"@mozilla.org/security/hash;1" incorrectly invoked as a service in nsHttpDigestAuth.cpp

RESOLVED FIXED in mozilla1.9alpha1

Status

()

Core
Networking: HTTP
RESOLVED FIXED
13 years ago
13 years ago

People

(Reporter: Charles Melhorn, Assigned: Darin Fisher)

Tracking

Trunk
mozilla1.9alpha1
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

2.70 KB, patch
dougt
: review+
Details | Diff | Splinter Review
(Reporter)

Description

13 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

Per Doug Turner, the CryptoHash component ("@mozilla.org/security/hash;1")
should not be used as a service, as it appears to be in nsHttpDigestAuth.cpp:

http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpDigestAuth.cpp#66


Reproducible: Always
(Assignee)

Comment 1

13 years ago
Created attachment 195993 [details] [diff] [review]
v1 patch
Attachment #195993 - Flags: review?(dougt)
(Assignee)

Updated

13 years ago
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → mozilla1.9alpha

Comment 2

13 years ago
Comment on attachment 195993 [details] [diff] [review]
v1 patch

+    mVerifier = do_CreateInstance("@mozilla.org/security/hash;1");
+    if (NS_FAILED(rv)) {

Test against |mVerifier|.  rv isn't used or needed.

+  NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));

I am not sure why you need to do this.
Attachment #195993 - Flags: review?(dougt)
Attachment #195993 - Flags: review?
Attachment #195993 - Flags: review-
(Assignee)

Comment 3

13 years ago
(In reply to comment #2)
> (From update of attachment 195993 [details] [diff] [review] [edit])
> +    mVerifier = do_CreateInstance("@mozilla.org/security/hash;1");
> +    if (NS_FAILED(rv)) {
> 
> Test against |mVerifier|.  rv isn't used or needed.

whoops, i meant to catch rv from do_CreateInstance.  I'd rather propogate that
failure code instead of inventing one.



> +  NS_ENSURE_STATE(hashString.Length() == sizeof(mHashBuf));
> 
> I am not sure why you need to do this.

Defense in depth.  It would be very unfortunate if hashString.Length() were ever
greater than sizeof(mHashBuf).
(Assignee)

Updated

13 years ago
Attachment #195993 - Flags: review?
(Assignee)

Comment 4

13 years ago
Created attachment 196074 [details] [diff] [review]
v1.1 patch
Attachment #195993 - Attachment is obsolete: true
Attachment #196074 - Flags: review?(dougt)

Updated

13 years ago
Attachment #196074 - Flags: review?(dougt) → review+
(Assignee)

Comment 5

13 years ago
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.