Closed
Bug 308405
Opened 19 years ago
Closed 19 years ago
"@mozilla.org/security/hash;1" incorrectly invoked as a service in nsHttpDigestAuth.cpp
Categories
(Core :: Networking: HTTP, defect)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: cmelhorn, Assigned: darin.moz)
Details
Attachments
(1 file, 1 obsolete file)
2.70 KB,
patch
|
dougt
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Per Doug Turner, the CryptoHash component ("@mozilla.org/security/hash;1") should not be used as a service, as it appears to be in nsHttpDigestAuth.cpp: http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpDigestAuth.cpp#66 Reproducible: Always
Assignee | ||
Comment 1•19 years ago
|
||
Attachment #195993 -
Flags: review?(dougt)
Assignee | ||
Updated•19 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → mozilla1.9alpha
Comment 2•19 years ago
|
||
Comment on attachment 195993 [details] [diff] [review] v1 patch + mVerifier = do_CreateInstance("@mozilla.org/security/hash;1"); + if (NS_FAILED(rv)) { Test against |mVerifier|. rv isn't used or needed. + NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf)); I am not sure why you need to do this.
Attachment #195993 -
Flags: review?(dougt)
Attachment #195993 -
Flags: review?
Attachment #195993 -
Flags: review-
Assignee | ||
Comment 3•19 years ago
|
||
(In reply to comment #2) > (From update of attachment 195993 [details] [diff] [review] [edit]) > + mVerifier = do_CreateInstance("@mozilla.org/security/hash;1"); > + if (NS_FAILED(rv)) { > > Test against |mVerifier|. rv isn't used or needed. whoops, i meant to catch rv from do_CreateInstance. I'd rather propogate that failure code instead of inventing one. > + NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf)); > > I am not sure why you need to do this. Defense in depth. It would be very unfortunate if hashString.Length() were ever greater than sizeof(mHashBuf).
Assignee | ||
Updated•19 years ago
|
Attachment #195993 -
Flags: review?
Assignee | ||
Comment 4•19 years ago
|
||
Attachment #195993 -
Attachment is obsolete: true
Attachment #196074 -
Flags: review?(dougt)
Updated•19 years ago
|
Attachment #196074 -
Flags: review?(dougt) → review+
Assignee | ||
Comment 5•19 years ago
|
||
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•