Bug 1484984 - Avoid writing past the logical length of a string in networking code. r=valentin
authorHenri Sivonen <hsivonen@hsivonen.fi>
Tue, 21 Aug 2018 14:20:48 +0000
changeset 487761 b51649c81fb203be12c9ce8f1ac0052f6f950e86
parent 487760 4f7d58a640b8d4872fad4c2589f8c934f7e0b246
child 487762 8ffadc97369cb92c41b1ded0c2a559f0d3a30c08
push id9719
push userffxbld-merge
push dateFri, 24 Aug 2018 17:49:46 +0000
treeherdermozilla-beta@719ec98fba77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1484984
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1484984 - Avoid writing past the logical length of a string in networking code. r=valentin MozReview-Commit-ID: IIffoxnF6KS Differential Revision: https://phabricator.services.mozilla.com/D3884
netwerk/base/Dashboard.cpp
netwerk/base/nsNetAddr.cpp
netwerk/base/nsSocketTransport2.cpp
netwerk/protocol/http/Http2Compression.cpp
netwerk/protocol/http/HttpBaseChannel.cpp
--- a/netwerk/base/Dashboard.cpp
+++ b/netwerk/base/Dashboard.cpp
@@ -881,17 +881,17 @@ HttpConnInfo::SetHTTP2ProtocolVersion(Sp
 {
     MOZ_ASSERT(pv == SpdyVersion::HTTP_2);
     protocolVersion.AssignLiteral(u"h2");
 }
 
 NS_IMETHODIMP
 Dashboard::GetLogPath(nsACString &aLogPath)
 {
-    aLogPath.SetCapacity(2048);
+    aLogPath.SetLength(2048);
     uint32_t len = LogModule::GetLogFile(aLogPath.BeginWriting(), 2048);
     aLogPath.SetLength(len);
     return NS_OK;
 }
 
 NS_IMETHODIMP
 Dashboard::RequestConnection(const nsACString& aHost, uint32_t aPort,
                              const char *aProtocol, uint32_t aTimeout,
--- a/netwerk/base/nsNetAddr.cpp
+++ b/netwerk/base/nsNetAddr.cpp
@@ -40,22 +40,22 @@ NS_IMETHODIMP nsNetAddr::GetFamily(uint1
   return NS_OK;
 }
 
 NS_IMETHODIMP nsNetAddr::GetAddress(nsACString & aAddress)
 {
   switch(mAddr.raw.family) {
   /* PR_NetAddrToString can handle INET and INET6, but not LOCAL. */
   case AF_INET:
-    aAddress.SetCapacity(kIPv4CStrBufSize);
+    aAddress.SetLength(kIPv4CStrBufSize);
     NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv4CStrBufSize);
     aAddress.SetLength(strlen(aAddress.BeginReading()));
     break;
   case AF_INET6:
-    aAddress.SetCapacity(kIPv6CStrBufSize);
+    aAddress.SetLength(kIPv6CStrBufSize);
     NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv6CStrBufSize);
     aAddress.SetLength(strlen(aAddress.BeginReading()));
     break;
 #if defined(XP_UNIX)
   case AF_LOCAL:
     aAddress.Assign(mAddr.local.path);
     break;
 #endif
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@@ -1339,17 +1339,17 @@ nsSocketTransport::InitiateSocket()
     }
 
     // Hosts/Proxy Hosts that are Local IP Literals should not be speculatively
     // connected - Bug 853423.
     if (mConnectionFlags & nsISocketTransport::DISABLE_RFC1918 &&
         IsIPAddrLocal(&mNetAddr)) {
         if (SOCKET_LOG_ENABLED()) {
             nsAutoCString netAddrCString;
-            netAddrCString.SetCapacity(kIPv6CStrBufSize);
+            netAddrCString.SetLength(kIPv6CStrBufSize);
             if (!NetAddrToString(&mNetAddr,
                                  netAddrCString.BeginWriting(),
                                  kIPv6CStrBufSize))
                 netAddrCString = NS_LITERAL_CSTRING("<IP-to-string failed>");
             SOCKET_LOG(("nsSocketTransport::InitiateSocket skipping "
                         "speculative connection for host [%s:%d] proxy "
                         "[%s:%d] with Local IP address [%s]",
                         mHost.get(), mPort, mProxyHost.get(), mProxyPort,
--- a/netwerk/protocol/http/Http2Compression.cpp
+++ b/netwerk/protocol/http/Http2Compression.cpp
@@ -1087,18 +1087,18 @@ Http2Decompressor::DoContextUpdate()
 nsresult
 Http2Compressor::EncodeHeaderBlock(const nsCString &nvInput,
                                    const nsACString &method, const nsACString &path,
                                    const nsACString &host, const nsACString &scheme,
                                    bool connectForm, nsACString &output)
 {
   mSetInitialMaxBufferSizeAllowed = false;
   mOutput = &output;
+  output.Truncate();
   output.SetCapacity(1024);
-  output.Truncate();
   mParsedContentLength = -1;
 
   // first thing's first - context size updates (if necessary)
   if (mBufferSizeChangeWaiting) {
     if (mLowestBufferSizeWaiting < mMaxBufferSetting) {
       EncodeTableSizeChange(mLowestBufferSizeWaiting);
     }
     EncodeTableSizeChange(mMaxBufferSetting);
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2586,17 +2586,17 @@ HttpBaseChannel::SetCacheKeysRedirectCha
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetLocalAddress(nsACString& addr)
 {
   if (mSelfAddr.raw.family == PR_AF_UNSPEC)
     return NS_ERROR_NOT_AVAILABLE;
 
-  addr.SetCapacity(kIPv6CStrBufSize);
+  addr.SetLength(kIPv6CStrBufSize);
   NetAddrToString(&mSelfAddr, addr.BeginWriting(), kIPv6CStrBufSize);
   addr.SetLength(strlen(addr.BeginReading()));
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::TakeAllSecurityMessages(
@@ -2695,17 +2695,17 @@ HttpBaseChannel::GetLocalPort(int32_t* p
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetRemoteAddress(nsACString& addr)
 {
   if (mPeerAddr.raw.family == PR_AF_UNSPEC)
     return NS_ERROR_NOT_AVAILABLE;
 
-  addr.SetCapacity(kIPv6CStrBufSize);
+  addr.SetLength(kIPv6CStrBufSize);
   NetAddrToString(&mPeerAddr, addr.BeginWriting(), kIPv6CStrBufSize);
   addr.SetLength(strlen(addr.BeginReading()));
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetRemotePort(int32_t* port)