Bug 1064320 - NSC_Encrypt returns uninitialised garbage which is handed onwards to realloc. r=dkeeler, a=sledru
authorRichard Barnes <rbarnes@mozilla.com>
Wed, 01 Oct 2014 15:19:13 -0400
changeset 216897 a4529d1ee29c
parent 216896 3f58f21ebcf6
child 216898 605fa4c6a84d
push id3959
push userryanvm@gmail.com
push date2014-10-01 19:28 +0000
treeherdermozilla-beta@6326278b28ac [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler, sledru
bugs1064320
milestone33.0
Bug 1064320 - NSC_Encrypt returns uninitialised garbage which is handed onwards to realloc. r=dkeeler, a=sledru
dom/crypto/WebCryptoTask.cpp
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@@ -768,17 +768,20 @@ private:
               mData.Elements(), mData.Length(),
               nullptr));
     } else {
       uint32_t outLen;
       rv = MapSECStatus(PK11_PrivDecryptPKCS1(
               mPrivKey.get(), mResult.Elements(),
               &outLen, mResult.Length(),
               mData.Elements(), mData.Length()));
-      mResult.SetLength(outLen);
+
+      if (NS_SUCCEEDED(rv)) {
+        mResult.SetLength(outLen);
+      }
     }
 
     NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
     return NS_OK;
   }
 };
 
 class RsaOaepTask : public ReturnArrayBufferViewTask,
@@ -895,36 +898,36 @@ private:
     oaepParams.mgf = mMgfMechanism;
     oaepParams.hashAlg = mHashMechanism;
 
     SECItem param;
     param.type = siBuffer;
     param.data = (unsigned char*) &oaepParams;
     param.len = sizeof(oaepParams);
 
-    uint32_t outLen;
+    uint32_t outLen = 0;
     if (mEncrypt) {
       // PK11_PubEncrypt() checks the plaintext's length and fails if it is too
       // long to encrypt, i.e. if it is longer than (k - 2hLen - 2) with 'k'
       // being the length in octets of the RSA modulus n and 'hLen' being the
       // output length in octets of the chosen hash function.
       // <https://tools.ietf.org/html/rfc3447#section-7.1>
       rv = MapSECStatus(PK11_PubEncrypt(
              mPubKey.get(), CKM_RSA_PKCS_OAEP, &param,
              mResult.Elements(), &outLen, mResult.Length(),
              mData.Elements(), mData.Length(), nullptr));
     } else {
       rv = MapSECStatus(PK11_PrivDecrypt(
              mPrivKey.get(), CKM_RSA_PKCS_OAEP, &param,
              mResult.Elements(), &outLen, mResult.Length(),
              mData.Elements(), mData.Length()));
     }
-    mResult.SetLength(outLen);
+    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
 
-    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
+    mResult.SetLength(outLen);
     return NS_OK;
   }
 };
 
 class HmacTask : public WebCryptoTask
 {
 public:
   HmacTask(JSContext* aCx, const ObjectOrString& aAlgorithm,