Bug 1338895 - Avoid non-smart string IDL types in remaining PSM IDL files. r=aklotz,keeler

Smart string classes like nsCString are safer to use than raw |char*| strings, and are typically easier to deal with as well. MozReview-Commit-ID: 18C293zWrJw --HG-- extra : rebase_source : 350191d4c3047fb38d18e8c6d9370cd059007861
2017-02-26 20:36:40 +08:00 · 2017-02-26 20:36:40 +08:00 · 895edf7133
--- a/modules/libjar/nsJAR.cpp
+++ b/modules/libjar/nsJAR.cpp
@ -381,10 +381,9 @@ nsJAR::GetSigningCert(const nsACString& aFilename, nsIX509Cert** aSigningCert)
    if (!manItem->entryVerified)
    {
      nsXPIDLCString entryData;
-      uint32_t entryDataLen;
-      rv = LoadEntry(aFilename, getter_Copies(entryData), &entryDataLen);
+      rv = LoadEntry(aFilename, entryData);
      if (NS_FAILED(rv)) return rv;
-      rv = VerifyEntry(manItem, entryData, entryDataLen);
+      rv = VerifyEntry(manItem, entryData, entryData.Length());
      if (NS_FAILED(rv)) return rv;
    }
    requestedStatus = manItem->status;
@ -440,7 +439,7 @@ nsJAR::GetNSPRFileDesc(PRFileDesc** aNSPRFileDesc)
 // nsJAR private implementation
 //----------------------------------------------
 nsresult
-nsJAR::LoadEntry(const nsACString &aFilename, char** aBuf, uint32_t* aBufLen)
+nsJAR::LoadEntry(const nsACString& aFilename, nsCString& aBuf)
 {
  //-- Get a stream for reading the file
  nsresult rv;
@ -471,9 +470,7 @@ nsJAR::LoadEntry(const nsACString &aFilename, char** aBuf, uint32_t* aBufLen)
    return rv;
  }
  buf[len] = '\0'; //Null-terminate the buffer
-  *aBuf = buf;
-  if (aBufLen)
-    *aBufLen = len;
+  aBuf.Adopt(buf, len);
  return NS_OK;
 }

@ -556,8 +553,7 @@ nsJAR::ParseManifest()
  }

  nsXPIDLCString manifestBuffer;
-  uint32_t manifestLen;
-  rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen);
+  rv = LoadEntry(manifestFilename, manifestBuffer);
  if (NS_FAILED(rv)) return rv;

  //-- Parse it
@ -581,7 +577,7 @@ nsJAR::ParseManifest()
  rv = files->GetNext(manifestFilename);
  if (NS_FAILED(rv)) return rv;

-  rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen);
+  rv = LoadEntry(manifestFilename, manifestBuffer);
  if (NS_FAILED(rv)) return rv;

  //-- Get its corresponding signature file
@ -590,15 +586,14 @@ nsJAR::ParseManifest()
  NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension.");
  (void)sigFilename.Cut(extension, 2);
  nsXPIDLCString sigBuffer;
-  uint32_t sigLen;
  {
    nsAutoCString tempFilename(sigFilename); tempFilename.Append("rsa", 3);
-    rv = LoadEntry(tempFilename, getter_Copies(sigBuffer), &sigLen);
+    rv = LoadEntry(tempFilename, sigBuffer);
  }
  if (NS_FAILED(rv))
  {
    nsAutoCString tempFilename(sigFilename); tempFilename.Append("RSA", 3);
-    rv = LoadEntry(tempFilename, getter_Copies(sigBuffer), &sigLen);
+    rv = LoadEntry(tempFilename, sigBuffer);
  }
  if (NS_FAILED(rv))
  {
@ -619,7 +614,7 @@ nsJAR::ParseManifest()

