Closed
Bug 1849056
Opened 2 years ago
Closed 2 years ago
Need to handle allocation failures when using `CryptoBuffer::ToArrayBuffer()`
Categories
(Core :: DOM: Web Authentication, defect, P3)
Core
DOM: Web Authentication
Tracking
()
RESOLVED
FIXED
118 Branch
People
(Reporter: jschanck, Assigned: jschanck)
References
Details
(Keywords: sec-low, Whiteboard: [adv-main118-][adv-esr115.3-])
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-esr115+
|
Details | Review |
No description provided.
|
Assignee | |
Comment 1•2 years ago
|
||
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/536420808253
handle failures of CryptoBuffer::ToArrayBuffer. r=tschuster,webidl,smaug
Backout by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/16e06af20b97
Backed out changeset 536420808253 for bustages on AuthenticatorResponse.cpp
|
||
Comment 4•2 years ago
|
||
dom/webauthn/AuthenticatorResponse.cpp:41:10: error: member access into incomplete type 'ErrorResult'
Flags: needinfo?(jschanck)
|
|
Assignee | |
Updated•2 years ago
|
Flags: needinfo?(jschanck)
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/08d512674485
handle failures of CryptoBuffer::ToArrayBuffer. r=tschuster,webidl,smaug
|
||
Comment 6•2 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/08d512674485
John, which other branches are impacted by this bug? And can we get a sec rating on this?
Group: crypto-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox118:
--- → fixed
Flags: needinfo?(jschanck)
Resolution: --- → FIXED
Target Milestone: --- → 118 Branch
|
|
||
Updated•2 years ago
|
status-firefox116:
--- → wontfix
status-firefox117:
--- → affected
status-firefox-esr102:
--- → affected
status-firefox-esr115:
--- → affected
|
|
Assignee | |
Comment 7•2 years ago
|
||
Sorry, I thought I had tagged this as sec-low already. All branches are affected.
Flags: needinfo?(jschanck)
Keywords: sec-low
|
|
||
Updated•2 years ago
|
tracking-firefox118:
--- → +
tracking-firefox-esr115:
--- → 118+
|
||
Updated•2 years ago
|
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
|
|
||
Comment 8•2 years ago
|
||
Please nominate this for ESR115 approval. It grafts cleanly.
Flags: needinfo?(jschanck)
|
|
Assignee | |
Comment 9•2 years ago
|
||
Comment on attachment 9349313 [details]
Bug 1849056 - handle failures of CryptoBuffer::ToArrayBuffer. r?tschuster
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration:
- User impact if declined: None
- Fix Landed on Version: 118
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The patch has been tested on Nightly and only affects error handling under extreme memory pressure.
Flags: needinfo?(jschanck)
Attachment #9349313 -
Flags: approval-mozilla-esr115?
|
||
Comment 10•2 years ago
|
||
Comment on attachment 9349313 [details]
Bug 1849056 - handle failures of CryptoBuffer::ToArrayBuffer. r?tschuster
Approved for 118.0b7, thanks.
Attachment #9349313 -
Flags: approval-mozilla-esr115? → approval-mozilla-esr115+
|
||
Comment 11•2 years ago
|
||
| uplift | ||
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Whiteboard: [adv-main118-]
|
|
||
Updated•2 years ago
|
Whiteboard: [adv-main118-] → [adv-main118-][adv-esr115.3-]
|
||
Updated•2 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•