Bug 841569 - Cannot install image-uploader (fix handling of large filanames on b2g apps) r=bsmith
authorCamilo Viecco <cviecco@mozilla.com>
Thu, 16 May 2013 18:45:30 -0700
changeset 139296 cb242a1cccb23effd29535aaca919ecd4ad4c05c
parent 139295 ea25bacc8401084eb5b42cd104eada7ee1eca599
child 139351 32191193cbb220fa548723633375f61deb61c3f9
child 139355 8e524063308fe44832beac9402cbf4750dda9678
child 164327 c375e7bc34b3136095caaadd786d8b1eee98b1f8
push id3911
push userakeybl@mozilla.com
push dateMon, 24 Jun 2013 20:17:26 +0000
treeherdermozilla-aurora@7e26ca8db92b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmith
bugs841569
milestone24.0a1
Bug 841569 - Cannot install image-uploader (fix handling of large filanames on b2g apps) r=bsmith
security/manager/ssl/src/JARSignatureVerification.cpp
--- a/security/manager/ssl/src/JARSignatureVerification.cpp
+++ b/security/manager/ssl/src/JARSignatureVerification.cpp
@@ -196,24 +196,41 @@ VerifyEntryContentDigest(nsIZipReader * 
 
 // On input, nextLineStart is the start of the current line. On output,
 // nextLineStart is the start of the next line.
 nsresult
 ReadLine(/*in/out*/ const char* & nextLineStart, /*out*/ nsCString & line,
          bool allowContinuations = true)
 {
   line.Truncate();
+  size_t previousLength = 0;
+  size_t currentLength = 0;
   for (;;) {
     const char* eol = PL_strpbrk(nextLineStart, "\r\n");
 
     if (!eol) { // Reached end of file before newline
       eol = nextLineStart + strlen(nextLineStart);
     }
 
+    previousLength = currentLength;
     line.Append(nextLineStart, eol - nextLineStart);
+    currentLength = line.Length();
+
+    // The spec says "No line may be longer than 72 bytes (not characters)"
+    // in its UTF8-encoded form.
+    static const size_t lineLimit = 72;
+    if (currentLength - previousLength > lineLimit) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
+
+    // The spec says: "Implementations should support 65535-byte
+    // (not character) header values..."
+    if (currentLength > 65535) {
+      return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
+    }
 
     if (*eol == '\r') {
       ++eol;
     }
     if (*eol == '\n') {
       ++eol;
     }
 
@@ -240,24 +257,16 @@ ReadLine(/*in/out*/ const char* & nextLi
 #define JAR_MF_HEADER (const char*)"Manifest-Version: 1.0"
 #define JAR_SF_HEADER (const char*)"Signature-Version: 1.0"
 
 nsresult
 ParseAttribute(const nsAutoCString & curLine,
                /*out*/ nsAutoCString & attrName,
                /*out*/ nsAutoCString & attrValue)
 {
-  nsAutoCString::size_type len = curLine.Length();
-  if (len > 72) {
-    // The spec says "No line may be longer than 72 bytes (not characters)"
-    // in its UTF8-encoded form. This check also ensures that len < INT32_MAX,
-    // which is required below.
-    return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
-  }
-
   // Find the colon that separates the name from the value.
   int32_t colonPos = curLine.FindChar(':');
   if (colonPos == kNotFound) {
     return NS_ERROR_SIGNED_JAR_MANIFEST_INVALID;
   }
 
   // set attrName to the name, skipping spaces between the name and colon
   int32_t nameEnd = colonPos;