Closed Bug 1851719 Opened 2 years ago Closed 2 years ago

Avoid using CryptoBuffer / fallible allocator for authenticator provided data in WebAuthn

Categories

(Core :: DOM: Web Authentication, enhancement, P3)

Product:
Core
Component:
DOM: Web Authentication
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
firefox119 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

Details

Attachments

(1 file)

Bug 1851719 - avoid using CryptoBuffer for authenticator provided data. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

CryptoBuffer is a FallibleTArray<uint8_t> with some helper functions for conversions to/from other types. Using a fallible allocator adds little value when we're handling trusted outputs from the user's authenticator. We should avoid CryptoBuffer when we're handling data that is 1) known to be small and/or 2) coming from a trusted source.

Type: task → enhancement
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/504bc16acc75 avoid using CryptoBuffer for authenticator provided data. r=keeler

https://hg.mozilla.org/mozilla-central/rev/504bc16acc75

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox119: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: