This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.8.0esr-11.0-1 in repository tor-browser.
commit d54411c31e49579497e4d9d0f976ab6136e3980d Author: R. Martinho Fernandes bugs@rmf.io AuthorDate: Fri Mar 11 20:32:34 2022 +0000
Bug 1755621 - Check webauthn extensions r=dveditz, a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D139499 --- dom/webauthn/WinWebAuthnManager.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/dom/webauthn/WinWebAuthnManager.cpp b/dom/webauthn/WinWebAuthnManager.cpp index eec3a78b6c3d5..1c1b162ac6725 100644 --- a/dom/webauthn/WinWebAuthnManager.cpp +++ b/dom/webauthn/WinWebAuthnManager.cpp @@ -288,10 +288,12 @@ void WinWebAuthnManager::Register( break; }
+ if (extra.Extensions().Length() > (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))) { + nsresult aError = NS_ERROR_DOM_INVALID_STATE_ERR; + MaybeAbortRegister(aTransactionId, aError); + return; + } for (const WebAuthnExtension& ext : extra.Extensions()) { - MOZ_ASSERT(cExtensions < - (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))); - if (ext.type() == WebAuthnExtension::TWebAuthnExtensionHmacSecret) { HmacCreateSecret = ext.get_WebAuthnExtensionHmacSecret().hmacCreateSecret() == true;