Bug 966143 - Don't attempt to process a malformed password record. r=nalexander, a=sledru
authorRichard Newman <rnewman@mozilla.com>
Tue, 04 Mar 2014 14:38:11 -0800
changeset 183236 c07438fae1688dcfa21bf2c3b29544bf2478b2d6
parent 183235 bc0a26f61e41a7fe9471c02bf4b213081ad4033a
child 183237 4e00e7419c6f2fe9a1853d2183a80b328d796410
push id3343
push userffxbld
push dateMon, 17 Mar 2014 21:55:32 +0000
treeherdermozilla-beta@2f7d3415f79f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnalexander, sledru
bugs966143
milestone29.0a2
Bug 966143 - Don't attempt to process a malformed password record. r=nalexander, a=sledru
mobile/android/base/sync/repositories/android/PasswordsRepositorySession.java
mobile/android/base/sync/repositories/domain/PasswordRecord.java
--- a/mobile/android/base/sync/repositories/android/PasswordsRepositorySession.java
+++ b/mobile/android/base/sync/repositories/android/PasswordsRepositorySession.java
@@ -322,16 +322,23 @@ public class PasswordsRepositorySession 
           if (!locallyModified) {
             Logger.warn(LOG_TAG, "Inconsistency: old remote record is deleted, but local record not modified!");
             // Ensure that this is tracked for upload.
           }
           return;
         }
         // End deletion logic.
 
+        // Validate the incoming record.
+        if (!remoteRecord.isValid()) {
+            Logger.warn(LOG_TAG, "Incoming record is invalid. Reporting store failed.");
+            delegate.onRecordStoreFailed(new RuntimeException("Can't store invalid password record."), record.guid);
+            return;
+        }
+
         // Now we're processing a non-deleted incoming record.
         if (existingRecord == null) {
           trace("Looking up match for record " + remoteRecord.guid);
           try {
             existingRecord = findExistingRecord(remoteRecord);
           } catch (RemoteException e) {
             Logger.error(LOG_TAG, "Remote exception in findExistingRecord.");
             delegate.onRecordStoreFailed(e, record.guid);
--- a/mobile/android/base/sync/repositories/domain/PasswordRecord.java
+++ b/mobile/android/base/sync/repositories/domain/PasswordRecord.java
@@ -176,9 +176,30 @@ public class PasswordRecord extends Reco
         + "encryptedUsername null?: " + (this.encryptedUsername == null) + ", "
         + "encryptedPassword null?: " + (this.encryptedPassword == null) + ", "
         + "encType: " + this.encType + ", "
         + "timeCreated: " + this.timeCreated + ", "
         + "timeLastUsed: " + this.timeLastUsed + ", "
         + "timePasswordChanged: " + this.timePasswordChanged + ", "
         + "timesUsed: " + this.timesUsed;
   }
+
+  /**
+   * A PasswordRecord is considered valid if it abides by the database
+   * constraints of the PasswordsProvider (moz_logins).
+   *
+   * See toolkit/components/passwordmgr/storage-mozStorage.js for the
+   * definitions:
+   *
+   * http://hg.mozilla.org/mozilla-central/file/00955d61cc94/toolkit/components/passwordmgr/storage-mozStorage.js#l98
+   */
+    public boolean isValid() {
+        if (this.deleted) {
+            return true;
+        }
+
+        return this.hostname != null &&
+               this.encryptedUsername != null &&
+               this.encryptedPassword != null &&
+               this.usernameField != null &&
+               this.passwordField != null;
+  }
 }