net/base/ssl_client_socket_nss.cc - Issue 13649: Fix some crashes by handling an NSS result value more carefully and reverting

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/ssl_client_socket_nss.cc

Issue 13649: Fix some crashes by handling an NSS result value more carefully and reverting (Closed)

Patch Set: Created 12 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/ssl_client_socket_nss.cc

diff --git a/net/base/ssl_client_socket_nss.cc b/net/base/ssl_client_socket_nss.cc

index ffd10231d5cc0a33f48dcc0ecefff57ab5dcfd15..62e348b4f1ea604c2b12748a7d23680a897a59bb 100644

--- a/net/base/ssl_client_socket_nss.cc

+++ b/net/base/ssl_client_socket_nss.cc

@@ -23,16 +23,20 @@

static const int kRecvBufferSize = 4096;

-// nss calls this if an incoming certificate is invalid.

-static SECStatus ownBadCertHandler(void* arg, PRFileDesc* socket) {

+namespace {

+// NSS calls this if an incoming certificate is invalid.

+SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket) {

PRErrorCode err = PR_GetError();

LOG(INFO) << "server certificate is invalid; NSS error code " << err;

// Return SECSuccess to override the problem,

// or SECFailure to let the original function fail

// Chromium wants it to fail here, and may retry it later.

- return SECFailure;

+ LOG(WARNING) << "TODO(dkegel): return SECFailure here";

+ return SECSuccess;

}

+} // anonymous namespace

namespace net {

@@ -249,7 +253,9 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {

SSLChannelInfo channel_info;

SECStatus ok = SSL_GetChannelInfo(nss_fd_,

&channel_info, sizeof(channel_info));

- if (ok == SECSuccess) {

+ if (ok == SECSuccess &&

+ channel_info.length == sizeof(channel_info) &&

+ channel_info.cipherSuite) {

SSLCipherSuiteInfo cipher_info;

ok = SSL_GetCipherSuiteInfo(channel_info.cipherSuite,

&cipher_info, sizeof(cipher_info));

@@ -257,7 +263,8 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {

ssl_info->security_bits = cipher_info.effectiveKeyBits;

} else {

ssl_info->security_bits = -1;

- NOTREACHED();

+ LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError()

+ << " for cipherSuite " << channel_info.cipherSuite;

}

ssl_info->cert_status = server_cert_status_;

@@ -497,7 +504,7 @@ int SSLClientSocketNSS::DoConnectComplete(int result) {

if (rv != SECSuccess)

return ERR_UNEXPECTED;

- rv = SSL_BadCertHook(nss_fd_, ownBadCertHandler, NULL);

+ rv = SSL_BadCertHook(nss_fd_, OwnBadCertHandler, NULL);

if (rv != SECSuccess)

return ERR_UNEXPECTED;

« no previous file with comments | « no previous file | no next file » | no next file with comments »