Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(331)

Issue 1831963002: Fix number parsing for max-age for HSTS/HPKP. (Closed)

Created:
4 years, 9 months ago by eroman
Modified:
4 years, 8 months ago
Reviewers:
estark
CC:
chromium-reviews, cbentzel+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@parse_refactor
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix number parsing for max-age for HSTS/HPKP. * Don't allow leading '+' * Dont' allow trailing garbage (for overflowed numbers) BUG=596523, 596561 Committed: https://crrev.com/e8a43d8aa92e2bdb795fbccd67a3e8add8d3a9e8 Cr-Commit-Position: refs/heads/master@{#386596}

Patch Set 1 #

Patch Set 2 : rebase #

Patch Set 3 : rebase #

Patch Set 4 : rebase #

Total comments: 3

Patch Set 5 : rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+42 lines, -44 lines) Patch
M net/http/http_security_headers.h View 1 chunk +2 lines, -2 lines 0 comments Download
M net/http/http_security_headers.cc View 1 2 3 chunks +12 lines, -21 lines 0 comments Download
M net/http/http_security_headers_unittest.cc View 1 2 3 4 chunks +28 lines, -18 lines 0 comments Download
M net/http/transport_security_state.h View 1 2 1 chunk +0 lines, -3 lines 0 comments Download

Messages

Total messages: 19 (8 generated)
eroman
https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, These look like max-age ...
4 years, 8 months ago (2016-04-11 18:25:25 UTC) #2
estark
https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, On 2016/04/11 18:25:25, eroman ...
4 years, 8 months ago (2016-04-11 18:29:53 UTC) #3
estark
lgtm
4 years, 8 months ago (2016-04-11 18:36:50 UTC) #4
eroman
https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, On 2016/04/11 18:29:52, estark ...
4 years, 8 months ago (2016-04-11 18:46:36 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001
4 years, 8 months ago (2016-04-11 18:53:05 UTC) #8
commit-bot: I haz the power
Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/209132)
4 years, 8 months ago (2016-04-11 22:46:21 UTC) #10
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001
4 years, 8 months ago (2016-04-11 22:56:59 UTC) #12
commit-bot: I haz the power
Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/209254)
4 years, 8 months ago (2016-04-12 01:58:03 UTC) #14
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001
4 years, 8 months ago (2016-04-12 05:31:44 UTC) #16
commit-bot: I haz the power
Committed patchset #5 (id:80001)
4 years, 8 months ago (2016-04-12 06:02:20 UTC) #17
commit-bot: I haz the power
4 years, 8 months ago (2016-04-12 06:03:38 UTC) #19
Message was sent while issue was closed.
Patchset 5 (id:??) landed as
https://crrev.com/e8a43d8aa92e2bdb795fbccd67a3e8add8d3a9e8
Cr-Commit-Position: refs/heads/master@{#386596}

Powered by Google App Engine
This is Rietveld 408576698