Bug 1059168 - B2G NFC: Make sure the techList and origin string won't overflow. r=smaug, a=bajaj
authorYoshi Huang <allstars.chh@mozilla.com>
Wed, 03 Sep 2014 18:09:43 +0800
changeset 224749 2f6dd0320bca89f8baebe11af5948fe212567a68
parent 224748 a91c5b4e960db815203b3f882f69a7866fc58887
child 224750 3878571e8dc0bc8ca4b3a7053e539649e57e51b2
push id3979
push userraliiev@mozilla.com
push dateMon, 13 Oct 2014 16:35:44 +0000
treeherdermozilla-beta@30f2cc610691 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, bajaj
bugs1059168
milestone34.0a2
Bug 1059168 - B2G NFC: Make sure the techList and origin string won't overflow. r=smaug, a=bajaj
dom/nfc/gonk/NfcGonkMessage.h
dom/nfc/gonk/NfcOptions.h
dom/nfc/gonk/NfcService.cpp
dom/webidl/MozNFCTag.webidl
dom/webidl/NfcOptions.webidl
--- a/dom/nfc/gonk/NfcGonkMessage.h
+++ b/dom/nfc/gonk/NfcGonkMessage.h
@@ -75,13 +75,14 @@ enum NfcErrorCode {
   FailEnableLowPowerMode = -30,
   FailDisableLowPowerMode = -31,
 };
 
 enum SecureElementOrigin {
   SIM = 0,
   ESE = 1,
   ASSD = 2,
+  OriginEndGuard = 3
 };
 
 } // namespace mozilla
 
 #endif // NfcGonkMessage_h
--- a/dom/nfc/gonk/NfcOptions.h
+++ b/dom/nfc/gonk/NfcOptions.h
@@ -78,34 +78,33 @@ struct CommandOptions
   int32_t mTechType;
   nsTArray<NDEFRecordStruct> mRecords;
 };
 
 struct EventOptions
 {
   EventOptions()
     : mType(EmptyString()), mStatus(-1), mSessionId(-1), mRequestId(EmptyString()), mMajorVersion(-1), mMinorVersion(-1),
-      mIsReadOnly(-1), mCanBeMadeReadOnly(-1), mMaxSupportedLength(-1), mPowerLevel(-1), mOrigin(EmptyString()),
+      mIsReadOnly(-1), mCanBeMadeReadOnly(-1), mMaxSupportedLength(-1), mPowerLevel(-1),
       mOriginType(-1), mOriginIndex(-1)
   {}
 
   nsString mType;
   int32_t mStatus;
   int32_t mSessionId;
   nsString mRequestId;
   int32_t mMajorVersion;
   int32_t mMinorVersion;
   nsTArray<uint8_t> mTechList;
   nsTArray<NDEFRecordStruct> mRecords;
   int32_t mIsReadOnly;
   int32_t mCanBeMadeReadOnly;
   int32_t mMaxSupportedLength;
   int32_t mPowerLevel;
 
-  nsString mOrigin;
   int32_t mOriginType;
   int32_t mOriginIndex;
   nsTArray<uint8_t> mAid;
   nsTArray<uint8_t> mPayload;
 };
 
 } // namespace mozilla
 
--- a/dom/nfc/gonk/NfcService.cpp
+++ b/dom/nfc/gonk/NfcService.cpp
@@ -1,46 +1,33 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "NfcService.h"
 #include <binder/Parcel.h>
 #include "mozilla/ModuleUtils.h"
 #include "mozilla/ClearOnShutdown.h"
+#include "mozilla/dom/NfcOptionsBinding.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/RootedDictionary.h"
 #include "nsAutoPtr.h"
 #include "nsString.h"
 #include "nsXULAppAPI.h"
+#include "NfcGonkMessage.h"
 #include "NfcOptions.h"
 
 #define NS_NFCSERVICE_CID \
   { 0x584c9a21, 0x4e17, 0x43b7, {0xb1, 0x6a, 0x87, 0xa0, 0x42, 0xef, 0xd4, 0x64} }
 #define NS_NFCSERVICE_CONTRACTID "@mozilla.org/nfc/service;1"
 
 using namespace android;
 using namespace mozilla::dom;
 using namespace mozilla::ipc;
 
