This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch geckoview-99.0.1-11.0-1 in repository tor-browser.
commit 23507e7644c10f6bd69cc8740b21530a8865f165 Author: R. Martinho Fernandes bugs@rmf.io AuthorDate: Fri Mar 11 20:32:34 2022 +0000
Bug 1755621 - Check webauthn extensions r=dveditz, a=tritter
Differential Revision: https://phabricator.services.mozilla.com/D139499 --- dom/webauthn/WinWebAuthnManager.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/dom/webauthn/WinWebAuthnManager.cpp b/dom/webauthn/WinWebAuthnManager.cpp index c3dc129c9149b..1b7d507456d18 100644 --- a/dom/webauthn/WinWebAuthnManager.cpp +++ b/dom/webauthn/WinWebAuthnManager.cpp @@ -287,10 +287,12 @@ void WinWebAuthnManager::Register( break; }
+ if (extra.Extensions().Length() > (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))) { + nsresult aError = NS_ERROR_DOM_INVALID_STATE_ERR; + MaybeAbortRegister(aTransactionId, aError); + return; + } for (const WebAuthnExtension& ext : extra.Extensions()) { - MOZ_ASSERT(cExtensions < - (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))); - if (ext.type() == WebAuthnExtension::TWebAuthnExtensionHmacSecret) { HmacCreateSecret = ext.get_WebAuthnExtensionHmacSecret().hmacCreateSecret() == true;