Bug 1867394: Zero-initialize first EncryptedBlock.r=asuth,dom-storage-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D195249

dom/quota/EncryptedBlock.h

@@ -37,6 +37,11 @@ class EncryptedBlock {
     // But maybe that's not necessary as the block size is not user-provided and
     // small.
     mData.SetLength(aOverallSize);
+
+    // Bug 1867394: Making sure to zero-initialize first block as there might
+    // be some unused bytes in it which could expose sensitive data.
+    // Currently, only sizeof(uint16_t) bytes gets used in the first block.
+    std::fill(mData.begin(), mData.begin() + CipherPrefixOffset(), 0);
     SetActualPayloadLength(MaxPayloadLength());
   }
 
@@ -85,7 +90,7 @@ class EncryptedBlock {
     return (aValue + BasicBlockSize - 1) / BasicBlockSize * BasicBlockSize;
   }
 
-  nsTArray<uint8_t> mData;  ///< XXX use some "safe memory" here?
+  nsTArray<uint8_t> mData;
 };
 
 }  // namespace mozilla::dom::quota

dom/quota/test/gtest/TestEncryptedStream.cpp

@@ -603,6 +603,22 @@ TEST_P(ParametrizedCryptTest, DummyCipherStrategy_IncompleteBlock) {
                            readData.Length(), &read));
 }
 
+TEST_P(ParametrizedCryptTest, zeroInitializedEncryptedBlock) {
+  const TestParams& testParams = GetParam();
+
+  using EncryptedBlock = EncryptedBlock<DummyCipherStrategy::BlockPrefixLength,
+                                        DummyCipherStrategy::BasicBlockSize>;
+
+  EncryptedBlock encryptedBlock{testParams.BlockSize()};
+  auto firstBlock =
+      encryptedBlock.WholeBlock().First<DummyCipherStrategy::BasicBlockSize>();
+  auto unusedBytesInFirstBlock = firstBlock.from(sizeof(uint16_t));
+
+  EXPECT_TRUE(std::all_of(unusedBytesInFirstBlock.begin(),
+                          unusedBytesInFirstBlock.end(),
+                          [](const auto& e) { return 0ul == e; }));
+}
+
 enum struct SeekOffset {
   Zero,
   MinusHalfDataSize,