Title: [126953] trunk
- Revision
- 126953
- Author
- [email protected]
- Date
- 2012-08-28 20:53:53 -0700 (Tue, 28 Aug 2012)
Log Message
crypto.getRandomValues should throw an exception when given a big array
https://bugs.webkit.org/show_bug.cgi?id=95269
Reviewed by Eric Seidel.
Source/WebCore:
The W3C Web Cryptography Working Group has taken up specifying
window.crypto. The latest draft calls for getRandomValues to throw an
exception when given an array that's large.
Test: security/crypto-random-values-limits.html
* page/Crypto.cpp:
(WebCore::Crypto::getRandomValues):
LayoutTests:
* security/crypto-random-values-limits-expected.txt: Added.
* security/crypto-random-values-limits.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (126952 => 126953)
--- trunk/LayoutTests/ChangeLog 2012-08-29 03:09:35 UTC (rev 126952)
+++ trunk/LayoutTests/ChangeLog 2012-08-29 03:53:53 UTC (rev 126953)
@@ -1,3 +1,13 @@
+2012-08-28 Adam Barth <[email protected]>
+
+ crypto.getRandomValues should throw an exception when given a big array
+ https://bugs.webkit.org/show_bug.cgi?id=95269
+
+ Reviewed by Eric Seidel.
+
+ * security/crypto-random-values-limits-expected.txt: Added.
+ * security/crypto-random-values-limits.html: Added.
+
2012-08-28 Tom Sepez <[email protected]>
CSP doesn't turn off eval, etc. in Web Workers
Added: trunk/LayoutTests/security/crypto-random-values-limits-expected.txt (0 => 126953)
--- trunk/LayoutTests/security/crypto-random-values-limits-expected.txt (rev 0)
+++ trunk/LayoutTests/security/crypto-random-values-limits-expected.txt 2012-08-29 03:53:53 UTC (rev 126953)
@@ -0,0 +1,12 @@
+Tests the limits of crypto.randomValues.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS 'crypto' in window is true
+PASS 'getRandomValues' in window.crypto is true
+PASS crypto.getRandomValues(largeArray) threw exception Error: QUOTA_EXCEEDED_ERR: DOM Exception 22.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/security/crypto-random-values-limits.html (0 => 126953)
--- trunk/LayoutTests/security/crypto-random-values-limits.html (rev 0)
+++ trunk/LayoutTests/security/crypto-random-values-limits.html 2012-08-29 03:53:53 UTC (rev 126953)
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script>
+description("Tests the limits of crypto.randomValues.");
+
+if (!window.ArrayBuffer)
+ debug("This test requres ArrayBuffers to run!");
+
+shouldBe("'crypto' in window", "true");
+shouldBe("'getRandomValues' in window.crypto", "true");
+
+try {
+ var largeArray = new Uint8Array(66000);
+
+ shouldThrow("crypto.getRandomValues(largeArray)");
+} catch(ex) {
+ debug(ex);
+}
+
+</script>
+<script src=""
+</body>
+</html>
+
+
Modified: trunk/Source/WebCore/ChangeLog (126952 => 126953)
--- trunk/Source/WebCore/ChangeLog 2012-08-29 03:09:35 UTC (rev 126952)
+++ trunk/Source/WebCore/ChangeLog 2012-08-29 03:53:53 UTC (rev 126953)
@@ -1,3 +1,19 @@
+2012-08-28 Adam Barth <[email protected]>
+
+ crypto.getRandomValues should throw an exception when given a big array
+ https://bugs.webkit.org/show_bug.cgi?id=95269
+
+ Reviewed by Eric Seidel.
+
+ The W3C Web Cryptography Working Group has taken up specifying
+ window.crypto. The latest draft calls for getRandomValues to throw an
+ exception when given an array that's large.
+
+ Test: security/crypto-random-values-limits.html
+
+ * page/Crypto.cpp:
+ (WebCore::Crypto::getRandomValues):
+
2012-08-28 Tom Sepez <[email protected]>
CSP doesn't turn off eval, etc. in Web Workers
Modified: trunk/Source/WebCore/page/Crypto.cpp (126952 => 126953)
--- trunk/Source/WebCore/page/Crypto.cpp 2012-08-29 03:09:35 UTC (rev 126952)
+++ trunk/Source/WebCore/page/Crypto.cpp 2012-08-29 03:53:53 UTC (rev 126953)
@@ -63,6 +63,10 @@
ec = TYPE_MISMATCH_ERR;
return;
}
+ if (array->byteLength() > 65536) {
+ ec = QUOTA_EXCEEDED_ERR;
+ return;
+ }
cryptographicallyRandomValues(array->baseAddress(), array->byteLength());
#else
ASSERT_UNUSED(array, array);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
