Bug 1484984 - Avoid writing past the logical length of a string in networking code. r=valentin
authorHenri Sivonen <hsivonen@hsivonen.fi>
Tue, 21 Aug 2018 14:20:48 +0000
changeset 481033 b51649c81fb203be12c9ce8f1ac0052f6f950e86
parent 481032 4f7d58a640b8d4872fad4c2589f8c934f7e0b246
child 481034 8ffadc97369cb92c41b1ded0c2a559f0d3a30c08
push id232
push userfmarier@mozilla.com
push dateWed, 05 Sep 2018 20:45:54 +0000
reviewersvalentin
bugs1484984
milestone63.0a1
Bug 1484984 - Avoid writing past the logical length of a string in networking code. r=valentin MozReview-Commit-ID: IIffoxnF6KS Differential Revision: https://phabricator.services.mozilla.com/D3884
netwerk/base/Dashboard.cpp
netwerk/base/nsNetAddr.cpp
netwerk/base/nsSocketTransport2.cpp
netwerk/protocol/http/Http2Compression.cpp
netwerk/protocol/http/HttpBaseChannel.cpp
--- a/netwerk/base/Dashboard.cpp
+++ b/netwerk/base/Dashboard.cpp
@@ -881,17 +881,17 @@ HttpConnInfo::SetHTTP2ProtocolVersion(Sp
 {
     MOZ_ASSERT(pv == SpdyVersion::HTTP_2);
     protocolVersion.AssignLiteral(u"h2");
 }
 
 NS_IMETHODIMP
 Dashboard::GetLogPath(nsACString &aLogPath)
 {
-    aLogPath.SetCapacity(2048);
+    aLogPath.SetLength(2048);
     uint32_t len = LogModule::GetLogFile(aLogPath.BeginWriting(), 2048);
     aLogPath.SetLength(len);
     return NS_OK;
 }
 
 NS_IMETHODIMP
 Dashboard::RequestConnection(const nsACString& aHost, uint32_t aPort,
                              const char *aProtocol, uint32_t aTimeout,
--- a/netwerk/base/nsNetAddr.cpp
+++ b/netwerk/base/nsNetAddr.cpp
@@ -40,22 +40,22 @@ NS_IMETHODIMP nsNetAddr::GetFamily(uint1
   return NS_OK;
 }
 
 NS_IMETHODIMP nsNetAddr::GetAddress(nsACString & aAddress)
 {
   switch(mAddr.raw.family) {
   /* PR_NetAddrToString can handle INET and INET6, but not LOCAL. */
   case AF_INET:
-    aAddress.SetCapacity(kIPv4CStrBufSize);
+    aAddress.SetLength(kIPv4CStrBufSize);
     NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv4CStrBufSize);
     aAddress.SetLength(strlen(aAddress.BeginReading()));
     break;
   case AF_INET6:
-    aAddress.SetCapacity(kIPv6CStrBufSize);
+    aAddress.SetLength(kIPv6CStrBufSize);
     NetAddrToString(&mAddr, aAddress.BeginWriting(), kIPv6CStrBufSize);
     aAddress.SetLength(strlen(aAddress.BeginReading()));
     break;
 #if defined(XP_UNIX)
   case AF_LOCAL:
     aAddress.Assign(mAddr.local.path);
     break;
 #endif
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@@ -1339,17 +1339,17 @@ nsSocketTransport::InitiateSocket()
     }
 
     // Hosts/Proxy Hosts that are Local IP Literals should not be speculatively
     // connected - Bug 853423.
     if (mConnectionFlags & nsISocketTransport::DISABLE_RFC1918 &&
         IsIPAddrLocal(&mNetAddr)) {
         if (SOCKET_LOG_ENABLED()) {
             nsAutoCString netAddrCString;
-            netAddrCString.SetCapacity(kIPv6CStrBufSize);
+            netAddrCString.SetLength(kIPv6CStrBufSize);
             if (!NetAddrToString(&mNetAddr,
                                  netAddrCString.BeginWriting(),
                                  kIPv6CStrBufSize))
                 netAddrCString = NS_LITERAL_CSTRING("<IP-to-string failed>");
             SOCKET_LOG(("nsSocketTransport::InitiateSocket skipping "
                         "speculative connection for host [%s:%d] proxy "
                         "[%s:%d] with Local IP address [%s]",
                         mHost.get(), mPort, mProxyHost.get(), mProxyPort,
--- a/netwerk/protocol/http/Http2Compression.cpp
+++ b/netwerk/protocol/http/Http2Compression.cpp
@@ -1087,18 +1087,18 @@ Http2Decompressor::DoContextUpdate()
 nsresult
 Http2Compressor::EncodeHeaderBlock(const nsCString &nvInput,
                                    const nsACString &method, const nsACString &path,
                                    const nsACString &host, const nsACString &scheme,
                                    bool connectForm, nsACString &output)
 {
   mSetInitialMaxBufferSizeAllowed = false;
   mOutput = &output;
+  output.Truncate();
   output.SetCapacity(1024);
-  output.Truncate();
   mParsedContentLength = -1;
 
   // first thing's first - context size updates (if necessary)
   if (mBufferSizeChangeWaiting) {
     if (mLowestBufferSizeWaiting < mMaxBufferSetting) {
       EncodeTableSizeChange(mLowestBufferSizeWaiting);
     }
     EncodeTableSizeChange(mMaxBufferSetting);
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -2586,17 +2586,17 @@ HttpBaseChannel::SetCacheKeysRedirectCha
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetLocalAddress(nsACString& addr)
 {
   if (mSelfAddr.raw.family == PR_AF_UNSPEC)
     return NS_ERROR_NOT_AVAILABLE;
 
-  addr.SetCapacity(kIPv6CStrBufSize);
+  addr.SetLength(kIPv6CStrBufSize);
   NetAddrToString(&mSelfAddr, addr.BeginWriting(), kIPv6CStrBufSize);
   addr.SetLength(strlen(addr.BeginReading()));
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::TakeAllSecurityMessages(
@@ -2695,17 +2695,17 @@ HttpBaseChannel::GetLocalPort(int32_t* p
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetRemoteAddress(nsACString& addr)
 {
   if (mPeerAddr.raw.family == PR_AF_UNSPEC)
     return NS_ERROR_NOT_AVAILABLE;
 
-  addr.SetCapacity(kIPv6CStrBufSize);
+  addr.SetLength(kIPv6CStrBufSize);
   NetAddrToString(&mPeerAddr, addr.BeginWriting(), kIPv6CStrBufSize);
   addr.SetLength(strlen(addr.BeginReading()));
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 HttpBaseChannel::GetRemotePort(int32_t* port)