GitLab

at 2025-02-03T12:42:15+01:00

Bug 1932783 - Make nsHostKey::flags Atomic, a=RyanVM
Bug 1940804 - avoid some "as" casts in cert_storage   a=RyanVM

Original Revision: https://phabricator.services.mozilla.com/D233775

Differential Revision: https://phabricator.services.mozilla.com/D233880
       pb(aPb),

       originSuffix(aOriginsuffix) {}

 

+nsHostKey::nsHostKey(const nsHostKey& other)

+    : host(other.host),

+      mTrrServer(other.mTrrServer),

+      type(other.type),

+      flags(other.flags),

+      af(other.af),

+      pb(other.pb),

+      originSuffix(other.originSuffix) {}

+

 bool nsHostKey::operator==(const nsHostKey& other) const {

   return host == other.host && mTrrServer == other.mTrrServer &&

          type == other.type &&

   const nsCString host;

   const nsCString mTrrServer;

   uint16_t type = 0;

-  nsIDNSService::DNSFlags flags = nsIDNSService::RESOLVE_DEFAULT_FLAGS;

+  mozilla::Atomic<nsIDNSService::DNSFlags> flags{

+      nsIDNSService::RESOLVE_DEFAULT_FLAGS};

   uint16_t af = 0;

   bool pb = false;

   const nsCString originSuffix;

   explicit nsHostKey(const nsACString& host, const nsACString& aTrrServer,

                      uint16_t type, nsIDNSService::DNSFlags flags, uint16_t af,

                      bool pb, const nsACString& originSuffix);

+  explicit nsHostKey(const nsHostKey& other);

   bool operator==(const nsHostKey& other) const;

   size_t SizeOfExcludingThis(mozilla::MallocSizeOf mallocSizeOf) const;

   PLDHashNumber Hash() const;

   }

 

   LOG(("NameLookup: %s effectiveTRRmode: %d flags: %X", rec->host.get(),

-       static_cast<nsIRequest::TRRMode>(rec->mEffectiveTRRMode), rec->flags));

+       static_cast<nsIRequest::TRRMode>(rec->mEffectiveTRRMode),

+       static_cast<uint32_t>(rec->flags)));

 

   if (rec->flags & nsIDNSService::RESOLVE_DISABLE_TRR) {

     rec->RecordReason(TRRSkippedReason::TRR_DISABLED_FLAG);

     }

 

     info.originAttributesSuffix = recordEntry.GetKey().originSuffix;

-    info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type, rec->flags,

-                                 rec->af, rec->pb, rec->mTrrServer.get());

+    info.flags = nsPrintfCString("%u|0x%x|%u|%d|%s", rec->type,

+                                 static_cast<uint32_t>(rec->flags), rec->af,

+                                 rec->pb, rec->mTrrServer.get());

 

     args->AppendElement(std::move(info));

   }

 use rust_cascade::Cascade;

 use sha2::{Digest, Sha256};

 use std::collections::{HashMap, HashSet};

+use std::convert::TryInto;

 use std::ffi::CString;

 use std::fmt::Display;

 use std::fs::{create_dir_all, remove_file, File, OpenOptions};

         };

         let reader = env_and_store.env.read()?;

         match env_and_store.store.get(&reader, key) {

-            Ok(Some(Value::I64(i)))

-                if i <= (std::i16::MAX as i64) && i >= (std::i16::MIN as i64) =>

-            {

-                Ok(Some(i as i16))

+            Ok(Some(Value::I64(i))) => {

+                Ok(Some(i.try_into().map_err(|_| {

+                    SecurityStateError::from("Stored value out of range for i16")

+                })?))

             }

             Ok(None) => Ok(None),

             Ok(_) => Err(SecurityStateError::from(

 

 impl<'a> Cert<'a> {

     fn new(der: &'a [u8], subject: &'a [u8], trust: i16) -> Result<Cert<'a>, SecurityStateError> {

-        if der.len() > u16::max as usize {

+        if der.len() > u16::MAX.into() {

             return Err(SecurityStateError::from("certificate is too long"));

         }

-        if subject.len() > u16::max as usize {

+        if subject.len() > u16::MAX.into() {

             return Err(SecurityStateError::from("subject is too long"));

         }

         Ok(Cert {

             return Err(SecurityStateError::from("invalid Cert: no der len?"));

         }

         let (mut der_len, rest) = rest.split_at(size_of::<u16>());

-        let der_len = der_len.read_u16::<NetworkEndian>()? as usize;

+        let der_len = der_len.read_u16::<NetworkEndian>()?.into();

         if rest.len() < der_len {

             return Err(SecurityStateError::from("invalid Cert: no der?"));

         }

             return Err(SecurityStateError::from("invalid Cert: no subject len?"));

         }

         let (mut subject_len, rest) = rest.split_at(size_of::<u16>());

-        let subject_len = subject_len.read_u16::<NetworkEndian>()? as usize;

+        let subject_len = subject_len.read_u16::<NetworkEndian>()?.into();

         if rest.len() < subject_len {

             return Err(SecurityStateError::from("invalid Cert: no subject?"));

         }

                 + size_of::<i16>(),

         );

         bytes.write_u8(CERT_SERIALIZATION_VERSION_1)?;

-        if self.der.len() > u16::max as usize {

-            return Err(SecurityStateError::from("certificate is too long"));

-        }

-        bytes.write_u16::<NetworkEndian>(self.der.len() as u16)?;

+        bytes.write_u16::<NetworkEndian>(

+            self.der

+                .len()

+                .try_into()

+                .map_err(|_| SecurityStateError::from("certificate is too long"))?,

+        )?;

         bytes.extend_from_slice(&self.der);

-        if self.subject.len() > u16::max as usize {

-            return Err(SecurityStateError::from("subject is too long"));

-        }

-        bytes.write_u16::<NetworkEndian>(self.subject.len() as u16)?;

+        bytes.write_u16::<NetworkEndian>(

+            self.subject

+                .len()

+                .try_into()

+                .map_err(|_| SecurityStateError::from("subject is too long"))?,

+        )?;

         bytes.extend_from_slice(&self.subject);

         bytes.write_i16::<NetworkEndian>(self.trust)?;

         Ok(bytes)

         let issuer_spki_hash_len = reader.read_u8().map_err(|e| {

             SecurityStateError::from(format!("error reading stash issuer_spki_hash_len: {}", e))

         })?;

-        let mut issuer_spki_hash = vec![0; issuer_spki_hash_len as usize];

+        let mut issuer_spki_hash = vec![0; issuer_spki_hash_len.into()];

         reader.read_exact(&mut issuer_spki_hash).map_err(|e| {

             SecurityStateError::from(format!("error reading stash issuer_spki_hash: {}", e))

         })?;

             let serial_len = reader.read_u8().map_err(|e| {

                 SecurityStateError::from(format!("error reading stash serial_len: {}", e))

             })?;

-            let mut serial = vec![0; serial_len as usize];

+            let mut serial = vec![0; serial_len.into()];

             reader.read_exact(&mut serial).map_err(|e| {

                 SecurityStateError::from(format!("error reading stash serial: {}", e))

             })?;

ma1 pushed to branch tor-browser-115.20.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

4 changed files:

Changes: