mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-07 18:04:46 +00:00
Bug 461204 - Improve the random number generator for the boundaries in multipart/form-data r=smaug
Using a weak RNG for the form boundary allows a website operator to perform several attacks on users (as outlined in https://trac.torproject.org/projects/tor/ticket/22919) These include: - Identifying Windows users based on the unseeded RNG - Identify the number of form submissions that have occurred cross-origin between same-origin submissions Additionally, a predictable boundary makes it possible to forge a boundary in the middle of a file upload. Differential Revision: https://phabricator.services.mozilla.com/D56056 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
69b270f2c6
commit
bc96439261
@ -32,6 +32,7 @@
|
||||
#include "mozilla/dom/Directory.h"
|
||||
#include "mozilla/dom/File.h"
|
||||
#include "mozilla/StaticPrefs_dom.h"
|
||||
#include "mozilla/RandomNum.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
@ -355,9 +356,9 @@ FSMultipartFormData::FSMultipartFormData(nsIURI* aActionURL,
|
||||
mTotalLength = 0;
|
||||
|
||||
mBoundary.AssignLiteral("---------------------------");
|
||||
mBoundary.AppendInt(rand());
|
||||
mBoundary.AppendInt(rand());
|
||||
mBoundary.AppendInt(rand());
|
||||
mBoundary.AppendInt(static_cast<uint32_t>(mozilla::RandomUint64OrDie()));
|
||||
mBoundary.AppendInt(static_cast<uint32_t>(mozilla::RandomUint64OrDie()));
|
||||
mBoundary.AppendInt(static_cast<uint32_t>(mozilla::RandomUint64OrDie()));
|
||||
}
|
||||
|
||||
FSMultipartFormData::~FSMultipartFormData() {
|
||||
|
@ -150,4 +150,12 @@ MFBT_API Maybe<uint64_t> RandomUint64() {
|
||||
#endif
|
||||
}
|
||||
|
||||
MFBT_API uint64_t RandomUint64OrDie() {
|
||||
Maybe<uint64_t> maybeRandomNum = RandomUint64();
|
||||
|
||||
MOZ_RELEASE_ASSERT(maybeRandomNum.isSome());
|
||||
|
||||
return maybeRandomNum.value();
|
||||
}
|
||||
|
||||
} // namespace mozilla
|
||||
|
@ -30,6 +30,12 @@ namespace mozilla {
|
||||
*/
|
||||
MFBT_API Maybe<uint64_t> RandomUint64();
|
||||
|
||||
/**
|
||||
* Like RandomUint64, but always returns a uint64_t or crashes with an assert
|
||||
* if the underlying RandomUint64 call failed.
|
||||
*/
|
||||
MFBT_API uint64_t RandomUint64OrDie();
|
||||
|
||||
} // namespace mozilla
|
||||
|
||||
#endif // mozilla_RandomNum_h_
|
||||
|
Loading…
Reference in New Issue
Block a user