Chromium Code Reviews Chromium Code Reviews
Issue 2094333002:
Implementation for chrome.certificateProvider.requestPin/stopPinRequest (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/chromeos/certificate_provider/sign_requests.cc |
| diff --git a/chrome/browser/chromeos/certificate_provider/sign_requests.cc b/chrome/browser/chromeos/certificate_provider/sign_requests.cc |
| index 3d3ecfc88029110c417cf324a187dd08efdf0ee1..4c9eca048af66c2ed3078c56b05edf11d16f2d83 100644 |
| --- a/chrome/browser/chromeos/certificate_provider/sign_requests.cc |
| +++ b/chrome/browser/chromeos/certificate_provider/sign_requests.cc |
| @@ -5,6 +5,7 @@ |
| #include "chrome/browser/chromeos/certificate_provider/sign_requests.h" |
| #include "base/callback.h" |
| +#include "base/rand_util.h" |
| namespace chromeos { |
| namespace certificate_provider { |
| @@ -23,7 +24,13 @@ SignRequests::~SignRequests() {} |
| int SignRequests::AddRequest(const std::string& extension_id, |
| const net::SSLPrivateKey::SignCallback& callback) { |
| RequestsState& state = extension_to_requests_[extension_id]; |
| - const int request_id = state.next_free_id++; |
| + // Generate a random request id so that extensions using |
| + // chrome.certificateProvider can not guess another extension's request id. |
| + int request_id = base::RandInt(0, INT_MAX); |
|
emaxx
2016/09/19 14:01:43
nit: #include <climits>
|
| + while (state.pending_requests.find(request_id) != |
| + state.pending_requests.end()) { |
| + request_id = base::RandInt(0, INT_MAX); |
| + } |
| state.pending_requests[request_id] = callback; |
| return request_id; |
| } |
