author Tim Taubert <ttaubert@mozilla.com>
Tue, 28 Nov 2017 10:00:47 +0100
changeset 445099 9db3839609e097e84106c385e53ed12202d77f8a
parent 440597 9bf2f58e17f2d4ea0fa52776e38ca0b74bcc9820
child 448137 6843881d1c0bc4a689f5a72a8605a797b70016bd
permissions -rw-r--r--
Bug 1413841 - Check for integer overflow in AesTask::DoCrypto(). r=keeler, a=gchang Summary: After calling mResult.SetLength(mData.Length() + 16) we should check that the integer addition didn't overflow. It seems at the moment impossible to create ArrayBuffers of size >= 0x0xfffffff0, however adding a check here doesn't hurt. mResult.Length() is passed to the PK11 API functions as a maxOut parameter and /should/ be checked by the softoken crypto algorithm implementations. AES-ECB and AES-GCM seem to do that correctly. Reviewers: keeler Reviewed By: keeler Subscribers: mcote, ttaubert, jcj, keeler Bug #: 1413841 Differential Revision: https://phabricator.services.mozilla.com/D188

# .hgignore - List of filenames hg should ignore

# Filenames that should be ignored wherever they appear

# Vim swap files.

# Emacs directory variable files.

# User files that may appear at the root

# Empty marker file that's generated when we check out NSS

# Build directories

# gecko.log is generated by various test harnesses

# Build directories for js shell

# SpiderMonkey configury
# SpiderMonkey test result logs
# SpiderMonkey clone of the webassembly spec repository

# Java HTML5 parser classes

# SVN directories

# Ignore the files and directory that Eclipse IDE creates

# Ignore the files and directory that JetBrains IDEs create.
# Android Monitor in Android Studio creates a captures/ directory.

# Gradle cache.

# Local Gradle configuration properties.

# Python stuff installed at build time.

# Git repositories

# Ignore chrome.manifest files from the devtools loader

# Ignore node_modules directories in devtools

# git checkout of libstagefright

# Tag files generated by GNU Global

# Git clone directory for updating web-platform-tests

# Third party metadata for web-platform-tests

# Android Gradle artifacts.

# XCode project cruft

# Ignore mozharness execution files

# Ignore tox generated dir

# Ignore ESLint node_modules

# Ignore talos virtualenv and tp5n files.
# The tp5n set is supposed to be decompressed at
# testing/talos/talos/tests/tp5n in order to run tests like tps
# locally. Similarly, running talos requires a Python package virtual
# environment. Both the virtual environment and tp5n files end up littering
# the status command, so we ignore them.

# Ignore toolchains.json created by tooltool.

# Ignore files created when running a reftest.

# tup database

# Ignore sync tps logs and reports

# Ignore Visual Studio Code workspace files.


# Ignore Infer output