Bug 1169890 - Check return values for CryptoBuffer.Assign() calls r=rbarnes
authorTim Taubert <ttaubert@mozilla.com>
Sat, 30 May 2015 08:28:45 +0200
changeset 278722 3d4cdf59f57f
parent 278721 571e6f0262a2
child 278723 49acc2446457
push id4932
push userjlund@mozilla.com
push dateMon, 10 Aug 2015 18:23:06 +0000
treeherdermozilla-beta@6dd5a4f5f745 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersrbarnes
bugs1169890
milestone41.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1169890 - Check return values for CryptoBuffer.Assign() calls r=rbarnes
dom/crypto/CryptoKey.cpp
dom/crypto/KeyAlgorithmProxy.h
dom/crypto/WebCryptoTask.cpp
--- a/dom/crypto/CryptoKey.cpp
+++ b/dom/crypto/CryptoKey.cpp
@@ -545,17 +545,19 @@ nsresult
 CryptoKey::PrivateKeyToPkcs8(SECKEYPrivateKey* aPrivKey,
                        CryptoBuffer& aRetVal,
                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
 {
   ScopedSECItem pkcs8Item(PK11_ExportDERPrivateKeyInfo(aPrivKey, nullptr));
   if (!pkcs8Item.get()) {
     return NS_ERROR_DOM_INVALID_ACCESS_ERR;
   }
-  aRetVal.Assign(pkcs8Item.get());
+  if (!aRetVal.Assign(pkcs8Item.get())) {
+    return NS_ERROR_DOM_OPERATION_ERR;
+  }
   return NS_OK;
 }
 
 nsresult
 PublicDhKeyToSpki(SECKEYPublicKey* aPubKey,
                   CERTSubjectPublicKeyInfo* aSpki)
 {
   SECItem* params = ::SECITEM_AllocItem(aSpki->arena, nullptr, 0);
@@ -642,17 +644,19 @@ CryptoKey::PublicKeyToSpki(SECKEYPublicK
     if (rv != SECSuccess) {
       return NS_ERROR_DOM_OPERATION_ERR;
     }
   }
 
   const SEC_ASN1Template* tpl = SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate);
   ScopedSECItem spkiItem(SEC_ASN1EncodeItem(nullptr, nullptr, spki, tpl));
 
-  aRetVal.Assign(spkiItem.get());
+  if (!aRetVal.Assign(spkiItem.get())) {
+    return NS_ERROR_DOM_OPERATION_ERR;
+  }
   return NS_OK;
 }
 
 SECItem*
 CreateECPointForCoordinates(const CryptoBuffer& aX,
                             const CryptoBuffer& aY,
                             PLArenaPool* aArena)
 {
@@ -1120,17 +1124,19 @@ CryptoKey::PublicDhKeyFromRaw(CryptoBuff
   return SECKEY_CopyPublicKey(key);
 }
 
 nsresult
 CryptoKey::PublicDhKeyToRaw(SECKEYPublicKey* aPubKey,
                             CryptoBuffer& aRetVal,
                             const nsNSSShutDownPreventionLock& /*proofOfLock*/)
 {
-  aRetVal.Assign(&aPubKey->u.dh.publicValue);
+  if (!aRetVal.Assign(&aPubKey->u.dh.publicValue)) {
+    return NS_ERROR_DOM_OPERATION_ERR;
+  }
   return NS_OK;
 }
 
 SECKEYPublicKey*
 CryptoKey::PublicECKeyFromRaw(CryptoBuffer& aKeyData,
                               const nsString& aNamedCurve,
                               const nsNSSShutDownPreventionLock& /*proofOfLock*/)
 {
--- a/dom/crypto/KeyAlgorithmProxy.h
+++ b/dom/crypto/KeyAlgorithmProxy.h
@@ -104,45 +104,53 @@ struct KeyAlgorithmProxy
   {
     mType = HMAC;
     mName = NS_LITERAL_STRING(WEBCRYPTO_ALG_HMAC);
     mHmac.mName = NS_LITERAL_STRING(WEBCRYPTO_ALG_HMAC);
     mHmac.mLength = aLength;
     mHmac.mHash.mName = aHashName;
   }
 
-  void
+  bool
   MakeRsa(const nsString& aName, uint32_t aModulusLength,
          const CryptoBuffer& aPublicExponent, const nsString& aHashName)
   {
     mType = RSA;
     mName = aName;
     mRsa.mName = aName;
     mRsa.mModulusLength = aModulusLength;
     mRsa.mHash.mName = aHashName;
-    mRsa.mPublicExponent.Assign(aPublicExponent);
+    if (!mRsa.mPublicExponent.Assign(aPublicExponent)) {
+      return false;
+    }
+    return true;
   }
 
   void
   MakeEc(const nsString& aName, const nsString& aNamedCurve)
   {
     mType = EC;
     mName = aName;
     mEc.mName = aName;
     mEc.mNamedCurve = aNamedCurve;
   }
 
-  void
+  bool
   MakeDh(const nsString& aName, const CryptoBuffer& aPrime,
          const CryptoBuffer& aGenerator)
   {
     mType = DH;
     mName = aName;
     mDh.mName = aName;
-    mDh.mPrime.Assign(aPrime);
-    mDh.mGenerator.Assign(aGenerator);
+    if (!mDh.mPrime.Assign(aPrime)) {
+      return false;
+    }
+    if (!mDh.mGenerator.Assign(aGenerator)) {
+      return false;
+    }
+    return true;
   }
 };
 
 } // namespace dom
 } // namespace mozilla
 
 #endif // mozilla_dom_KeyAlgorithmProxy_h
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@@ -1598,17 +1598,19 @@ private:
       }
     } else {
       // Invalid key format
       return NS_ERROR_DOM_SYNTAX_ERR;
     }
 
