Closed Bug 1400019 Opened 7 years ago Closed 7 years ago

WebAuthn: Assertion failure: aAlgorithm.IsString()

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla57

Tracking Flags:

Tracking

Status

firefox57

---

fixed

People

(Reporter: posidron, Assigned: jcj)

Details

(Whiteboard: [webauthn] [webauthn-test])

Attachments

(2 files)

testcase.html 7 years ago Christoph Diehl [:posidron] 241 bytes, text/html		Details
Bug 1400019 - Don't assert on illegal WebAuthn algo names 7 years ago J.C. Jones [:jcj] (he/him) 59 bytes, text/x-review-board-request	keeler : review+	Details

Christoph Diehl [:posidron]

Reporter

Description

•

7 years ago

Attached file testcase.html — Details

The following crash occurs consistently on mozilla-central. Last tested revision is 20170914-e217f827cc16

Assertion failure: aAlgorithm.IsString(), at http://searchfox.org/mozilla-central/rev/6326724982c66aaeaf70bb7c7ee170f7a38ca226/dom/webauthn/WebAuthnManager.cpp#59

Could we change this to something other than MOZ_ASSERT? It blocks too much our fuzzing efforts.

J.C. Jones [:jcj] (he/him)

Assignee

Comment 1

•

7 years ago

Sure, that's no problem. I'll get a patch up shortly.

Assignee: nobody → jjones

Status: NEW → ASSIGNED

Priority: -- → P1

Whiteboard: [webauthn] [webauthn-test]

Comment hidden (mozreview-request)

The algorithm names provided to the WebAuthn methods have to either be a
string, or (potentially) a WebCrypto object. Right now we only work with
strings, but there's no good reason to assert that, we can just let the
action fail.

This patch removes the assert to help out the fuzzing team.

Review commit: https://reviewboard.mozilla.org/r/180098/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/180098/

Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)

Comment 3

•

7 years ago

mozreview-review

Comment on attachment 8908448 [details]
Bug 1400019 - Don't assert on illegal WebAuthn algo names

https://reviewboard.mozilla.org/r/180098/#review185484

Sounds like a plan.

Attachment #8908448 - Flags: review?(dkeeler) → review+

J.C. Jones [:jcj] (he/him)

Assignee

Comment 4

•

7 years ago

Ugh, this should have been checked in on Friday.

OK, this patch only affects pref'd off code, and is to enable better fuzzing. Not really sure what the procedure is for post-freeze check-ins...

Keywords: checkin-needed

Pulsebot

Comment 5

•

7 years ago

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/a8b326d7a918
Don't assert on illegal WebAuthn algo names r=keeler

Keywords: checkin-needed

Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)

Comment 6

•

7 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/a8b326d7a918

Status: ASSIGNED → RESOLVED

Closed: 7 years ago

status-firefox57: affected → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla57

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

WebAuthn: Assertion failure: aAlgorithm.IsString()

Categories

(Core :: DOM: Device Interfaces, defect, P1)

Tracking

()

People

(Reporter: posidron, Assigned: jcj)

References

Details

(Whiteboard: [webauthn] [webauthn-test])

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Comment 2

Comment 3

Comment 4

Comment 5

Comment 6

Attachment

General

Description

File Name

Content Type