Closed Bug 308405 Opened 19 years ago Closed 19 years ago

"@mozilla.org/security/hash;1" incorrectly invoked as a service in nsHttpDigestAuth.cpp

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9alpha1

People

(Reporter: cmelhorn, Assigned: darin.moz)

Details

Attachments

(1 file, 1 obsolete file)

v1.1 patch
2.70 KB, patch
dougt
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

Per Doug Turner, the CryptoHash component ("@mozilla.org/security/hash;1")
should not be used as a service, as it appears to be in nsHttpDigestAuth.cpp:

http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpDigestAuth.cpp#66


Reproducible: Always
Attached patch v1 patch (obsolete) — Splinter Review 

        Attachment #195993 -
        Flags: review?(dougt)

    
  
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → mozilla1.9alpha

    
    

    
  
Comment on attachment 195993 [details] [diff] [review]
v1 patch

+    mVerifier = do_CreateInstance("@mozilla.org/security/hash;1");
+    if (NS_FAILED(rv)) {

Test against |mVerifier|.  rv isn't used or needed.

+  NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));

I am not sure why you need to do this.

        Attachment #195993 -
        Flags: review?(dougt)

        Attachment #195993 -
        Flags: review?

        Attachment #195993 -
        Flags: review-

    
    

    
  
(In reply to comment #2)
> (From update of attachment 195993 [details] [diff] [review] [edit])
> +    mVerifier = do_CreateInstance("@mozilla.org/security/hash;1");
> +    if (NS_FAILED(rv)) {
> 
> Test against |mVerifier|.  rv isn't used or needed.

whoops, i meant to catch rv from do_CreateInstance.  I'd rather propogate that
failure code instead of inventing one.



> +  NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));
> 
> I am not sure why you need to do this.

Defense in depth.  It would be very unfortunate if hashString.Length() were ever
greater than sizeof(mHashBuf).

    
  

        Attachment #195993 -
        Flags: review?

    
    

    
  

      
      
      
      

        Attached patch
          
          
        v1.1 patchSplinter Review
      

    


  

        Attachment #195993 -
        Attachment is obsolete: true

        Attachment #196074 -
        Flags: review?(dougt)

    
  

        Attachment #196074 -
        Flags: review?(dougt) → review+

    
    

    
  
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: