Closed Bug 722496 Opened 12 years ago Closed 12 years ago

JPakeCrypto.java potential null pointer dereferences

Categories

(Firefox for Android Graveyard :: Android Sync, defect, P1)

Product:
Firefox for Android Graveyard
Component:
Android Sync
Platform:
ARM
Android
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla13

People

(Reporter: dchanm+bugzilla, Assigned: nalexander)

References

Details

(Whiteboard: [qa-]) 

If secret.getBytes() fails, then y2 will be undefined and y1.modPow(y2, P); will throw an exception
[1]

If MessageDisgest.getInstance() or id.getBytes() fail then an exception will be thrown at sha.digsst() or BigIntegerHelper.ByteArrayToBigIntegerWithoutSign
[2][3]

The code should abort / return error in these cases.

[1] - https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/jpake/JPakeCrypto.java#L153
[2] - https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/jpake/JPakeCrypto.java#L297
[3] - https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/jpake/BigIntegerHelper.java#L45
The parameter should not be a string, but a byte array. Whatever conversion from string to byte array that might be necessary should happen in the non-crypto code.
Blocks: 723230
Assignee: nobody → nalexander
Priority: -- → P1
Fixed in develop:

https://github.com/mozilla-services/android-sync/commit/7721c1c50f28113ddd0db235894175e317c41a41
Blocks: 724328
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Product: Mozilla Services → Android Background Services
Product: Android Background Services → Firefox for Android
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.