ma1 pushed to branch tor-browser-115.20.0esr-13.5-1 at The Tor Project / Applications / Tor Browser
Commits: e6ac6148 by Kershaw Chang at 2025-02-03T12:42:15+01:00 Bug 1932783 - Make nsHostKey::flags Atomic, a=RyanVM - - - - - efa40325 by Dana Keeler at 2025-02-03T12:42:22+01:00 Bug 1940804 - avoid some "as" casts in cert_storage a=RyanVM
Original Revision: https://phabricator.services.mozilla.com/D233775
Differential Revision: https://phabricator.services.mozilla.com/D233880 - - - - -
4 changed files:
- netwerk/dns/nsHostRecord.cpp - netwerk/dns/nsHostRecord.h - netwerk/dns/nsHostResolver.cpp - security/manager/ssl/cert_storage/src/lib.rs
Changes:
===================================== netwerk/dns/nsHostRecord.cpp ===================================== @@ -39,6 +39,15 @@ nsHostKey::nsHostKey(const nsACString& aHost, const nsACString& aTrrServer, pb(aPb), originSuffix(aOriginsuffix) {}
+nsHostKey::nsHostKey(const nsHostKey& other) + : host(other.host), + mTrrServer(other.mTrrServer), + type(other.type), + flags(other.flags), + af(other.af), + pb(other.pb), + originSuffix(other.originSuffix) {} + bool nsHostKey::operator==(const nsHostKey& other) const { return host == other.host && mTrrServer == other.mTrrServer && type == other.type &&
===================================== netwerk/dns/nsHostRecord.h ===================================== @@ -79,13 +79,15 @@ struct nsHostKey { const nsCString host; const nsCString mTrrServer; uint16_t type = 0; - nsIDNSService::DNSFlags flags = nsIDNSService::RESOLVE_DEFAULT_FLAGS; + mozilla::AtomicnsIDNSService::DNSFlags flags{ + nsIDNSService::RESOLVE_DEFAULT_FLAGS}; uint16_t af = 0; bool pb = false; const nsCString originSuffix; explicit nsHostKey(const nsACString& host, const nsACString& aTrrServer, uint16_t type, nsIDNSService::DNSFlags flags, uint16_t af, bool pb, const nsACString& originSuffix); + explicit nsHostKey(const nsHostKey& other); bool operator==(const nsHostKey& other) const; size_t SizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const; PLDHashNumber Hash() const;
===================================== netwerk/dns/nsHostResolver.cpp ===================================== @@ -1116,7 +1116,8 @@ nsresult nsHostResolver::NameLookup(nsHostRecord* rec, }
LOG(("NameLookup: %s effectiveTRRmode: %d flags: %X", rec->host.get(), - static_castnsIRequest::TRRMode(rec->mEffectiveTRRMode), rec->flags)); + static_castnsIRequest::TRRMode(rec->mEffectiveTRRMode), + static_cast<uint32_t>(rec->flags)));
if (rec->flags & nsIDNSService::RESOLVE_DISABLE_TRR) { rec->RecordReason(TRRSkippedReason::TRR_DISABLED_FLAG); @@ -1900,8 +1901,9 @@ void nsHostResolver::GetDNSCacheEntries(nsTArray<DNSCacheEntries>* args) { }
info.originAttributesSuffix = recordEntry.GetKey().originSuffix; - info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type, rec->flags, - rec->af, rec->pb, rec->mTrrServer.get()); + info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type, + static_cast<uint32_t>(rec->flags), rec->af, + rec->pb, rec->mTrrServer.get());
args->AppendElement(std::move(info)); }
