Do not restrict PIN length to integer length

ChromeOS Login Screen - Aura Shell Change the way how a PIN gets checked if its composed of only numbers. PINs were checked with base::StringToInt which returns false when their value would overflow an Int. Replace it with base::ContainsOnlyChars(). Bug: 998930 Change-Id: I44fdee46413f82cdfe24d18d66af0ec00ed3d95b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1783146 Commit-Queue: Renato Silva <rrsilva@google.com> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#695587}

Do not restrict PIN length to integer length
ChromeOS Login Screen - Aura Shell Change the way how a PIN gets checked if its composed of only numbers. PINs were checked with base::StringToInt which returns false when their value would overflow an Int. Replace it with base::ContainsOnlyChars(). Bug: 998930 Change-Id: I44fdee46413f82cdfe24d18d66af0ec00ed3d95b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1783146 Commit-Queue: Renato Silva <rrsilva@google.com> Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#695587}
0c0e1bbd · Renato Silva · Commit Bot · a2864f46 · 0c0e1bbd · 0c0e1bbd
Commit 0c0e1bbd authored Sep 11, 2019 by Renato Silva Committed by Commit Bot Sep 11, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

ash/login/login_screen_controller.cc ash/login/login_screen_controller.cc +5 -4

ash/login/login_screen_controller_unittest.cc ash/login/login_screen_controller_unittest.cc +2 -1

No files found.
--- a/ash/login/login_screen_controller.cc
+++ b/ash/login/login_screen_controller.cc
@@ -25,7 +25,7 @@
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/debug/alias.h"
-#include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/prefs/pref_registry_simple.h"
 #include "components/session_manager/session_manager_types.h"
@@ -124,9 +124,10 @@ void LoginScreenController::AuthenticateUserWithPasswordOrPin(
  authentication_stage_ = AuthenticationStage::kDoAuthenticate;
-  int dummy_value;
+  // Checking if the password is only formed of numbers with base::StringToInt
-  bool is_pin =
+  // will easily fail due to numeric limits. ContainsOnlyChars is used instead.
-      authenticated_by_pin && base::StringToInt(password, &dummy_value);
+  const bool is_pin =
+      authenticated_by_pin && base::ContainsOnlyChars(password, "0123456789");
  client_->AuthenticateUserWithPasswordOrPin(
      account_id, password, is_pin,
      base::BindOnce(&LoginScreenController::OnAuthenticateComplete,

--- a/ash/login/login_screen_controller_unittest.cc
+++ b/ash/login/login_screen_controller_unittest.cc
@@ -70,7 +70,8 @@ TEST_F(LoginScreenControllerTest, RequestAuthentication) {
      Shell::Get()->session_controller()->GetLastActiveUserPrefService();
  EXPECT_TRUE(prefs->FindPreference(prefs::kQuickUnlockPinSalt));
-  std::string pin = "123456";
+  // Use a long PIN (N > 2^64) for the test to ensure that there is no overflow.
+  std::string pin = "12345678901234567890";
  EXPECT_CALL(*client, AuthenticateUserWithPasswordOrPin_(id, pin, true, _));
  base::RunLoop run_loop2;
  controller->AuthenticateUserWithPasswordOrPin(