Fix various bits of error-handling in NSSDecryptor.

String may be empty. Base64-decode may fail.

BUG=none

Review URL: https://codereview.chromium.org/427303004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287851 0039d316-1c4b-4281-b951-d872f2087c98

chrome/utility/importer/firefox_importer_unittest.cc

@@ -45,6 +45,12 @@ TEST(FirefoxImporterTest, MAYBE_NSS(Firefox3NSS3Decryptor)) {
   EXPECT_EQ(base::WideToUTF16(L"\x4E2D"),
       decryptor_proxy.Decrypt("MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECLW"
                               "qqiccfQHWBAie74hxnULxlw=="));
+
+  // Test empty string edge case.
+  EXPECT_EQ(base::string16(), decryptor_proxy.Decrypt(std::string()));
+
+  // Test invalid base64.
+  EXPECT_EQ(base::string16(), decryptor_proxy.Decrypt("Not! Valid! Base64!"));
 }
 
 // The following test verifies proper detection of authentication scheme in

chrome/utility/importer/nss_decryptor.cc

@@ -66,12 +66,16 @@ base::string16 NSSDecryptor::Decrypt(const std::string& crypt) const {
   if (!is_nss_initialized_)
     return base::string16();
 
+  if (crypt.empty())
+    return base::string16();
+
   // The old style password is encoded in base64. They are identified
   // by a leading '~'. Otherwise, we should decrypt the text.
   std::string plain;
   if (crypt[0] != '~') {
     std::string decoded_data;
-    base::Base64Decode(crypt, &decoded_data);
+    if (!base::Base64Decode(crypt, &decoded_data))
+      return base::string16();
     PK11SlotInfo* slot = GetKeySlotForDB();
     SECStatus result = PK11_Authenticate(slot, PR_TRUE, NULL);
     if (result != SECSuccess) {
@@ -98,7 +102,8 @@ base::string16 NSSDecryptor::Decrypt(const std::string& crypt) const {
     FreeSlot(slot);
   } else {
     // Deletes the leading '~' before decoding.
-    base::Base64Decode(crypt.substr(1), &plain);
+    if (!base::Base64Decode(crypt.substr(1), &plain))
+      return base::string16();
   }
 
   return base::UTF8ToUTF16(plain);