Closed Bug 722524 Opened 10 years ago Closed 10 years ago

JPakeCrypto.java checkZkp off by one

Categories

(Firefox for Android Graveyard :: Android Sync, defect, P1)

ARM
Android
defect

Tracking

(Not tracked)

RESOLVED FIXED
mozilla13

People

(Reporter: dchanm+bugzilla, Assigned: nalexander)

References

Details

(Whiteboard: [qa-])

The BigInteger comparison at [1] doesn't agree with the comment

if (gx.compareTo(BigInteger.ZERO) < 1) {// g^x > 1

gx.compareTo(BigInteger.ZERO) < 1 is true if gx <= 0 . Assuming the comment is correct, the comparison should be against BigInteger.ONE

[1] - https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/jpake/JPakeCrypto.java#L245
Blocks: 722485
Blocks: 723230
Assignee: nobody → nalexander
Priority: -- → P1
develop:

https://github.com/mozilla-services/android-sync/commit/4634a9b5583c023baab35dfd8fc053053164e44f
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Blocks: 724328
Whiteboard: [qa-]
Product: Mozilla Services → Android Background Services
Product: Android Background Services → Firefox for Android
Group: cloud-services-security
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.