  //-- Verify that the signature file is a valid signature of the SF file
  int32_t verifyError;
-  rv = verifier->VerifySignature(sigBuffer, sigLen, manifestBuffer, manifestLen,
+  rv = verifier->VerifySignature(sigBuffer, manifestBuffer,
                                 &verifyError, getter_AddRefs(mSigningCert));
  if (NS_FAILED(rv)) return rv;
  if (mSigningCert && verifyError == nsIDataSignatureVerifier::VERIFY_OK) {
--- a/modules/libjar/nsJAR.h
+++ b/modules/libjar/nsJAR.h
@ -117,8 +117,7 @@ class nsJAR final : public nsIZipReader

    nsresult ParseManifest();
    void     ReportError(const nsACString &aFilename, int16_t errorCode);
-    nsresult LoadEntry(const nsACString &aFilename, char** aBuf,
-                       uint32_t* aBufLen = nullptr);
+    nsresult LoadEntry(const nsACString& aFilename, nsCString& aBuf);
    int32_t  ReadLine(const char** src);
    nsresult ParseOneFile(const char* filebuf, int16_t aFileType);
    nsresult VerifyEntry(nsJARManifestItem* aEntry, const char* aEntryData,
--- a/security/manager/pki/nsNSSDialogs.cpp
+++ b/security/manager/pki/nsNSSDialogs.cpp
@ -24,6 +24,7 @@
 #include "nsIX509CertDB.h"
 #include "nsIX509Cert.h"
 #include "nsNSSDialogHelper.h"
+#include "nsPromiseFlatString.h"
 #include "nsString.h"
 #include "nsVariant.h"

@ -57,13 +58,15 @@ nsNSSDialogs::Init()
  return rv;
 }

-nsresult
-nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
-                          const char16_t *tokenName, bool* _canceled)
+NS_IMETHODIMP
+nsNSSDialogs::SetPassword(nsIInterfaceRequestor* ctx,
+                          const nsAString& tokenName,
+                  /*out*/ bool* canceled)
 {
-  nsresult rv;
+  // |ctx| is allowed to be null.
+  NS_ENSURE_ARG(canceled);

-  *_canceled = false;
+  *canceled = false;

  // Get the parent window for the dialog
  nsCOMPtr<mozIDOMWindowProxy> parent = do_GetInterface(ctx);
@ -72,7 +75,7 @@ nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
           do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID);
  if (!block) return NS_ERROR_FAILURE;

-  rv = block->SetString(1, tokenName);
+  nsresult rv = block->SetString(1, PromiseFlatString(tokenName).get());
  if (NS_FAILED(rv)) return rv;

  rv = nsNSSDialogHelper::openDialog(parent,
@ -86,7 +89,7 @@ nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
  rv = block->GetInt(1, &status);
  if (NS_FAILED(rv)) return rv;

-  *_canceled = (status == 0)?true:false;
+  *canceled = (status == 0);

  return rv;
 }
@ -369,9 +372,14 @@ nsNSSDialogs::DisplayGeneratingKeypairInfo(nsIInterfaceRequestor *aCtx, nsIKeyge
 }

 NS_IMETHODIMP
-nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const char16_t **aTokenList, uint32_t aCount, char16_t **aTokenChosen, bool *aCanceled) {
-  nsresult rv;
-  uint32_t i;
+nsNSSDialogs::ChooseToken(nsIInterfaceRequestor* /*aCtx*/,
+                          const char16_t** aTokenList,
+                          uint32_t aCount,
+                  /*out*/ nsAString& aTokenChosen,
+                  /*out*/ bool* aCanceled)
+{
+  NS_ENSURE_ARG(aTokenList);
+  NS_ENSURE_ARG(aCanceled);

  *aCanceled = false;

@ -381,7 +389,8 @@ nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const char16_t **aTokenLi

  block->SetNumberStrings(aCount);

-  for (i = 0; i < aCount; i++) {
+  nsresult rv;
+  for (uint32_t i = 0; i < aCount; i++) {
    rv = block->SetString(i, aTokenList[i]);
    if (NS_FAILED(rv)) return rv;
  }
@ -399,10 +408,10 @@ nsNSSDialogs::ChooseToken(nsIInterfaceRequestor *aCtx, const char16_t **aTokenLi
  rv = block->GetInt(0, &status);
  if (NS_FAILED(rv)) return rv;

-  *aCanceled = (status == 0)?true:false;
+  *aCanceled = (status == 0);
  if (!*aCanceled) {
    // retrieve the nickname
-    rv = block->GetString(0, aTokenChosen);
+    rv = block->GetString(0, getter_Copies(aTokenChosen));
  }
  return rv;
 }
--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@ -15,6 +15,7 @@
 #include "mozilla/Unused.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsCRTGlue.h"
+#include "nsDependentString.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsICryptoHash.h"
 #include "nsIFileStreams.h"
@ -23,6 +24,7 @@
 #include "nsIX509Cert.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
 #include "nsTHashtable.h"
 #include "nsThreadUtils.h"
 #include "pkix/Input.h"
@ -312,31 +314,31 @@ CertBlocklist::EnsureBackingFileInitialized(MutexAutoLock& lock)
 }

