Bug 1439632 - Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI r=mayhemer
authorValentin Gosu <valentin.gosu@gmail.com>
Sat, 14 Apr 2018 00:10:40 +0200
changeset 414661 b4b2f2f22ab8ac18352e6b0ca7eb7efe3c6a9d60
parent 414660 3f4820437c251785a27a590584ca5e5749314ef7
child 414662 1b366ada7c5dd408e6053a61cf3b729e8d397605
push id33875
push userdluca@mozilla.com
push dateFri, 20 Apr 2018 22:59:03 +0000
treeherdermozilla-central@e166407fe8b0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer
bugs1439632
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1439632 - Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI r=mayhemer MozReview-Commit-ID: LaHHo3A2xvk
netwerk/base/nsStandardURL.cpp
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -1794,16 +1794,24 @@ nsStandardURL::SetUsername(const nsACStr
 
 nsresult
 nsStandardURL::SetPassword(const nsACString &input)
 {
     ENSURE_MUTABLE();
 
     const nsPromiseFlatCString &password = PromiseFlatCString(input);
 
+    auto clearedPassword = MakeScopeExit([&password, this]() {
+        // Check that if this method is called with the empty string then the
+        // password is definitely cleared when exiting this method.
+        if (password.IsEmpty()) {
+            MOZ_DIAGNOSTIC_ASSERT(this->Password().IsEmpty());
+        }
+    });
+
     LOG(("nsStandardURL::SetPassword [password=%s]\n", password.get()));
 
     if (mURLType == URLTYPE_NO_AUTHORITY) {
         if (password.IsEmpty())
             return NS_OK;
         NS_WARNING("cannot set password on no-auth url");
         return NS_ERROR_UNEXPECTED;
     }