#457: update certs + pins, M1426783 M1425612

This commit is contained in:
Cameron Kaiser 2018-01-19 19:30:02 -08:00
parent 9453c52c9a
commit cd6a7ba6c8
3 changed files with 539 additions and 1172 deletions

View File

@ -29,6 +29,7 @@
#include "js/StructuredClone.h" #include "js/StructuredClone.h"
#include "mozilla/CheckedInt.h"
#include "mozilla/Endian.h" #include "mozilla/Endian.h"
#include "mozilla/FloatingPoint.h" #include "mozilla/FloatingPoint.h"
@ -1530,6 +1531,11 @@ JSStructuredCloneReader::readTypedArray(uint32_t arrayType, uint32_t nelems, Mut
return false; return false;
byteOffset = n; byteOffset = n;
} }
if (!v.isObject() || !v.toObject().is<ArrayBufferObjectMaybeShared>()) {
JS_ReportErrorNumber(context(), GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA,
"typed array must be backed by an ArrayBuffer");
return false;
}
RootedObject buffer(context(), &v.toObject()); RootedObject buffer(context(), &v.toObject());
RootedObject obj(context(), nullptr); RootedObject obj(context(), nullptr);
@ -1587,6 +1593,11 @@ JSStructuredCloneReader::readDataView(uint32_t byteLength, MutableHandleValue vp
RootedValue v(context()); RootedValue v(context());
if (!startRead(&v)) if (!startRead(&v))
return false; return false;
if (!v.isObject() || !v.toObject().is<ArrayBufferObjectMaybeShared>()) {
JS_ReportErrorNumber(context(), GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA,
"DataView must be backed by an ArrayBuffer");
return false;
}
// Read byteOffset. // Read byteOffset.
uint64_t n; uint64_t n;
@ -1625,10 +1636,23 @@ bool
JSStructuredCloneReader::readV1ArrayBuffer(uint32_t arrayType, uint32_t nelems, JSStructuredCloneReader::readV1ArrayBuffer(uint32_t arrayType, uint32_t nelems,
MutableHandleValue vp) MutableHandleValue vp)
{ {
MOZ_ASSERT(arrayType <= Scalar::Uint8Clamped); if (arrayType > Scalar::Uint8Clamped) {
JS_ReportErrorNumber(context(), GetErrorMessage, nullptr, JSMSG_SC_BAD_SERIALIZED_DATA,
"invalid TypedArray type");
return false;
}
uint32_t nbytes = nelems << TypedArrayShift(static_cast<Scalar::Type>(arrayType)); mozilla::CheckedInt<size_t> nbytes =
JSObject* obj = ArrayBufferObject::create(context(), nbytes); mozilla::CheckedInt<size_t>(nelems) *
TypedArrayElemSize(static_cast<Scalar::Type>(arrayType));
if (!nbytes.isValid() || nbytes.value() > UINT32_MAX) {
JS_ReportErrorNumber(context(), GetErrorMessage, nullptr,
JSMSG_SC_BAD_SERIALIZED_DATA,
"invalid typed array size");
return false;
}
JSObject* obj = ArrayBufferObject::create(context(), nbytes.value());
if (!obj) if (!obj)
return false; return false;
vp.setObject(*obj); vp.setObject(*obj);

View File

@ -761,6 +761,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, { "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, { "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom }, { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
{ "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "developers.facebook.com", true, false, false, -1, &kPinset_facebook }, { "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
{ "dist.torproject.org", true, false, false, -1, &kPinset_tor }, { "dist.torproject.org", true, false, false, -1, &kPinset_tor },
{ "dk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, { "dk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
@ -1031,6 +1032,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "gr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, { "gr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
{ "groups.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "gstatic.com", true, false, false, -1, &kPinset_google_root_pems }, { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems },
{ "gvt1.com", true, false, false, -1, &kPinset_google_root_pems },
{ "gvt2.com", true, false, false, -1, &kPinset_google_root_pems }, { "gvt2.com", true, false, false, -1, &kPinset_google_root_pems },
{ "gvt3.com", true, false, false, -1, &kPinset_google_root_pems }, { "gvt3.com", true, false, false, -1, &kPinset_google_root_pems },
{ "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems }, { "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems },
@ -1176,8 +1178,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo }, { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
}; };
// Pinning Preload List Length = 474; // Pinning Preload List Length = 476;
static const int32_t kUnknownId = -1; static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1522005531140000); static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1524685607926000);

File diff suppressed because it is too large Load Diff