[tor-commits] [tor-browser] 285/311: Bug 1759098 - Fix truncated AAGUID in attestation object r=dveditz a=dmeehan

[gitolite role]

This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch geckoview-99.0.1-11.0-1
in repository tor-browser.

commit 35e9d757272770d4686a441dfba6aeca70fdc422
Author: R. Martinho Fernandes <bugs at rmf.io>
AuthorDate: Tue Mar 29 16:59:13 2022 +0000

    Bug 1759098 - Fix truncated AAGUID in attestation object r=dveditz a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D141954
---
 dom/webauthn/WinWebAuthnManager.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dom/webauthn/WinWebAuthnManager.cpp b/dom/webauthn/WinWebAuthnManager.cpp
index 1b7d507456d18..ae4b4b37d169d 100644
--- a/dom/webauthn/WinWebAuthnManager.cpp
+++ b/dom/webauthn/WinWebAuthnManager.cpp
@@ -287,7 +287,8 @@ void WinWebAuthnManager::Register(
         break;
     }
 
-    if (extra.Extensions().Length() > (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))) {
+    if (extra.Extensions().Length() >
+        (int)(sizeof(rgExtension) / sizeof(rgExtension[0]))) {
       nsresult aError = NS_ERROR_DOM_INVALID_STATE_ERR;
       MaybeAbortRegister(aTransactionId, aError);
       return;
@@ -457,8 +458,9 @@ void WinWebAuthnManager::Register(
     nsTArray<uint8_t> attObject;
     if (winAttestation == WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE) {
       // Zero AAGuid
+      const uint8_t zeroGuid[16] = {0};
       authenticatorData.ReplaceElementsAt(32 + 1 + 4 /*AAGuid offset*/, 16,
-                                          0x0);
+                                          zeroGuid, 16);
 
       CryptoBuffer authData;
       authData.Assign(authenticatorData);

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.