Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/common/ssl_status_serialization.cc

Issue 1244863003: Attach a SecurityStyle to each request in ResourceLoader (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: update forgotten SerializeSecurityInfo() callsite Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/common/ssl_status_serialization.h ('K') | « content/common/ssl_status_serialization.h ('k') | content/common/ssl_status_serialization_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/common/ssl_status_serialization.cc
diff --git a/content/common/ssl_status_serialization.cc b/content/common/ssl_status_serialization.cc
index 364dba0538a4cdf6bdc17263e1fca8a663c74b69..d0f4f88f8693b6482396ede74136e22adf1556f6 100644
--- a/content/common/ssl_status_serialization.cc
+++ b/content/common/ssl_status_serialization.cc
@@ -7,16 +7,39 @@
#include "base/logging.h"
#include "base/pickle.h"
+namespace {
+
+// Checks that an integer |security_style| is a valid SecurityStyle enum
+// value. Returns true if valid, false otherwise.
+bool CheckSecurityStyle(int security_style) {
+ switch (security_style) {
+ case content::SECURITY_STYLE_UNKNOWN:
+ return true;
davidben 2015/07/22 20:56:58 Can a renderer ever legally send this one now? I g
estark 2015/07/22 22:56:55 Agree on both counts. I added that to crbug.com/50
+ case content::SECURITY_STYLE_UNAUTHENTICATED:
+ return true;
+ case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
+ return true;
+ case content::SECURITY_STYLE_WARNING:
+ return true;
+ case content::SECURITY_STYLE_AUTHENTICATED:
palmer 2015/07/22 22:30:00 Nit: Maybe just implement these as fall-throughs?
estark 2015/07/22 22:56:55 Done (I think -- can you please check that I did w
+ return true;
+ }
+ return false;
+}
+
+} // namespace
+
namespace content {
-std::string SerializeSecurityInfo(
- int cert_id,
- net::CertStatus cert_status,
- int security_bits,
- int ssl_connection_status,
- const SignedCertificateTimestampIDStatusList&
- signed_certificate_timestamp_ids) {
+std::string SerializeSecurityInfo(SecurityStyle security_style,
+ int cert_id,
+ net::CertStatus cert_status,
+ int security_bits,
+ int ssl_connection_status,
+ const SignedCertificateTimestampIDStatusList&
+ signed_certificate_timestamp_ids) {
base::Pickle pickle;
+ pickle.WriteInt(security_style);
pickle.WriteInt(cert_id);
pickle.WriteUInt32(cert_status);
pickle.WriteInt(security_bits);
@@ -41,8 +64,9 @@ bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
base::Pickle pickle(state.data(), static_cast<int>(state.size()));
base::PickleIterator iter(pickle);
+ int security_style;
int num_scts_to_read;
- if (!iter.ReadInt(&ssl_status->cert_id) ||
+ if (!iter.ReadInt(&security_style) || !iter.ReadInt(&ssl_status->cert_id) ||
!iter.ReadUInt32(&ssl_status->cert_status) ||
!iter.ReadInt(&ssl_status->security_bits) ||
!iter.ReadInt(&ssl_status->connection_status) ||
@@ -51,6 +75,13 @@ bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
return false;
}
+ if (!CheckSecurityStyle(security_style)) {
+ *ssl_status = SSLStatus();
+ return false;
+ }
+
+ ssl_status->security_style = static_cast<SecurityStyle>(security_style);
davidben 2015/07/22 20:56:58 NOTE: We are now trusting the renderer to set secu
estark 2015/07/22 22:56:55 I took a quick look through and this seems fine. I
+
// Sanity check |security_bits|: the only allowed negative value is -1.
if (ssl_status->security_bits < -1) {
*ssl_status = SSLStatus();
« content/common/ssl_status_serialization.h ('K') | « content/common/ssl_status_serialization.h ('k') | content/common/ssl_status_serialization_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698