Check self-signed certificate names and signatures

net/cert/x509_certificate_win.cc

Index: net/cert/x509_certificate_win.cc
diff --git a/net/cert/x509_certificate_win.cc b/net/cert/x509_certificate_win.cc
index 7d8e531b1bd839e59727984690ce248ad2eb5c70..5fa6f477ff64b680ac3b897f4de932a9f5071f71 100644
--- a/net/cert/x509_certificate_win.cc
+++ b/net/cert/x509_certificate_win.cc
@@ -464,15 +464,36 @@ bool X509Certificate::IsIssuedByEncoded(
 
 // static
 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
-  return !!CryptVerifyCertificateSignatureEx(
-      NULL,
-      X509_ASN_ENCODING,
-      CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
+  bool valid_signature = !!CryptVerifyCertificateSignatureEx(
+      NULL, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
       reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
       CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
-      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
-      0,
-      NULL);
+      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)), 0, NULL);
+  if (!valid_signature) {
+    return false;
+  }
+  DWORD subject_size =
+      CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,
+                    CERT_X500_NAME_STR, NULL, 0);
+  DWORD issuer_size =
+      CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,
+                    CERT_X500_NAME_STR, NULL, 0);
+  if (subject_size < 1 || issuer_size < 1) {
+    return false;
+  }
+  std::unique_ptr<WCHAR[]> subject(new WCHAR[subject_size]);
+  std::unique_ptr<WCHAR[]> issuer(new WCHAR[issuer_size]);
+  DWORD subject_written =
+      CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Subject,
+                    CERT_X500_NAME_STR, subject.get(), subject_size);
+  DWORD issuer_written =
+      CertNameToStr(X509_ASN_ENCODING, &cert_handle->pCertInfo->Issuer,
+                    CERT_X500_NAME_STR, issuer.get(), issuer_size);
+  if (subject_written != issuer_written) {
+    return false;
+  }
+  return memcmp(subject.get(), issuer.get(), subject_written * sizeof(WCHAR)) ==
+         0;
 }
 
 }  // namespace net