net/cert/internal/name_constraints.cc - Issue 1686003002: Fix GeneralName directoryName parsing in new (unused) name constraints code.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/name_constraints.cc

Issue 1686003002: Fix GeneralName directoryName parsing in new (unused) name constraints code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/internal/name_constraints.cc

diff --git a/net/cert/internal/name_constraints.cc b/net/cert/internal/name_constraints.cc

index 7234e86a5899f6a3b1d59117e234e54b2c0545ea..2873acabe90d59dc2203da8d19b41ee04ea17949 100644

--- a/net/cert/internal/name_constraints.cc

+++ b/net/cert/internal/name_constraints.cc

@@ -179,13 +179,22 @@ WARN_UNUSED_RESULT bool ParseGeneralName(

name_type = GENERAL_NAME_X400_ADDRESS;

break;

// directoryName [4] Name,

- case 4:

+ case 4: {

if (!der::IsConstructed(tag))

return false;

name_type = GENERAL_NAME_DIRECTORY_NAME;

- subtrees->directory_names.push_back(std::vector<uint8_t>(

- value.UnsafeData(), value.UnsafeData() + value.Length()));

+ // Name is a CHOICE { rdnSequence RDNSequence }, therefore the SEQUENCE

+ // tag is explicit. Remove it, since the name matching functions expect

+ // only the value portion.

+ der::Parser name_parser(value);

+ der::Input name_value;

+ if (!name_parser.ReadTag(der::kSequence, &name_value) || parser.HasMore())

+ return false;

+ subtrees->directory_names.push_back(

+ std::vector<uint8_t>(name_value.UnsafeData(),

+ name_value.UnsafeData() + name_value.Length()));

break;

+ }

// ediPartyName [5] EDIPartyName,

case 5:

if (!der::IsConstructed(tag))

« no previous file with comments | « no previous file | net/data/name_constraints_unittest/directoryname.pem » ('j') | no next file with comments »