) 

    Get the URL/Path for the file to open
    and paste it in Edge’s address bar. 
    (I
    believe this should reproduce the issue.)

    Once you
    have reproduced the crash open locate the file ending in ‘.dmp’. Please
    compress (zip) this ‘.dmp’ file(s) and attach it to this ticket.

    Steve

  • I’m having difficulty reproducing the instant crash & file system errors with the PDFs I was testing before, I’m not sure what has changed. It’s still getting the DNS error screen though, so I attached a dump file for the Edge process while browsing to the PDF.

    If I can get the original crashes happening I’ll attach dump files for them too.

    I also attached the two PDfs I’m testing with. One is unblocked and one is blocked, although I imagine if you download the PDFs both will be blocked for you.

  • Also, I forgot to upload the dump file zip as private, if you’re able to change that for me please :)

  • Microsoft Edge Team

    Changed Status from “Confirmed” to “Needs root cause”

    Changed Assigned To to “Ivan P.”

    Changed Assigned To from “Ivan P.” to “Brian S.”

    Changed Status from “Needs root cause” to “Confirmed”

  •   Steven - I’d like to get to the bottom of the DNS issue.   Can you please grab repro logs.  From admin cmd prompt:

    ·        

    netsh trace start
    scenario=InternetClient_dbg capture=yes 

    ·        

    <repro>

    ·        

    netsh trace stop

    Send us those logs.  Thanks

  • Uploaded the netsh trace

    private-NetTrace.zip

  • Steven- what exact URL were you trying to access in the latest InternetClient_dbg capture?  Did it repro the DNS error message?

  • Microsoft Edge Team

    Changed Assigned To from “Brian S.” to “Vyankatesh G.”

    Changed Status from “Confirmed” to “Needs root cause”

    Changed Status from “Needs root cause” to “Confirmed”

    Changed Assigned To from “Vyankatesh G.” to “Jim F.”

    Changed Status from “Confirmed” to “Needs root cause”

    Changed Status from “Needs root cause” to “Fixed”

    Changed Assigned To to “Jim F.”

    Changed Status from “Fixed” to “Needs root cause”

    Changed Status from “Needs root cause” to “Fixed”

You need to sign in to your Microsoft account to add a comment.

Sign in