| Index: net/http/http_security_headers.cc
|
| diff --git a/net/http/http_security_headers.cc b/net/http/http_security_headers.cc
|
| index ecb8e57d2b3e2e4c7168cc1898130cf48fd82173..5174825cc9a86a7c8f530bccf6612a9a1957904a 100644
|
| --- a/net/http/http_security_headers.cc
|
| +++ b/net/http/http_security_headers.cc
|
| @@ -20,14 +20,16 @@ namespace {
|
| enum MaxAgeParsing { REQUIRE_MAX_AGE, DO_NOT_REQUIRE_MAX_AGE };
|
|
|
| static_assert(kMaxHSTSAgeSecs <= UINT32_MAX, "kMaxHSTSAgeSecs too large");
|
| +static_assert(kMaxHPKPAgeSecs <= UINT32_MAX, "kMaxHPKPAgeSecs too large");
|
|
|
| -// MaxAgeToInt converts a string representation of a "whole number" of
|
| +// MaxAgeToLimitedInt converts a string representation of a "whole number" of
|
| // seconds into a uint32_t. The string may contain an arbitrarily large number,
|
| -// which will be clipped to kMaxHSTSAgeSecs and which is guaranteed to fit
|
| +// which will be clipped to a supplied limit and which is guaranteed to fit
|
| // within a 32-bit unsigned integer. False is returned on any parse error.
|
| -bool MaxAgeToInt(std::string::const_iterator begin,
|
| - std::string::const_iterator end,
|
| - uint32_t* result) {
|
| +bool MaxAgeToLimitedInt(std::string::const_iterator begin,
|
| + std::string::const_iterator end,
|
| + uint32_t limit,
|
| + uint32_t* result) {
|
| const base::StringPiece s(begin, end);
|
| if (s.empty())
|
| return false;
|
| @@ -39,15 +41,14 @@ bool MaxAgeToInt(std::string::const_iterator begin,
|
| // properly handle and reject negative numbers (StringToUint64 does not return
|
| // false on negative numbers). For values too large to be stored in an
|
| // int64_t, StringToInt64 will return false with i set to
|
| - // std::numeric_limits<int64_t>::max(), so this case is detected by the
|
| - // immediately following if-statement and allowed to fall through so that i
|
| - // gets clipped to kMaxHSTSAgeSecs.
|
| + // std::numeric_limits<int64_t>::max(), so this case is allowed to fall
|
| + // through so that i gets clipped to limit.
|
| if (!base::StringToInt64(s, &i) && i != std::numeric_limits<int64_t>::max())
|
| return false;
|
| if (i < 0)
|
| return false;
|
| - if (i > kMaxHSTSAgeSecs)
|
| - i = kMaxHSTSAgeSecs;
|
| + if (i > limit)
|
| + i = limit;
|
| *result = (uint32_t)i;
|
| return true;
|
| }
|
| @@ -143,8 +144,9 @@ bool ParseHPKPHeaderImpl(const std::string& value,
|
| base::StringPiece(name_value_pairs.name_begin(),
|
| name_value_pairs.name_end()),
|
| "max-age")) {
|
| - if (!MaxAgeToInt(name_value_pairs.value_begin(),
|
| - name_value_pairs.value_end(), &max_age_candidate)) {
|
| + if (!MaxAgeToLimitedInt(name_value_pairs.value_begin(),
|
| + name_value_pairs.value_end(), kMaxHPKPAgeSecs,
|
| + &max_age_candidate)) {
|
| return false;
|
| }
|
| parsed_max_age = true;
|
| @@ -280,7 +282,8 @@ bool ParseHSTSHeader(const std::string& value,
|
| if (base::IsAsciiWhitespace(*tokenizer.token_begin()))
|
| continue;
|
| unquoted = HttpUtil::Unquote(tokenizer.token());
|
| - if (!MaxAgeToInt(unquoted.begin(), unquoted.end(), &max_age_candidate))
|
| + if (!MaxAgeToLimitedInt(unquoted.begin(), unquoted.end(),
|
| + kMaxHSTSAgeSecs, &max_age_candidate))
|
| return false;
|
| state = AFTER_MAX_AGE;
|
| break;
|
| @@ -304,7 +307,7 @@ bool ParseHSTSHeader(const std::string& value,
|
| }
|
| }
|
|
|
| - // We've consumed all the input. Let's see what state we ended up in.
|
| + // We've consumed all the input. Let's see what state we ended up in.
|
| if (max_age_observed != 1 ||
|
| (include_subdomains_observed != 0 && include_subdomains_observed != 1)) {
|
| return false;
|
|
|
Chromium Code Reviews
Issue 1733973004:
Limit Public-Key-Pins max-age to 60 days (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master