-nsLiteralString NfcTechString[] = {
-  NS_LITERAL_STRING("NDEF"),
-  NS_LITERAL_STRING("NDEF_WRITEABLE"),
-  NS_LITERAL_STRING("NDEF_FORMATABLE"),
-  NS_LITERAL_STRING("P2P"),
-  NS_LITERAL_STRING("NFC_A"),
-  NS_LITERAL_STRING("NFC_B"),
-  NS_LITERAL_STRING("NFC_F"),
-  NS_LITERAL_STRING("NFC_V"),
-  NS_LITERAL_STRING("NFC_ISO_DEP"),
-  NS_LITERAL_STRING("MIFARE_CLASSIC"),
-  NS_LITERAL_STRING("MIFARE_ULTRALIGHT"),
-  NS_LITERAL_STRING("BARCODE")
-};
-
 static const nsLiteralString SEOriginString[] = {
   NS_LITERAL_STRING("SIM"),
   NS_LITERAL_STRING("ESE"),
   NS_LITERAL_STRING("ASSD")
 };
 
 namespace mozilla {
 
@@ -123,18 +110,19 @@ public:
       int length = mEvent.mTechList.Length();
       event.mTechList.Construct();
 
       if (!event.mTechList.Value().SetCapacity(length)) {
         return NS_ERROR_FAILURE;
       }
 
       for (int i = 0; i < length; i++) {
-        nsString& elem = *event.mTechList.Value().AppendElement();
-        elem = NfcTechString[mEvent.mTechList[i]];
+        NFCTechType tech = static_cast<NFCTechType>(mEvent.mTechList[i]);
+        MOZ_ASSERT(tech < NFCTechType::EndGuard_);
+        *event.mTechList.Value().AppendElement() = tech;
       }
     }
 
     if (mEvent.mRecords.Length() > 0) {
       int length = mEvent.mRecords.Length();
       event.mRecords.Construct();
       if (!event.mRecords.Value().SetCapacity(length)) {
         return NS_ERROR_FAILURE;
@@ -164,24 +152,22 @@ public:
       }
     }
 
     COPY_OPT_FIELD(mIsReadOnly, -1)
     COPY_OPT_FIELD(mCanBeMadeReadOnly, -1)
     COPY_OPT_FIELD(mMaxSupportedLength, -1)
 
     // HCI Event Transaction parameters.
-    int size = sizeof(SEOriginString) / sizeof(nsLiteralString);
-    // TODO: We need a map or something to more rigorously validate against
-    // Gonk Message header values from inside NfcService.
-    if ((mEvent.mOriginType != -1) && (mEvent.mOriginType < size)) {
-      mEvent.mOrigin.Assign(SEOriginString[mEvent.mOriginType]);
-      mEvent.mOrigin.AppendInt(mEvent.mOriginIndex, 16 /* radix */);
+    if (mEvent.mOriginType != -1) {
+      MOZ_ASSERT(mEvent.mOriginType < SecureElementOrigin::OriginEndGuard);
+
       event.mOrigin.Construct();
-      event.mOrigin.Value() = mEvent.mOrigin;
+      event.mOrigin.Value().Assign(SEOriginString[mEvent.mOriginType]);
+      event.mOrigin.Value().AppendInt(mEvent.mOriginIndex, 16 /* radix */);
     }
 
     if (mEvent.mAid.Length() > 0) {
       event.mAid.Construct();
       event.mAid.Value().Init(Uint8Array::Create(cx, mEvent.mAid.Length(), mEvent.mAid.Elements()));
     }
 
     if (mEvent.mPayload.Length() > 0) {
--- a/dom/webidl/MozNFCTag.webidl
+++ b/dom/webidl/MozNFCTag.webidl
@@ -4,28 +4,28 @@
  *
  * Part of this idl is from:
  * http://w3c.github.io/nfc/proposals/common/nfc.html#nfctag-interface
  *
  * Copyright © 2013 Deutsche Telekom, Inc.
  */
 
 enum NFCTechType {
+  "NDEF",
+  "NDEF_WRITABLE",
+  "NDEF_FORMATABLE",
+  "P2P",
   "NFC_A",
   "NFC_B",
-  "NFC_ISO_DEP",
   "NFC_F",
   "NFC_V",
-  "NDEF",
-  "NDEF_FORMATABLE",
+  "NFC_ISO_DEP",
   "MIFARE_CLASSIC",
   "MIFARE_ULTRALIGHT",
-  "NFC_BARCODE",
-  "P2P",
-  "UNKNOWN_TECH"
+  "NFC_BARCODE"
 };
 
 [JSImplementation="@mozilla.org/nfc/NFCTag;1", AvailableIn="CertifiedApps"]
 interface MozNFCTag {
   DOMRequest readNDEF();
   DOMRequest writeNDEF(sequence<MozNDEFRecord> records);
   DOMRequest makeReadOnlyNDEF();
 };
--- a/dom/webidl/NfcOptions.webidl
+++ b/dom/webidl/NfcOptions.webidl
@@ -30,24 +30,22 @@ dictionary NfcEventOptions
 
   long status;
   long sessionId;
   DOMString requestId;
 
   long majorVersion;
   long minorVersion;
 
-  sequence<DOMString> techList;
+  sequence<NFCTechType> techList;
   sequence<NDEFRecord> records;
 
   boolean isReadOnly;
   boolean canBeMadeReadOnly;
   long maxSupportedLength;
 
   long powerLevel;
 
   // HCI Event Transaction fields
   DOMString origin;
-  long originType;
-  long originIndex;
   Uint8Array aid;
   Uint8Array payload;
 };