 NS_IMETHODIMP
-CertBlocklist::RevokeCertBySubjectAndPubKey(const char* aSubject,
-                                            const char* aPubKeyHash)
+CertBlocklist::RevokeCertBySubjectAndPubKey(const nsACString& aSubject,
+                                            const nsACString& aPubKeyHash)
 {
  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
         ("CertBlocklist::RevokeCertBySubjectAndPubKey - subject is: %s and pubKeyHash: %s",
-          aSubject, aPubKeyHash));
+          PromiseFlatCString(aSubject).get(),
+          PromiseFlatCString(aPubKeyHash).get()));
  MutexAutoLock lock(mMutex);

-  return AddRevokedCertInternal(nsDependentCString(aSubject),
-                                nsDependentCString(aPubKeyHash),
+  return AddRevokedCertInternal(aSubject, aPubKeyHash,
                                BlockBySubjectAndPubKey,
                                CertNewFromBlocklist, lock);
 }

 NS_IMETHODIMP
-CertBlocklist::RevokeCertByIssuerAndSerial(const char* aIssuer,
-                                           const char* aSerialNumber)
+CertBlocklist::RevokeCertByIssuerAndSerial(const nsACString& aIssuer,
+                                           const nsACString& aSerialNumber)
 {
  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
         ("CertBlocklist::RevokeCertByIssuerAndSerial - issuer is: %s and serial: %s",
-          aIssuer, aSerialNumber));
+          PromiseFlatCString(aIssuer).get(),
+          PromiseFlatCString(aSerialNumber).get()));
  MutexAutoLock lock(mMutex);

-  return AddRevokedCertInternal(nsDependentCString(aIssuer),
-                                nsDependentCString(aSerialNumber),
+  return AddRevokedCertInternal(aIssuer, aSerialNumber,
                                BlockByIssuerAndSerial,
                                CertNewFromBlocklist, lock);
 }
--- a/security/manager/ssl/CertBlocklist.h
+++ b/security/manager/ssl/CertBlocklist.h
@ -7,12 +7,13 @@
 #define CertBlocklist_h

 #include "mozilla/Mutex.h"
-#include "nsClassHashtable.h"
 #include "nsCOMPtr.h"
+#include "nsClassHashtable.h"
 #include "nsICertBlocklist.h"
 #include "nsIOutputStream.h"
-#include "nsTHashtable.h"
 #include "nsIX509CertDB.h"
+#include "nsString.h"
+#include "nsTHashtable.h"
 #include "pkix/Input.h"

 #define NS_CERT_BLOCKLIST_CID \
--- a/security/manager/ssl/SecretDecoderRing.cpp
+++ b/security/manager/ssl/SecretDecoderRing.cpp
@ -175,7 +175,7 @@ SecretDecoderRing::ChangePassword()

  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
  bool canceled; // Ignored
-  return dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+  return dialogs->SetPassword(ctx, tokenName, &canceled);
 }

 NS_IMETHODIMP
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@ -4,6 +4,8 @@

 #include "nsDataSignatureVerifier.h"

+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
 #include "cms.h"
 #include "cryptohi.h"
 #include "keyhi.h"
@ -11,12 +13,11 @@
 #include "mozilla/Unused.h"
 #include "nsCOMPtr.h"
 #include "nsNSSComponent.h"
+#include "nsString.h"
 #include "nssb64.h"
 #include "pkix/pkixnss.h"
 #include "pkix/pkixtypes.h"
-#include "ScopedNSSTypes.h"
 #include "secerr.h"
-#include "SharedCertVerifier.h"

 using namespace mozilla;
 using namespace mozilla::pkix;
@ -273,14 +274,12 @@ VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg)
 } // namespace

 NS_IMETHODIMP
-nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
-                                         uint32_t aRSABufLen,
-                                         const char* aPlaintext,
-                                         uint32_t aPlaintextLen,
+nsDataSignatureVerifier::VerifySignature(const nsACString& aRSABuf,
+                                         const nsACString& aPlaintext,
                                         int32_t* aErrorCode,
                                         nsIX509Cert** aSigningCert)
 {
-  if (!aRSABuf || !aPlaintext || !aErrorCode || !aSigningCert) {
+  if (!aErrorCode || !aSigningCert) {
    return NS_ERROR_INVALID_ARG;
  }

