| Index: net/base/x509_certificate.cc
|
| diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc
|
| index 915838897e80ac7c5517c19357aa59f706969dbd..451583bfb8082e691626b9cbe0da37fef9fab84a 100644
|
| --- a/net/base/x509_certificate.cc
|
| +++ b/net/base/x509_certificate.cc
|
| @@ -27,6 +27,7 @@
|
| #include "net/base/net_errors.h"
|
| #include "net/base/net_util.h"
|
| #include "net/base/pem_tokenizer.h"
|
| +#include "net/base/registry_controlled_domain.h"
|
|
|
| namespace net {
|
|
|
| @@ -507,17 +508,36 @@ bool X509Certificate::VerifyHostname(
|
| // |reference_domain| is the remainder of |host| after the leading host
|
| // component is stripped off, but includes the leading dot e.g.
|
| // "www.f.com" -> ".f.com".
|
| - // If there is no meaningful domain part to |host| (e.g. it contains no dots)
|
| - // then |reference_domain| will be empty.
|
| + // If there is no meaningful domain part to |host| (e.g. it contains no
|
| + // dots) then |reference_domain| will be empty.
|
| base::StringPiece reference_host, reference_domain;
|
| SplitOnChar(reference_name, '.', &reference_host, &reference_domain);
|
| bool allow_wildcards = false;
|
| if (!reference_domain.empty()) {
|
| DCHECK(reference_domain.starts_with("."));
|
| - // We required at least 3 components (i.e. 2 dots) as a basic protection
|
| - // against too-broad wild-carding.
|
| - // Also we don't attempt wildcard matching on a purely numerical hostname.
|
| - allow_wildcards = reference_domain.rfind('.') != 0 &&
|
| +
|
| + // Do not allow wildcards for registry controlled domains, so as to
|
| + // prevent accepting *.com or *.co.uk as valid presented names. Passing
|
| + // true for |allow_unknown_registries| so that top-level domains which are
|
| + // unknown (intranet domains, new TLDs/gTLDs not yet recognized) are
|
| + // treated as registry-controlled domains. Because the |reference_domain|
|
| + // must contain at least one name component that is not registry
|
| + // controlled, this ensures that all reference names have at least three
|
| + // domain components in order to permit wildcards.
|
| + size_t registry_length =
|
| + RegistryControlledDomainService::GetRegistryLength(reference_name,
|
| + true);
|
| + // As the |reference_name| was already canonicalized, this should never
|
| + // happen.
|
| + CHECK_NE(registry_length, std::string::npos);
|
| +
|
| + // Subtracting 1 to account for the leading dot in |reference_domain|.
|
| + bool is_registry_controlled = registry_length != 0 &&
|
| + registry_length == (reference_domain.size() - 1);
|
| +
|
| + // Additionally, do not attempt wildcard matching for purely numeric
|
| + // hostnames.
|
| + allow_wildcards = !is_registry_controlled &&
|
| reference_name.find_first_not_of("0123456789.") != std::string::npos;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 8362023:
Disallow wildcards from matching top-level registry controlled domains during cert validation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src