Bug 1064320 - NSC_Encrypt returns uninitialised garbage which is handed onwards to realloc
authorRichard Barnes <rbarnes@mozilla.com>
Tue, 30 Sep 2014 17:43:49 -0400
changeset 208064 b87e4ed4ffc6b6845fa52a0e73009c8f0fc16cb6
parent 208063 8b60d032183b15c072a2ae12687ebbcf63ccf7b0
child 208065 e3b4b545dace5618b59b9925a1d1d9e0b35bad85
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
bugs1064320
milestone35.0a1
Bug 1064320 - NSC_Encrypt returns uninitialised garbage which is handed onwards to realloc
dom/crypto/WebCryptoTask.cpp
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@@ -819,36 +819,36 @@ private:
     oaepParams.mgf = mMgfMechanism;
     oaepParams.hashAlg = mHashMechanism;
 
     SECItem param;
     param.type = siBuffer;
     param.data = (unsigned char*) &oaepParams;
     param.len = sizeof(oaepParams);
 
-    uint32_t outLen;
+    uint32_t outLen = 0;
     if (mEncrypt) {
       // PK11_PubEncrypt() checks the plaintext's length and fails if it is too
       // long to encrypt, i.e. if it is longer than (k - 2hLen - 2) with 'k'
       // being the length in octets of the RSA modulus n and 'hLen' being the
       // output length in octets of the chosen hash function.
       // <https://tools.ietf.org/html/rfc3447#section-7.1>
       rv = MapSECStatus(PK11_PubEncrypt(
              mPubKey.get(), CKM_RSA_PKCS_OAEP, &param,
              mResult.Elements(), &outLen, mResult.Length(),
              mData.Elements(), mData.Length(), nullptr));
     } else {
       rv = MapSECStatus(PK11_PrivDecrypt(
              mPrivKey.get(), CKM_RSA_PKCS_OAEP, &param,
              mResult.Elements(), &outLen, mResult.Length(),
              mData.Elements(), mData.Length()));
     }
+    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
+
     mResult.SetLength(outLen);
-
-    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
     return NS_OK;
   }
 };
 
 class HmacTask : public WebCryptoTask
 {
 public:
   HmacTask(JSContext* aCx, const ObjectOrString& aAlgorithm,