Bug 1033492 - WebCrypto: heap-buffer-overflow crash [@PK11_EnterSlotMonitor]. r=dkeeler, a=dveditz
authorRichard Barnes <rbarnes@mozilla.com>
Mon, 07 Jul 2014 09:07:46 -0400
changeset 207735 c3683c06f6d8d471a018d2a213b5c41e6efa7363
parent 207734 83a1489c01eb43a5d2fe5a105caacdc4039ae5d4
child 207736 ae6be45bcda6f8e2377a91417dc6ca34b39d7c46
push id3741
push userasasaki@mozilla.com
push dateMon, 21 Jul 2014 20:25:18 +0000
treeherdermozilla-beta@4d6f46f5af68 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler, dveditz
bugs1033492
milestone32.0a2
Bug 1033492 - WebCrypto: heap-buffer-overflow crash [@PK11_EnterSlotMonitor]. r=dkeeler, a=dveditz
dom/crypto/WebCryptoTask.cpp
dom/crypto/test/tests.js
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@@ -1382,17 +1382,17 @@ private:
     MOZ_ASSERT(slot.get());
 
     void* param;
     switch (mMechanism) {
       case CKM_RSA_PKCS_KEY_PAIR_GEN: param = &mRsaParams; break;
       default: return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
     }
 
-    SECKEYPublicKey* pubKey;
+    SECKEYPublicKey* pubKey = nullptr;
     mPrivateKey = PK11_GenerateKeyPair(slot.get(), mMechanism, param, &pubKey,
                                        PR_FALSE, PR_FALSE, nullptr);
     mPublicKey = pubKey;
     if (!mPrivateKey.get() || !mPublicKey.get()) {
       return NS_ERROR_DOM_UNKNOWN_ERR;
     }
 
     mKeyPair->PrivateKey()->SetPrivateKey(mPrivateKey);
--- a/dom/crypto/test/tests.js
+++ b/dom/crypto/test/tests.js
@@ -409,16 +409,32 @@ TestArray.addTest(
       }),
       error(that)
     );
   }
 );
 
 // -----------------------------------------------------------------------------
 TestArray.addTest(
+  "Fail cleanly when NSS refuses to generate a key pair",
+  function() {
+    var that = this;
+    var alg = {
+      name: "RSAES-PKCS1-v1_5",
+      modulusLength: 2299, // NSS does not like this key length
+      publicExponent: new Uint8Array([0x01, 0x00, 0x01])
+    };
+
+    crypto.subtle.generateKey(alg, false, ["encrypt"])
+      .then( error(that), complete(that) );
+  }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
   "SHA-256 digest",
   function() {
     var that = this;
     crypto.subtle.digest("SHA-256", tv.sha256.data).then(
       memcmp_complete(that, tv.sha256.result),
       error(that)
     );
   }