@ -295,16 +294,16 @@ nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
  Digest digest;
  nsresult rv = digest.DigestBuf(
    SEC_OID_SHA1,
-    BitwiseCast<const uint8_t*, const char*>(aPlaintext),
-    aPlaintextLen);
+    BitwiseCast<const uint8_t*, const char*>(aPlaintext.BeginReading()),
+    aPlaintext.Length());
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return rv;
  }

  SECItem buffer = {
    siBuffer,
-    BitwiseCast<unsigned char*, const char*>(aRSABuf),
-    aRSABufLen
+    BitwiseCast<unsigned char*, const char*>(aRSABuf.BeginReading()),
+    aRSABuf.Length(),
  };

  VerifyCertificateContext context;
--- a/security/manager/ssl/nsICertBlocklist.idl
+++ b/security/manager/ssl/nsICertBlocklist.idl
@ -20,14 +20,16 @@ interface nsICertBlocklist : nsISupports {
   * Add details of a revoked certificate :
   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
   */
-   void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);
+   void revokeCertByIssuerAndSerial(in ACString issuer,
+                                    in ACString serialNumber);

  /**
   * Add details of a revoked certificate :
   * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
   * sha-256 hash of the public key).
   */
-   void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);
+   void revokeCertBySubjectAndPubKey(in ACString subject,
+                                     in ACString pubKeyHash);

  /**
   * Persist (fresh) blocklist entries to the profile (if a profile directory is
--- a/security/manager/ssl/nsIDataSignatureVerifier.idl
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@ -31,10 +31,7 @@ interface nsIDataSignatureVerifier : nsISupports
  const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
  const long VERIFY_ERROR_OTHER = 2;

-  nsIX509Cert verifySignature(in string aSignature,
-                              in unsigned long aSignatureLen,
-                              in string plaintext,
-                              in unsigned long plaintextLen,
+  nsIX509Cert verifySignature(in ACString signature, in ACString plaintext,
                              out long errorCode);

 };
--- a/security/manager/ssl/nsITokenDialogs.idl
+++ b/security/manager/ssl/nsITokenDialogs.idl
@ -13,7 +13,7 @@ interface nsITokenDialogs : nsISupports
  void ChooseToken(in nsIInterfaceRequestor ctx,
                   [array, size_is(count)] in wstring tokenNameList,
                   in unsigned long count,
-                   out wstring tokenName,
+                   out AString tokenName,
                   out boolean canceled);

    /**
--- a/security/manager/ssl/nsITokenPasswordDialogs.idl
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@ -20,7 +20,7 @@ interface nsITokenPasswordDialogs : nsISupports
   * @param tokenName Name of the token.
   * @return true if the user canceled the dialog, false otherwise.
   */
-  boolean setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName);
+  boolean setPassword(in nsIInterfaceRequestor ctx, in AString tokenName);
 };

 %{C++
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@ -298,7 +298,7 @@ GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
    PK11SlotList * slotList = nullptr;
    char16_t** tokenNameList = nullptr;
    nsCOMPtr<nsITokenDialogs> dialogs;
-    char16_t *unicodeTokenChosen;
+    nsAutoString tokenStr;
    PK11SlotListElement *slotElement, *tmpSlot;
    uint32_t numSlots = 0, i = 0;
    bool canceled;
@ -360,7 +360,7 @@ GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
        rv = NS_ERROR_OUT_OF_MEMORY;
    } else {
        rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList,
-                                  numSlots, &unicodeTokenChosen, &canceled);
+                                  numSlots, tokenStr, &canceled);
    }
 		if (NS_FAILED(rv)) goto loser;

@ -368,7 +368,6 @@ GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,

        // Get the slot //
        slotElement = PK11_GetFirstSafe(slotList);
-        nsAutoString tokenStr(unicodeTokenChosen);
        while (slotElement) {
            if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) {
                *aSlot = slotElement->slot;
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@ -2185,7 +2185,7 @@ setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx,

    bool canceled;
    NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot));
-    rv = dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+    rv = dialogs->SetPassword(ctx, tokenName, &canceled);
    if (NS_FAILED(rv)) {
      return rv;
    }