Closed Bug 1288905 Opened 8 years ago Closed 8 years ago

Questionable reinterpret cast in WebSocketChannel::PrimeNewOutgoingMessage()

Categories

(Core :: Networking: WebSockets, defect)

Product:
Core
Component:
Networking: WebSockets
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla50
Tracking Flags:
Tracking Status
firefox50 --- fixed

People

(Reporter: Ms2ger, Assigned: michal)

Details

(Whiteboard: [necko-active])

Attachments

(1 file, 1 obsolete file)

patch v2 - added PR_STATIC_ASSERT
1.50 KB, patch
michal
: review+
Details | Diff | Splinter Review 
(With error handling omitted)

      uint8_t *buffer;
      mRandomGenerator->GenerateRandomBytes(4, &buffer);
      mask = * reinterpret_cast<uint32_t *>(buffer);

This seems to ignore alignment issues.

Perhaps NativeEndian::readUint32 would work?
Assignee: nobody → michal.novotny
Summary: Questionable reinterpret cast in nsWebSocketHandler::PrimeNewOutgoingMessage() → Questionable reinterpret cast in WebSocketChannel::PrimeNewOutgoingMessage()
Whiteboard: [necko-active]
Attached patch fix (obsolete) — Splinter Review 
readUint32() is not public in NativeEndian so I used memcpy
Attachment #8774797 - Flags: review?(mcmanus)
Comment on attachment 8774797 [details] [diff] [review]
fix

Review of attachment 8774797 [details] [diff] [review]:
-----------------------------------------------------------------

::: netwerk/protocol/websocket/WebSocketChannel.cpp
@@ +2182,5 @@
>    if (!mIsServerSide) {
>      // Perform the sending mask. Never use a zero mask
>      do {
>        uint8_t *buffer;
> +      nsresult rv = mRandomGenerator->GenerateRandomBytes(sizeof(mask),

thanks for taking this.. as a nit I think you should PR_STATIC_ASSERT (or something - on phone, hard for me to page through alternatives if any) that sizeof mask is 4 as the wirespec clearly needs to deal with 32 bits - just to safely prevent someone from changing the type of mask.
Attachment #8774797 - Flags: review?(mcmanus) → review+

        Attachment #8774797 -
        Attachment is obsolete: true

        Attachment #8774830 -
        Flags: review+

    
    

    
  
Pushed by mnovotny@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a2dba32ae074
Questionable reinterpret cast in WebSocketChannel::PrimeNewOutgoingMessage(), r=mcmanus

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/a2dba32ae074
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox50:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: