Check the format of an applicationServerKey when used to register a push subscription.

third_party/WebKit/Source/modules/push_messaging/PushSubscriptionOptions.cpp

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "modules/push_messaging/PushSubscriptionOptions.h"
 
 #include "bindings/core/v8/ExceptionState.h"
 #include "core/dom/DOMArrayBuffer.h"
 #include "core/dom/ExceptionCode.h"
 #include "modules/push_messaging/PushSubscriptionOptionsInit.h"
 #include "public/platform/WebString.h"
 #include "public/platform/modules/push_messaging/WebPushSubscriptionOptions.h"
+#include "third_party/WebKit/Source/wtf/ASCIICType.h"
 #include "wtf/Assertions.h"
 #include "wtf/text/WTFString.h"
 
 namespace blink {
 namespace {
 
 const int kMaxApplicationServerKeyLength = 255;
 
 String bufferSourceToString(
     const ArrayBufferOrArrayBufferView& applicationServerKey,
     ExceptionState& exceptionState) {
-  // Check the validity of the sender info. It must be a 65-byte uncompressed
-  // key, which has the byte 0x04 as the first byte as a marker.
   unsigned char* input;
   int length;
+  // Convert the input array into a string of bytes.
   if (applicationServerKey.isArrayBuffer()) {
     input = static_cast<unsigned char*>(
         applicationServerKey.getAsArrayBuffer()->data());
     length = applicationServerKey.getAsArrayBuffer()->byteLength();
   } else if (applicationServerKey.isArrayBufferView()) {
     input = static_cast<unsigned char*>(
         applicationServerKey.getAsArrayBufferView()->buffer()->data());
     length =
         applicationServerKey.getAsArrayBufferView()->buffer()->byteLength();
   } else {
     NOTREACHED();
     return String();
   }
 
-  // If the key is valid, just treat it as a string of bytes and pass it to
-  // the push service.
-  if (length <= kMaxApplicationServerKeyLength)
+  // Check the validity of the sender info. It must either be a 65-byte
+  // uncompressed VAPID key, which has the byte 0x04 as the first byte or a
+  // numeric sender ID.
+  const bool isVapid = length == 65 && input && *input == 0x04;

[Peter Beverloo, 2016/10/14 14:36:30]

Is checking for |input| required? When would length == 65 and we have a NULL
|input|?

(It seems to me like crashing is a good thing if we ever mess this up :-). Your
test coverage ensures we do.)

[harkness, 2016/10/14 15:13:47]

Done.

+  const bool isSenderId =
+      (length > 0) && (length < kMaxApplicationServerKeyLength) &&

[Peter Beverloo, 2016/10/14 14:36:30]

No parenthesis around the two comparisons on this line.

[harkness, 2016/10/14 15:13:47]

Done.

+      (std::find_if_not(input, input + length,
+                        &WTF::isASCIIDigit<unsigned char>) == input + length);
+
+  if (isVapid || isSenderId)
     return WebString::fromLatin1(input, length);
 
   exceptionState.throwDOMException(
       InvalidAccessError, "The provided applicationServerKey is not valid.");
   return String();
 }
 
 }  // namespace
 
 // static
@@ skipping 13 matching lines @@
     : m_userVisibleOnly(options.userVisibleOnly),
       m_applicationServerKey(
           DOMArrayBuffer::create(options.applicationServerKey.latin1().data(),
                                  options.applicationServerKey.length())) {}
 
 DEFINE_TRACE(PushSubscriptionOptions) {
   visitor->trace(m_applicationServerKey);
 }
 
 }  // namespace blink