Chromium Code Reviews Chromium Code Reviews
Issue 1733973004:
Limit Public-Key-Pins max-age to 60 days (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/http/http_security_headers.cc |
| diff --git a/net/http/http_security_headers.cc b/net/http/http_security_headers.cc |
| index ecb8e57d2b3e2e4c7168cc1898130cf48fd82173..5174825cc9a86a7c8f530bccf6612a9a1957904a 100644 |
| --- a/net/http/http_security_headers.cc |
| +++ b/net/http/http_security_headers.cc |
| @@ -20,14 +20,16 @@ namespace { |
| enum MaxAgeParsing { REQUIRE_MAX_AGE, DO_NOT_REQUIRE_MAX_AGE }; |
| static_assert(kMaxHSTSAgeSecs <= UINT32_MAX, "kMaxHSTSAgeSecs too large"); |
| +static_assert(kMaxHPKPAgeSecs <= UINT32_MAX, "kMaxHPKPAgeSecs too large"); |
| -// MaxAgeToInt converts a string representation of a "whole number" of |
| +// MaxAgeToLimitedInt converts a string representation of a "whole number" of |
| // seconds into a uint32_t. The string may contain an arbitrarily large number, |
| -// which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit |
| +// which will be clipped to a supplied limit and which is guaranteed to fit |
| // within a 32-bit unsigned integer. False is returned on any parse error. |
| -bool MaxAgeToInt(std::string::const_iterator begin, |
| - std::string::const_iterator end, |
| - uint32_t* result) { |
| +bool MaxAgeToLimitedInt(std::string::const_iterator begin, |
| + std::string::const_iterator end, |
| + uint32_t limit, |
| + uint32_t* result) { |
| const base::StringPiece s(begin, end); |
| if (s.empty()) |
| return false; |
| @@ -39,15 +41,14 @@ bool MaxAgeToInt(std::string::const_iterator begin, |
| // properly handle and reject negative numbers (StringToUint64 does not return |
| // false on negative numbers). For values too large to be stored in an |
| // int64_t, StringToInt64 will return false with i set to |
| - // std::numeric_limits<int64_t>::max(), so this case is detected by the |
| - // immediately following if-statement and allowed to fall through so that i |
| - // gets clipped to kMaxHSTSAgeSecs. |
| + // std::numeric_limits<int64_t>::max(), so this case is allowed to fall |
| + // through so that i gets clipped to limit. |
| if (!base::StringToInt64(s, &i) && i != std::numeric_limits<int64_t>::max()) |
| return false; |
| if (i < 0) |
| return false; |
| - if (i > kMaxHSTSAgeSecs) |
| - i = kMaxHSTSAgeSecs; |
| + if (i > limit) |
| + i = limit; |
| *result = (uint32_t)i; |
| return true; |
| } |
| @@ -143,8 +144,9 @@ bool ParseHPKPHeaderImpl(const std::string& value, |
| base::StringPiece(name_value_pairs.name_begin(), |
| name_value_pairs.name_end()), |
| "max-age")) { |
| - if (!MaxAgeToInt(name_value_pairs.value_begin(), |
| - name_value_pairs.value_end(), &max_age_candidate)) { |
| + if (!MaxAgeToLimitedInt(name_value_pairs.value_begin(), |
| + name_value_pairs.value_end(), kMaxHPKPAgeSecs, |
| + &max_age_candidate)) { |
| return false; |
| } |
| parsed_max_age = true; |
| @@ -280,7 +282,8 @@ bool ParseHSTSHeader(const std::string& value, |
| if (base::IsAsciiWhitespace(*tokenizer.token_begin())) |
| continue; |
| unquoted = HttpUtil::Unquote(tokenizer.token()); |
| - if (!MaxAgeToInt(unquoted.begin(), unquoted.end(), &max_age_candidate)) |
| + if (!MaxAgeToLimitedInt(unquoted.begin(), unquoted.end(), |
| + kMaxHSTSAgeSecs, &max_age_candidate)) |
| return false; |
| state = AFTER_MAX_AGE; |
| break; |
| @@ -304,7 +307,7 @@ bool ParseHSTSHeader(const std::string& value, |
| } |
| } |
| - // We've consumed all the input. Let's see what state we ended up in. |
| + // We've consumed all the input. Let's see what state we ended up in. |
|
estark
2016/02/25 21:58:04
Was this an intentional change? Sometimes reviewer
|
| if (max_age_observed != 1 || |
| (include_subdomains_observed != 0 && include_subdomains_observed != 1)) { |
| return false; |
