[epiphany/gnome-3-38] Do not use invalid Firefox session tokens

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/gnome-3-38] Do not use invalid Firefox session tokens
Date: Mon, 11 Jan 2021 16:55:19 +0000 (UTC)

commit 17285ab28b677c5d1484ca61aa93c129e245acd9
Author: Jan-Michael Brummer <jan brummer tabos org>
Date:   Sun Jan 10 19:31:50 2021 +0000

    Do not use invalid Firefox session tokens
    
    In case session_token is NULL do not attempt to run ephy_sync_crypto_derive_session_token and exit 
graceful.
    This fixes crashes e.g. during logout.
    
    Fixes: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1342
    
    
    (cherry picked from commit 8288a380efcd80fc64ac50bf2aebde71b3ddba7d)

 lib/sync/ephy-sync-service.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
---
diff --git a/lib/sync/ephy-sync-service.c b/lib/sync/ephy-sync-service.c
index b7f5600b8..cd967a8ad 100644
--- a/lib/sync/ephy-sync-service.c
+++ b/lib/sync/ephy-sync-service.c
@@ -1023,6 +1023,9 @@ ephy_sync_service_get_storage_credentials (EphySyncService *self)
 
   /* Derive tokenID and reqHMACkey from sessionToken. */
   session_token = ephy_sync_service_get_secret (self, secrets[SESSION_TOKEN]);
+  if (!session_token)
+    return;
+
   ephy_sync_crypto_derive_session_token (session_token, &token_id,
                                          &req_hmac_key, &tmp);
   token_id_hex = ephy_sync_utils_encode_hex (token_id, 32);
@@ -2430,6 +2433,10 @@ ephy_sync_service_upload_fxa_device (EphySyncService *self)
 
   g_assert (EPHY_IS_SYNC_SERVICE (self));
 
+  session_token = ephy_sync_service_get_secret (self, secrets[SESSION_TOKEN]);
+  if (!session_token)
+    return;
+
   object = json_object_new ();
   device_name = ephy_sync_utils_get_device_name ();
   json_object_set_string_member (object, "name", device_name);
@@ -2448,7 +2455,6 @@ ephy_sync_service_upload_fxa_device (EphySyncService *self)
   json_node_take_object (node, object);
   body = json_to_string (node, FALSE);
 
-  session_token = ephy_sync_service_get_secret (self, secrets[SESSION_TOKEN]);
   ephy_sync_crypto_derive_session_token (session_token, &token_id, &req_hmac_key, &tmp);
   token_id_hex = ephy_sync_utils_encode_hex (token_id, 32);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]