===================================== security/manager/ssl/cert_storage/src/lib.rs ===================================== @@ -40,6 +40,7 @@ use rkv::{StoreError, StoreOptions, Value}; use rust_cascade::Cascade; use sha2::{Digest, Sha256}; use std::collections::{HashMap, HashSet}; +use std::convert::TryInto; use std::ffi::CString; use std::fmt::Display; use std::fs::{create_dir_all, remove_file, File, OpenOptions}; @@ -266,10 +267,10 @@ impl SecurityState { }; let reader = env_and_store.env.read()?; match env_and_store.store.get(&reader, key) { - Ok(Some(Value::I64(i))) - if i <= (std::i16::MAX as i64) && i >= (std::i16::MIN as i64) => - { - Ok(Some(i as i16)) + Ok(Some(Value::I64(i))) => { + Ok(Some(i.try_into().map_err(|_| { + SecurityStateError::from("Stored value out of range for i16") + })?)) } Ok(None) => Ok(None), Ok(_) => Err(SecurityStateError::from( @@ -893,10 +894,10 @@ struct Cert<'a> {
impl<'a> Cert<'a> { fn new(der: &'a [u8], subject: &'a [u8], trust: i16) -> Result<Cert<'a>, SecurityStateError> { - if der.len() > u16::max as usize { + if der.len() > u16::MAX.into() { return Err(SecurityStateError::from("certificate is too long")); } - if subject.len() > u16::max as usize { + if subject.len() > u16::MAX.into() { return Err(SecurityStateError::from("subject is too long")); } Ok(Cert { @@ -920,7 +921,7 @@ impl<'a> Cert<'a> { return Err(SecurityStateError::from("invalid Cert: no der len?")); } let (mut der_len, rest) = rest.split_at(size_of::<u16>()); - let der_len = der_len.read_u16::<NetworkEndian>()? as usize; + let der_len = der_len.read_u16::<NetworkEndian>()?.into(); if rest.len() < der_len { return Err(SecurityStateError::from("invalid Cert: no der?")); } @@ -930,7 +931,7 @@ impl<'a> Cert<'a> { return Err(SecurityStateError::from("invalid Cert: no subject len?")); } let (mut subject_len, rest) = rest.split_at(size_of::<u16>()); - let subject_len = subject_len.read_u16::<NetworkEndian>()? as usize; + let subject_len = subject_len.read_u16::<NetworkEndian>()?.into(); if rest.len() < subject_len { return Err(SecurityStateError::from("invalid Cert: no subject?")); } @@ -961,15 +962,19 @@ impl<'a> Cert<'a> { + size_of::<i16>(), ); bytes.write_u8(CERT_SERIALIZATION_VERSION_1)?; - if self.der.len() > u16::max as usize { - return Err(SecurityStateError::from("certificate is too long")); - } - bytes.write_u16::<NetworkEndian>(self.der.len() as u16)?; + bytes.write_u16::<NetworkEndian>( + self.der + .len() + .try_into() + .map_err(|_| SecurityStateError::from("certificate is too long"))?, + )?; bytes.extend_from_slice(&self.der); - if self.subject.len() > u16::max as usize { - return Err(SecurityStateError::from("subject is too long")); - } - bytes.write_u16::<NetworkEndian>(self.subject.len() as u16)?; + bytes.write_u16::<NetworkEndian>( + self.subject + .len() + .try_into() + .map_err(|_| SecurityStateError::from("subject is too long"))?, + )?; bytes.extend_from_slice(&self.subject); bytes.write_i16::<NetworkEndian>(self.trust)?; Ok(bytes) @@ -1183,7 +1188,7 @@ fn load_crlite_stash_from_reader_into_map( let issuer_spki_hash_len = reader.read_u8().map_err(|e| { SecurityStateError::from(format!("error reading stash issuer_spki_hash_len: {}", e)) })?; - let mut issuer_spki_hash = vec![0; issuer_spki_hash_len as usize]; + let mut issuer_spki_hash = vec![0; issuer_spki_hash_len.into()]; reader.read_exact(&mut issuer_spki_hash).map_err(|e| { SecurityStateError::from(format!("error reading stash issuer_spki_hash: {}", e)) })?; @@ -1192,7 +1197,7 @@ fn load_crlite_stash_from_reader_into_map( let serial_len = reader.read_u8().map_err(|e| { SecurityStateError::from(format!("error reading stash serial_len: {}", e)) })?; - let mut serial = vec![0; serial_len as usize]; + let mut serial = vec![0; serial_len.into()]; reader.read_exact(&mut serial).map_err(|e| { SecurityStateError::from(format!("error reading stash serial: {}", e)) })?;
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a45b657...