gecko-dev/dom/crypto
Tim Taubert 0294a21add Bug 1413841 - Check for integer overflow in AesTask::DoCrypto() r=keeler
Summary:
After calling mResult.SetLength(mData.Length() + 16) we should check that the
integer addition didn't overflow. It seems at the moment impossible to create
ArrayBuffers of size >= 0x0xfffffff0, however adding a check here doesn't hurt.

mResult.Length() is passed to the PK11 API functions as a maxOut parameter and
/should/ be checked by the softoken crypto algorithm implementations. AES-ECB
and AES-GCM seem to do that correctly.

Reviewers: keeler

Reviewed By: keeler

Subscribers: mcote, ttaubert, jcj, keeler

Bug #: 1413841

Differential Revision: https://phabricator.services.mozilla.com/D188
2017-11-28 10:00:47 +01:00
..
test
CryptoBuffer.cpp
CryptoBuffer.h
CryptoKey.cpp
CryptoKey.h
KeyAlgorithmProxy.cpp
KeyAlgorithmProxy.h
WebCryptoCommon.h
WebCryptoTask.cpp Bug 1413841 - Check for integer overflow in AesTask::DoCrypto() r=keeler 2017-11-28 10:00:47 +01:00
WebCryptoTask.h
WebCryptoThreadPool.cpp Bug 1413216 - Fix some missing includes in dom code. r=baku 2017-10-12 13:50:23 +01:00
WebCryptoThreadPool.h Bug 1413216 - Fix some missing includes in dom code. r=baku 2017-10-12 13:50:23 +01:00
moz.build