Bug 1296219 - Use the Mozilla Base64 functions instead of the NSPR ones in PSM. r=keeler

NSPR should generally be avoided in favour of modern C++ code. This patch does not convert uses of the NSS Base64 functions. It does however take the opportunity to switch over some IDL functions to use the safer Mozilla string classes, and fixes Bug 1251050 along the way. MozReview-Commit-ID: CM8g9DzIcnC --HG-- extra : rebase_source : 9d07db1bcefc9d9ed6a1f7e102f5c01bd9caa522
2016-08-23 13:29:15 +08:00 · 2016-08-23 13:29:15 +08:00 · ba96e52654
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@ -191,7 +191,7 @@ interface nsIX509CertDB : nsISupports {
   *                    characters, indicating SSL, Email, and Obj signing
   *                    trust.
   */
-  void setCertTrustFromString(in nsIX509Cert cert, in string trustString);
+  void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString);

  /**
   *  Query whether a certificate is trusted for a particular use.
@ -253,7 +253,7 @@ interface nsIX509CertDB : nsISupports {
   *                encoded as Base 64.
   *  @return The new certificate object.
   */
-  nsIX509Cert constructX509FromBase64(in string base64);
+  nsIX509Cert constructX509FromBase64(in ACString base64);

  /*
   *  Decode a raw data presentation and instantiate an object in memory.
@ -341,8 +341,10 @@ interface nsIX509CertDB : nsISupports {
   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
   *                indicating SSL, Email, and Obj signing trust
   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
   */
-  void addCert(in ACString certDER, in string aTrust, in string aName);
+  void addCert(in ACString certDER, in ACString aTrust, in AUTF8String aName);

  // Flags for verifyCertNow (these must match the values in CertVerifier.cpp):
  // Prevent network traffic. Doesn't work with classic verification.
@ -410,8 +412,11 @@ interface nsIX509CertDB : nsISupports {
   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
   *                indicating SSL, Email, and Obj signing trust
   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
   */
-  void addCertFromBase64(in string base64, in string aTrust, in string aName);
+  void addCertFromBase64(in ACString base64, in ACString aTrust,
+                         in AUTF8String aName);

  /*
   * Get all the known certs in the database
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@ -36,11 +36,9 @@
 #include "nsUnicharUtils.h"
 #include "nsXULAppAPI.h"
 #include "nspr.h"
-#include "nssb64.h"
 #include "pkix/pkixnss.h"
 #include "pkix/pkixtypes.h"
 #include "pkix/Result.h"
-#include "plbase64.h"
 #include "prerror.h"
 #include "prmem.h"
 #include "prprf.h"
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@ -9,6 +9,7 @@
 #include "ExtendedValidation.h"
 #include "NSSCertDBTrustDomain.h"
 #include "SharedSSLState.h"
+#include "certdb.h"
 #include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/unused.h"
@ -32,20 +33,17 @@
 #include "nsNSSShutDown.h"
 #include "nsPK11TokenDB.h"
 #include "nsPKCS12Blob.h"
+#include "nsPromiseFlatString.h"
 #include "nsProxyRelease.h"
 #include "nsReadableUtils.h"
 #include "nsThreadUtils.h"
+#include "nspr.h"
 #include "pkix/Time.h"
 #include "pkix/pkixtypes.h"
-
-#include "nspr.h"
-#include "certdb.h"
-#include "secerr.h"
-#include "nssb64.h"
 #include "secasn1.h"
 #include "secder.h"
+#include "secerr.h"
 #include "ssl.h"
-#include "plbase64.h"

 #ifdef XP_WIN
 #include <winsock.h> // for ntohl
@ -1168,41 +1166,31 @@ nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress,
 }

 NS_IMETHODIMP
-nsNSSCertificateDB::ConstructX509FromBase64(const char *base64,
-                                            nsIX509Cert **_retval)
+nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64,
+                                    /*out*/ nsIX509Cert** _retval)
 {
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
    return NS_ERROR_NOT_AVAILABLE;
  }
-  if (NS_WARN_IF(!_retval)) {
+  if (!_retval) {
    return NS_ERROR_INVALID_POINTER;
  }

-  // sure would be nice to have a smart pointer class for PL_ allocations
-  // unfortunately, we cannot distinguish out-of-memory from bad-input here
-  uint32_t len = base64 ? strlen(base64) : 0;
-  char *certDER = PL_Base64Decode(base64, len, nullptr);
-  if (!certDER)
-    return NS_ERROR_ILLEGAL_VALUE;
-  if (!*certDER) {
-    PL_strfree(certDER);
+  // Base64Decode() doesn't consider a zero length input as an error, and just
+  // returns the empty string. We don't want this behavior, so the below check
+  // catches this case.
+  if (base64.Length() < 1) {
    return NS_ERROR_ILLEGAL_VALUE;
  }

