From e0f08d4ab32f5e50f53a209c071e2dc279bb1744 Mon Sep 17 00:00:00 2001
From: Kai Engert <kaie@kuix.de>
Date: Tue, 4 Jun 2019 22:58:39 +0200
Subject: [PATCH] Bug 1552004 - dont' use "eval" in the OTR code. r=mkmelin

Differential Revision: https://phabricator.services.mozilla.com/D32839
---
 chat/content/otrWorker.js |  6 +++---
 chat/modules/OTR.jsm      | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/chat/content/otrWorker.js b/chat/content/otrWorker.js
index 12c68b39b0..239e203aae 100644
--- a/chat/content/otrWorker.js
+++ b/chat/content/otrWorker.js
@@ -8,9 +8,7 @@ var PromiseWorker = require("resource://gre/modules/workers/PromiseWorker.js");
 var Funcs = {};
 
 // Only what we need from libotr.js
-Funcs.generateKey = function(path, otrl_version, newkeySource) {
-  // eslint-disable-next-line no-eval
-  let newkey = eval(newkeySource);  // jshint ignore:line
+Funcs.generateKey = function(path, otrl_version, address) {
   let libotr = ctypes.open(path);
 
   let abi = ctypes.default_abi;
@@ -31,6 +29,8 @@ Funcs.generateKey = function(path, otrl_version, newkeySource) {
   );
 
   otrl_init.apply(libotr, otrl_version);
+
+  let newkey = ctypes.voidptr_t(ctypes.UInt64("0x" + address));
   let err = otrl_privkey_generate_calculate(newkey);
   libotr.close();
   if (err)
diff --git a/chat/modules/OTR.jsm b/chat/modules/OTR.jsm
index 31d87c17cf..43543947b6 100644
--- a/chat/modules/OTR.jsm
+++ b/chat/modules/OTR.jsm
@@ -182,9 +182,24 @@ var OTR = {
     );
     if (err || newkey.isNull())
       return Promise.reject("otrl_privkey_generate_start (" + err + ")");
+
+    let keyPtrSrc = newkey.toSource();
+    let re = new RegExp(
+      "^ctypes\\.voidptr_t\\(ctypes\\.UInt64\\(\"0x([0-9a-fA-F]+)\"\\)\\)$");
+    let address;
+    let match = re.exec(keyPtrSrc);
+    if (match) {
+      address = match[1];
+    }
+
+    if (!address) {
+      OTRLib.otrl_privkey_generate_cancelled(OTR.userstate, newkey);
+      throw new Error("generatePrivateKey failed to parse ptr.toSource(): " + keyPtrSrc);
+    }
+
     let worker = new BasePromiseWorker(workerPath);
     return worker.post("generateKey", [
-      OTRLib.path, OTRLib.otrl_version, newkey.toSource(),
+      OTRLib.path, OTRLib.otrl_version, address,
     ]).then(function() {
       let err = OTRLib.otrl_privkey_generate_finish(
         OTR.userstate, newkey, OTR.privateKeyPath