[tbb-commits] [tor-browser] 29/43: Bug 1730434 - Limit length of allowCredentials set. r=dveditz, a=RyanVM

gitolite role git at cupani.torproject.org
Tue May 31 07:07:12 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-91.10.0esr-11.0-1
in repository tor-browser.

commit 629ac9b84cfd185e52eafc8292f929c111052322
Author: R. Martinho Fernandes <bugs at rmf.io>
AuthorDate: Thu May 12 15:21:31 2022 +0000

    Bug 1730434 - Limit length of allowCredentials set. r=dveditz, a=RyanVM
    
    Differential Revision: https://phabricator.services.mozilla.com/D145228
---
 dom/webauthn/WebAuthnManager.cpp                    |  8 ++++++++
 dom/webauthn/tests/test_webauthn_get_assertion.html | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/dom/webauthn/WebAuthnManager.cpp b/dom/webauthn/WebAuthnManager.cpp
index d5de8579efba5..3941ba60a73ec 100644
--- a/dom/webauthn/WebAuthnManager.cpp
+++ b/dom/webauthn/WebAuthnManager.cpp
@@ -447,6 +447,8 @@ already_AddRefed<Promise> WebAuthnManager::MakeCredential(
   return promise.forget();
 }
 
+const size_t MAX_ALLOWED_CREDENTIALS = 20;
+
 already_AddRefed<Promise> WebAuthnManager::GetAssertion(
     const PublicKeyCredentialRequestOptions& aOptions,
     const Optional<OwningNonNull<AbortSignal>>& aSignal) {
@@ -520,6 +522,12 @@ already_AddRefed<Promise> WebAuthnManager::GetAssertion(
     return promise.forget();
   }
 
+  // Abort the request if the allowCredentials set is too large
+  if (aOptions.mAllowCredentials.Length() > MAX_ALLOWED_CREDENTIALS) {
+    promise->MaybeReject(NS_ERROR_DOM_SECURITY_ERR);
+    return promise.forget();
+  }
+
   // Use assertionChallenge, callerOrigin and rpId, along with the token binding
   // key associated with callerOrigin (if any), to create a ClientData structure
   // representing this request. Choose a hash algorithm for hashAlg and compute
diff --git a/dom/webauthn/tests/test_webauthn_get_assertion.html b/dom/webauthn/tests/test_webauthn_get_assertion.html
index 012ff95202134..ec5b7e6084c66 100644
--- a/dom/webauthn/tests/test_webauthn_get_assertion.html
+++ b/dom/webauthn/tests/test_webauthn_get_assertion.html
@@ -54,6 +54,10 @@
       ok(aResult.toString().startsWith("TypeError"), "Expecting a TypeError, got " + aResult);
     }
 
+    function expectSecurityError(aResult) {
+      ok(aResult.toString().startsWith("SecurityError"), "Expecting a SecurityError, got " + aResult);
+    }
+
     function expectAbortError(aResult) {
       is(aResult.code, DOMException.ABORT_ERR, "Expecting an AbortError");
     }
@@ -172,6 +176,19 @@
         .catch(expectInvalidStateError);
     });
 
+    // Test with too many credentials
+    add_task(async () => {
+      let tooManyCredentials = Array(21).fill(validCred);
+      let publicKey = {
+        challenge: gAssertionChallenge,
+        allowCredentials: tooManyCredentials,
+      };
+
+      await requestGetAssertion({publicKey})
+        .then(arrivingHereIsBad)
+        .catch(expectSecurityError);
+    });
+
     // Test with an unexpected option and an invalid credential
     add_task(async () => {
       let publicKey = {

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list