-  // If we get to this point, we know we had well-formed base64 input;
-  // therefore the input string cannot have been less than two
-  // characters long.  Compute the unpadded length of the decoded data.
-  uint32_t lengthDER = (len * 3) / 4;
-  if (base64[len-1] == '=') {
-    lengthDER--;
-    if (base64[len-2] == '=')
-      lengthDER--;
+  nsAutoCString certDER;
+  nsresult rv = Base64Decode(base64, certDER);
+  if (NS_FAILED(rv)) {
+    return rv;
  }

-  nsresult rv = ConstructX509(certDER, lengthDER, _retval);
-  PL_strfree(certDER);
-  return rv;
+  return ConstructX509(certDER.get(), certDER.Length(), _retval);
 }

 NS_IMETHODIMP
@ -1341,25 +1329,26 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
 }

 NS_IMETHODIMP
-nsNSSCertificateDB::AddCertFromBase64(const char* aBase64, const char* aTrust,
-                                      const char* /*aName*/)
+nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64,
+                                      const nsACString& aTrust,
+                                      const nsACString& /*aName*/)
 {
-  NS_ENSURE_ARG_POINTER(aBase64);
-  NS_ENSURE_ARG_POINTER(aTrust);
-
  nsNSSShutDownPreventionLock locker;
  if (isAlreadyShutDown()) {
    return NS_ERROR_NOT_AVAILABLE;
  }

  nsNSSCertTrust trust;
-  if (CERT_DecodeTrustString(trust.GetTrust(), aTrust) != SECSuccess) {
+  if (CERT_DecodeTrustString(trust.GetTrust(), PromiseFlatCString(aTrust).get())
+        != SECSuccess) {
    return NS_ERROR_FAILURE;
  }

  nsCOMPtr<nsIX509Cert> newCert;
  nsresult rv = ConstructX509FromBase64(aBase64, getter_AddRefs(newCert));
-  NS_ENSURE_SUCCESS(rv, rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }

  UniqueCERTCertificate tmpCert(newCert->GetCert());
  if (!tmpCert) {
@ -1387,26 +1376,26 @@ nsNSSCertificateDB::AddCertFromBase64(const char* aBase64, const char* aTrust,
 }

 NS_IMETHODIMP
-nsNSSCertificateDB::AddCert(const nsACString & aCertDER, const char *aTrust,
-                            const char *aName)
+nsNSSCertificateDB::AddCert(const nsACString& aCertDER, const nsACString& aTrust,
+                            const nsACString& aName)
 {
  nsCString base64;
  nsresult rv = Base64Encode(aCertDER, base64);
  NS_ENSURE_SUCCESS(rv, rv);
-  return AddCertFromBase64(base64.get(), aTrust, aName);
+  return AddCertFromBase64(base64, aTrust, aName);
 }

 NS_IMETHODIMP
 nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
-                                           const char* trustString)
+                                           const nsACString& trustString)
 {
-  CERTCertTrust trust;
+  NS_ENSURE_ARG(cert);

-  // need to calculate the trust bits from the aTrust string.
+  CERTCertTrust trust;
  SECStatus srv = CERT_DecodeTrustString(&trust,
-                                         const_cast<char *>(trustString));
+                                         PromiseFlatCString(trustString).get());
  if (srv != SECSuccess) {
-    return MapSECStatus(SECFailure);
+    return MapSECStatus(srv);
  }
  UniqueCERTCertificate nssCert(cert->GetCert());

--- a/security/manager/ssl/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@ -9,6 +9,7 @@

 #include "ScopedNSSTypes.h"
 #include "md4.h"
+#include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
 #include "mozilla/CheckedInt.h"
 #include "mozilla/EndianUtils.h"
@ -208,25 +209,27 @@ LogBuf(const char *tag, const uint8_t *buf, uint32_t bufLen)
  }
 }

-#include "plbase64.h"
-#include "prmem.h"
 /**
 * Print base64-encoded token to the NSPR Log.
 * @param name Description of the token, will be printed in front
 * @param token The token to print
 * @param tokenLen length of the data in token
 */
-static void LogToken(const char *name, const void *token, uint32_t tokenLen)
+static void
+LogToken(const char* name, const void* token, uint32_t tokenLen)
 {
-  if (!LOG_ENABLED())
+  if (!LOG_ENABLED()) {
    return;
-
-  char *b64data = PL_Base64Encode((const char *) token, tokenLen, nullptr);
-  if (b64data)
-  {
-    PR_LogPrint("%s: %s\n", name, b64data);
-    PR_Free(b64data);
  }
+
+  nsDependentCSubstring tokenString(static_cast<const char*>(token), tokenLen);
+  nsAutoCString base64Token;
+  nsresult rv = mozilla::Base64Encode(tokenString, base64Token);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  PR_LogPrint("%s: %s\n", name, base64Token.get());
 }

 //-----------------------------------------------------------------------------