Bug 1468542 - Restrict acceptable bounds for i in nss_secutil; r=rstrong
authorJune Wilde <jewilde@mozilla.com>
Mon, 19 Nov 2018 20:57:50 +0200
changeset 447032 97613730a99f6156f256d351b5b7767b1d80a2b6
parent 447031 c376952fc91969b904b31cc0da568bb716cc17df
child 447033 4a979a79984c0d57b4139c9d965f2da9cb5b585d
push id35065
push userrmaries@mozilla.com
push dateMon, 19 Nov 2018 21:56:32 +0000
treeherdermozilla-central@bd4cebdbed4b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrstrong
bugs1468542
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1468542 - Restrict acceptable bounds for i in nss_secutil; r=rstrong Summary: Adds some missing braces on if structures Adds a check for i being larger or equal to nb Reviewers: rstrong Reviewed By: rstrong Bug #: 1468542 Differential Revision: https://phabricator.services.mozilla.com/D12193
modules/libmar/sign/nss_secutil.c
--- a/modules/libmar/sign/nss_secutil.c
+++ b/modules/libmar/sign/nss_secutil.c
@@ -102,30 +102,30 @@ GetPasswordString(void *arg, char *promp
     phrase[PORT_Strlen(phrase)-1] = 0;
   }
   return (char*) PORT_Strdup(phrase);
 }
 
 char *
 SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
 {
-  char* phrases, *phrase;
+  char *phrases, *phrase;
   PRFileDesc *fd;
   int32_t nb;
   char *pwFile = arg;
   int i;
   const long maxPwdFileSize = 4096;
-  char* tokenName = NULL;
+  char *tokenName = NULL;
   int tokenLen = 0;
 
   if (!pwFile)
     return 0;
 
   if (retry) {
-    return 0;  /* no good retrying - the files contents will be the same */
+    return 0; /* no good retrying - the files contents will be the same */
   }
 
   phrases = PORT_ZAlloc(maxPwdFileSize);
 
   if (!phrases) {
     return 0; /* out of memory */
   }
 
@@ -148,43 +148,48 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBo
 
   if (slot) {
     tokenName = PK11_GetTokenName(slot);
     if (tokenName) {
       tokenLen = PORT_Strlen(tokenName);
     }
   }
   i = 0;
-  do
-  {
+  do {
     int startphrase = i;
     int phraseLen;
 
     /* handle the Windows EOL case */
-    while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
+    while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb)
+      i++;
     /* terminate passphrase */
-    phrases[i++] = '\0';
+    if (i < nb) {
+      phrases[i++] = '\0';
+    }
     /* clean up any EOL before the start of the next passphrase */
-    while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
+    while ((i < nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
       phrases[i++] = '\0';
     }
     /* now analyze the current passphrase */
     phrase = &phrases[startphrase];
     if (!tokenName)
       break;
-    if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
+    if (PORT_Strncmp(phrase, tokenName, tokenLen))
+      continue;
     phraseLen = PORT_Strlen(phrase);
-    if (phraseLen < (tokenLen+1)) continue;
-    if (phrase[tokenLen] != ':') continue;
+    if (phraseLen < (tokenLen + 1))
+      continue;
+    if (phrase[tokenLen] != ':')
+      continue;
     phrase = &phrase[tokenLen+1];
     break;
 
-  } while (i<nb);
+  } while (i < nb);
 
-  phrase = PORT_Strdup((char*)phrase);
+  phrase = PORT_Strdup((char *)phrase);
   PORT_Free(phrases);
   return phrase;
 }
 
 char *
 SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
 {
     char prompt[255];