     // Extract relevant information from the public key
     mModulusLength = 8 * pubKey->u.rsa.modulus.len;
-    mPublicExponent.Assign(&pubKey->u.rsa.publicExponent);
+    if (!mPublicExponent.Assign(&pubKey->u.rsa.publicExponent)) {
+      return NS_ERROR_DOM_OPERATION_ERR;
+    }
 
     return NS_OK;
   }
 
   virtual nsresult AfterCrypto() override
   {
     // Check permissions for the requested operation
     if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
@@ -1623,18 +1625,20 @@ private:
            mKey->HasUsageOtherThan(CryptoKey::VERIFY)) ||
           (mKey->GetKeyType() == CryptoKey::PRIVATE &&
            mKey->HasUsageOtherThan(CryptoKey::SIGN))) {
         return NS_ERROR_DOM_DATA_ERR;
       }
     }
 
     // Set an appropriate KeyAlgorithm
-    mKey->Algorithm().MakeRsa(mAlgName, mModulusLength,
-                              mPublicExponent, mHashName);
+    if (!mKey->Algorithm().MakeRsa(mAlgName, mModulusLength,
+                                   mPublicExponent, mHashName)) {
+      return NS_ERROR_DOM_OPERATION_ERR;
+    }
 
     if (mDataIsJwk && !JwkCompatible(mJwk, mKey)) {
       return NS_ERROR_DOM_DATA_ERR;
     }
 
     return NS_OK;
   }
 };
@@ -1874,17 +1878,19 @@ private:
 
   virtual nsresult AfterCrypto() override
   {
     // Check permissions for the requested operation
     if (mKey->HasUsageOtherThan(CryptoKey::DERIVEBITS | CryptoKey::DERIVEKEY)) {
       return NS_ERROR_DOM_DATA_ERR;
     }
 
-    mKey->Algorithm().MakeDh(mAlgName, mPrime, mGenerator);
+    if (!mKey->Algorithm().MakeDh(mAlgName, mPrime, mGenerator)) {
+      return NS_ERROR_DOM_OPERATION_ERR;
+    }
     return NS_OK;
   }
 };
 
 class ExportKeyTask : public WebCryptoTask
 {
 public:
   ExportKeyTask(const nsAString& aFormat, CryptoKey& aKey)
@@ -2206,24 +2212,30 @@ public:
       nsString hashName;
       mEarlyRv = GetAlgorithmName(aCx, params.mHash, hashName);
       if (NS_FAILED(mEarlyRv)) {
         mEarlyRv = NS_ERROR_DOM_SYNTAX_ERR;
         return;
       }
 
       // Create algorithm
-      mKeyPair.mPublicKey.get()->Algorithm().MakeRsa(algName,
-                                                     modulusLength,
-                                                     publicExponent,
-                                                     hashName);
-      mKeyPair.mPrivateKey.get()->Algorithm().MakeRsa(algName,
-                                                      modulusLength,
-                                                      publicExponent,
-                                                      hashName);
+      if (!mKeyPair.mPublicKey.get()->Algorithm().MakeRsa(algName,
+                                                          modulusLength,
+                                                          publicExponent,
+                                                          hashName)) {
+        mEarlyRv = NS_ERROR_DOM_OPERATION_ERR;
+        return;
+      }
+      if (!mKeyPair.mPrivateKey.get()->Algorithm().MakeRsa(algName,
+                                                           modulusLength,
+                                                           publicExponent,
+                                                           hashName)) {
+        mEarlyRv = NS_ERROR_DOM_OPERATION_ERR;
+        return;
+      }
       mMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
 
       // Set up params struct
       mRsaParams.keySizeInBits = modulusLength;
       bool converted = publicExponent.GetBigIntValue(mRsaParams.pe);
       if (!converted) {
         mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
         return;
@@ -2263,18 +2275,28 @@ public:
       // Set up params.
       if (!prime.ToSECItem(mArena, &mDhParams.prime) ||
           !generator.ToSECItem(mArena, &mDhParams.base)) {
         mEarlyRv = NS_ERROR_DOM_UNKNOWN_ERR;
         return;
       }
 
       // Create algorithm.
-      mKeyPair.mPublicKey.get()->Algorithm().MakeDh(algName, prime, generator);
-      mKeyPair.mPrivateKey.get()->Algorithm().MakeDh(algName, prime, generator);
+      if (!mKeyPair.mPublicKey.get()->Algorithm().MakeDh(algName,
+                                                         prime,
+                                                         generator)) {
+        mEarlyRv = NS_ERROR_DOM_OPERATION_ERR;
+        return;
+      }
+      if (!mKeyPair.mPrivateKey.get()->Algorithm().MakeDh(algName,
+                                                          prime,
+                                                          generator)) {
+        mEarlyRv = NS_ERROR_DOM_OPERATION_ERR;
+        return;
+      }
       mMechanism = CKM_DH_PKCS_KEY_PAIR_GEN;
     } else {
       mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
       return;
     }
 
     // Set key usages.
     if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
@@ -2784,17 +2806,19 @@ private:
     // If wrapping JWK, stringify the JSON
     if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) {
       nsAutoString json;
       if (!mJwk.ToJSON(json)) {
         return NS_ERROR_DOM_OPERATION_ERR;
       }
 
       NS_ConvertUTF16toUTF8 utf8(json);
-      mResult.Assign((const uint8_t*) utf8.BeginReading(), utf8.Length());
+      if (!mResult.Assign((const uint8_t*) utf8.BeginReading(), utf8.Length())) {
+        return NS_ERROR_DOM_OPERATION_ERR;
+      }
     }
 
     return NS_OK;
   }
 
   virtual void Resolve() override
   {
     mTask->SetData(mResult);