Chromium Code Reviews Chromium Code Reviews
Issue 2114703002:
Ignore Crypto-Key header values that do not have "dh" values (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" | 5 #include "components/gcm_driver/crypto/gcm_encryption_provider.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 143 | 143 |
| 144 CryptoKeyHeaderIterator crypto_key_header_iterator( | 144 CryptoKeyHeaderIterator crypto_key_header_iterator( |
| 145 crypto_key_header->second.begin(), crypto_key_header->second.end()); | 145 crypto_key_header->second.begin(), crypto_key_header->second.end()); |
| 146 if (!crypto_key_header_iterator.GetNext()) { | 146 if (!crypto_key_header_iterator.GetNext()) { |
| 147 DLOG(ERROR) << "Unable to parse the value of the Crypto-Key header"; | 147 DLOG(ERROR) << "Unable to parse the value of the Crypto-Key header"; |
| 148 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 148 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 149 IncomingMessage()); | 149 IncomingMessage()); |
| 150 return; | 150 return; |
| 151 } | 151 } |
| 152 | 152 |
| 153 // Ignore values that don't include the "dh" property. When using VAPID, it is | |
| 154 // valid for the application server to supply multiple values. | |
| 155 while (crypto_key_header_iterator.dh().empty() && | |
|
johnme
2016/06/30 16:55:58
The spec requires "at most one entry having a `dh`
Peter Beverloo
2016/06/30 18:00:42
Done.
| |
| 156 crypto_key_header_iterator.GetNext()) {} | |
| 157 | |
| 153 if (crypto_key_header_iterator.dh().empty()) { | 158 if (crypto_key_header_iterator.dh().empty()) { |
| 154 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; | 159 DLOG(ERROR) << "Invalid values supplied in the Crypto-Key header"; |
| 155 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, | 160 callback.Run(DECRYPTION_RESULT_INVALID_CRYPTO_KEY_HEADER, |
| 156 IncomingMessage()); | 161 IncomingMessage()); |
| 157 return; | 162 return; |
| 158 } | 163 } |
| 159 | 164 |
| 160 // Use |fallback_to_empty_authorized_entity|, since this message might have | 165 // Use |fallback_to_empty_authorized_entity|, since this message might have |
| 161 // been sent to either an InstanceID token or a non-InstanceID registration. | 166 // been sent to either an InstanceID token or a non-InstanceID registration. |
| 162 key_store_->GetKeys(app_id, message.sender_id /* authorized_entity */, | 167 key_store_->GetKeys(app_id, message.sender_id /* authorized_entity */, |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 242 decrypted_message.decrypted = true; | 247 decrypted_message.decrypted = true; |
| 243 | 248 |
| 244 // There must be no data associated with the decrypted message at this point, | 249 // There must be no data associated with the decrypted message at this point, |
| 245 // to make sure that we don't end up in an infinite decryption loop. | 250 // to make sure that we don't end up in an infinite decryption loop. |
| 246 DCHECK_EQ(0u, decrypted_message.data.size()); | 251 DCHECK_EQ(0u, decrypted_message.data.size()); |
| 247 | 252 |
| 248 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); | 253 callback.Run(DECRYPTION_RESULT_DECRYPTED, decrypted_message); |
| 249 } | 254 } |
| 250 | 255 |
| 251 } // namespace gcm | 256 } // namespace gcm |
| OLD | NEW |
