mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 449698 – login manager shouldn't allow nulls in username or password. r=gavin

This commit is contained in:
Justin Dolske 2008-08-11 15:25:21 -07:00
Родитель ed9c9731ca
Коммит 8c833c344e
2 изменённых файлов: 21 добавлений и 9 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
toolkit/components/passwordmgr/src/storage-Legacy.js
Просмотреть файл

@ -513,6 +513,14 @@ LoginManagerStorage_legacy.prototype = {
if (badCharacterPresent(aLogin, "\0"))
throw "login values can't contain nulls";
// In theory these nulls should just be rolled up into the encrypted
// values, but nsISecretDecoderRing doesn't use nsStrings, so the
// nulls cause truncation. Check for them here just to avoid
// unexpected round-trip surprises.
if (aLogin.username.indexOf("\0") != -1 ||
aLogin.password.indexOf("\0") != -1)
throw "login values can't contain nulls";
// Newlines are invalid for any field stored as plaintext.
if (badCharacterPresent(aLogin, "\r") ||
badCharacterPresent(aLogin, "\n"))

22
toolkit/components/passwordmgr/test/unit/test_storage_legacy_3.js
Просмотреть файл

@ -485,21 +485,25 @@ tryAddUser(storage, nullUser, /login values can't contain nulls/);
nullUser.passwordField = "passnull";
// check username and password, which are OK with embedded nulls.
// check username with null
nullUser.username = "user\0name";
nullUser.password = "pass\0word";
tryAddUser(storage, nullUser, null);
tryAddUser(storage, nullUser, /login values can't contain nulls/);
nullUser.username = "username";
LoginTest.checkStorageData(storage, [], [nullUser]);
// check password with null
nullUser.password = "pass\0word";
tryAddUser(storage, nullUser, /login values can't contain nulls/);
nullUser.password = "password";
// Final sanity check, to make sure we didn't store anything unexpected.
LoginTest.checkStorageData(storage, [], []);
var numLines = LoginTest.countLinesInFile(OUTDIR, "output-394610-4.txt");
do_check_eq(numLines, 10);
do_check_eq(numLines, 2);
testdesc = "[flush and reload for verification]"
LoginTest.initStorage(storage, OUTDIR, "output-394610-4.txt");
LoginTest.checkStorageData(storage, [], [nullUser]);
nullUser.username = "username";
nullUser.password = "password";
LoginTest.checkStorageData(storage, [], []);