diff options
author | Moonchild <moonchild@palemoon.org> | 2023-02-21 21:07:04 +0100 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2023-02-21 21:07:04 +0100 |
commit | 5b21c547de14f8d1cde62b9f247d8fd413bf8b83 (patch) | |
tree | 5f2ea2200a286728a930e8d812f0fe8cadf53f33 /dom/crypto | |
parent | ee7201bbb454985018f4ff3d4dc67d1cfd404687 (diff) | |
download | uxp-5b21c547de14f8d1cde62b9f247d8fd413bf8b83.tar.gz |
[DOM] WebCrypto: Check decoded key type before using it.
Just in case someone forces the wrong key type and misuses WebCrypto.
It won't be usable anyway so better to throw.
Diffstat (limited to 'dom/crypto')
-rw-r--r-- | dom/crypto/WebCryptoTask.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/crypto/WebCryptoTask.cpp b/dom/crypto/WebCryptoTask.cpp index ad81b6d4c6..ed47325f8d 100644 --- a/dom/crypto/WebCryptoTask.cpp +++ b/dom/crypto/WebCryptoTask.cpp @@ -1741,6 +1741,10 @@ private: return NS_ERROR_DOM_SYNTAX_ERR; } + if (pubKey->keyType != rsaKey) { + return NS_ERROR_DOM_DATA_ERR; + } + // Extract relevant information from the public key mModulusLength = 8 * pubKey->u.rsa.modulus.len; if (!mPublicExponent.Assign(&pubKey->u.rsa.publicExponent)) { @@ -1874,6 +1878,10 @@ private: } if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_SPKI)) { + if (pubKey->keyType != ecKey) { + return NS_ERROR_DOM_DATA_ERR; + } + if (!CheckEncodedECParameters(&pubKey->u.ec.DEREncodedParams)) { return NS_ERROR_DOM_OPERATION_ERR; } |