Chromium Code Reviews Chromium Code Reviews
Issue 1131763002:
Reject renegotiations in SSLClientSocket by default. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 | 8 |
| 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 9 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| 10 | 10 |
| (...skipping 5514 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5525 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); | 5525 PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); |
| 5526 | 5526 |
| 5527 if (ss->ssl3.hs.ws == wait_server_hello) | 5527 if (ss->ssl3.hs.ws == wait_server_hello) |
| 5528 return SECSuccess; | 5528 return SECSuccess; |
| 5529 if (ss->ssl3.hs.ws != idle_handshake || ss->sec.isServer) { | 5529 if (ss->ssl3.hs.ws != idle_handshake || ss->sec.isServer) { |
| 5530 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); | 5530 (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); |
| 5531 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST); | 5531 PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST); |
| 5532 return SECFailure; | 5532 return SECFailure; |
| 5533 } | 5533 } |
| 5534 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { | 5534 if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { |
| 5535 » ssl_GetXmitBufLock(ss); | 5535 » (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation); |
|
davidben
2015/05/06 23:30:18
Without removing these, SSL3_SendAlert triggers an
Ryan Sleevi
2015/05/07 01:41:26
Let's do this in a separate CL. At the least, I wa
davidben
2015/05/07 19:12:34
Done. https://codereview.chromium.org/1134493002/
| |
| 5536 » rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation); | |
| 5537 » ssl_ReleaseXmitBufLock(ss); | |
| 5538 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); | 5536 PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); |
| 5539 return SECFailure; | 5537 return SECFailure; |
| 5540 } | 5538 } |
| 5541 | 5539 |
| 5542 if (sid) { | 5540 if (sid) { |
| 5543 if (ss->sec.uncache) | 5541 if (ss->sec.uncache) |
| 5544 ss->sec.uncache(sid); | 5542 ss->sec.uncache(sid); |
| 5545 ssl_FreeSID(sid); | 5543 ssl_FreeSID(sid); |
| 5546 ss->sec.ci.sid = NULL; | 5544 ss->sec.ci.sid = NULL; |
| 5547 } | 5545 } |
| (...skipping 7342 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 12890 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 12888 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 12891 } | 12889 } |
| 12892 } | 12890 } |
| 12893 | 12891 |
| 12894 ss->ssl3.initialized = PR_FALSE; | 12892 ss->ssl3.initialized = PR_FALSE; |
| 12895 | 12893 |
| 12896 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 12894 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 12897 } | 12895 } |
| 12898 | 12896 |
| 12899 /* End of ssl3con.c */ | 12897 /* End of ssl3con.c */ |
| OLD | NEW |
