Issue 1831963002: Fix number parsing for max-age for HSTS/HPKP. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(331)

My Issues | Starred Open | Closed | All

Issue 1831963002: Fix number parsing for max-age for HSTS/HPKP. (Closed)

Created:
4 years, 9 months ago by eroman

Modified:
4 years, 8 months ago

Reviewers:
estark

CC:
chromium-reviews, cbentzel+watch_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@parse_refactor

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Fix number parsing for max-age for HSTS/HPKP. * Don't allow leading '+' * Dont' allow trailing garbage (for overflowed numbers) BUG=596523, 596561 Committed: https://crrev.com/e8a43d8aa92e2bdb795fbccd67a3e8add8d3a9e8 Cr-Commit-Position: refs/heads/master@{#386596}

Patch Set 1 #

Patch Set 2 : rebase #

Patch Set 3 : rebase #

Patch Set 4 : rebase #

Total comments: 3

Patch Set 5 : rebase #

Created: 4 years, 8 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+42 lines, -44 lines)			Patch
	M	net/http/http_security_headers.h	View		1 chunk	+2 lines, -2 lines	0 comments	Download
	M	net/http/http_security_headers.cc	View	1 2	3 chunks	+12 lines, -21 lines	0 comments	Download
	M	net/http/http_security_headers_unittest.cc	View	1 2 3	4 chunks	+28 lines, -18 lines	0 comments	Download
	M	net/http/transport_security_state.h	View	1 2	1 chunk	+0 lines, -3 lines	0 comments	Download

Messages

Total messages: 19 (8 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

eroman

https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, These look like max-age ...

4 years, 8 months ago (2016-04-11 18:25:25 UTC) #2

estark

https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, On 2016/04/11 18:25:25, eroman ...

4 years, 8 months ago (2016-04-11 18:29:53 UTC) #3

eroman

https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc File net/http/http_security_headers_unittest.cc (right): https://codereview.chromium.org/1831963002/diff/60001/net/http/http_security_headers_unittest.cc#newcode259 net/http/http_security_headers_unittest.cc:259: EXPECT_FALSE(ParseAsHPKPHeader("max-aged=3488923; " + good_pin, chain_hashes, On 2016/04/11 18:29:52, estark ...

4 years, 8 months ago (2016-04-11 18:46:36 UTC) #5

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001

4 years, 8 months ago (2016-04-11 18:53:05 UTC) #8

commit-bot: I haz the power

Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/209132)

4 years, 8 months ago (2016-04-11 22:46:21 UTC) #10

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001

4 years, 8 months ago (2016-04-11 22:56:59 UTC) #12

commit-bot: I haz the power

Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/209254)

4 years, 8 months ago (2016-04-12 01:58:03 UTC) #14

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1831963002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1831963002/80001

4 years, 8 months ago (2016-04-12 05:31:44 UTC) #16

commit-bot: I haz the power

4 years, 8 months ago (2016-04-12 06:03:38 UTC) #19

Message was sent while issue was closed.

Patchset 5 (id:??) landed as
https://crrev.com/e8a43d8aa92e2bdb795fbccd67a3e8add8d3a9e8
Cr-Commit-Position: refs/heads/master@{#386596}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Powered by Google App Engine

This is Rietveld 408576698