net/http/http_response_info.cc - Issue 2294373002: Certificate Transparency: Remove the obsolete invalid sct status.

Side by Side Diff: net/http/http_response_info.cc

Issue 2294373002: Certificate Transparency: Remove the obsolete invalid sct status. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/http_response_info.h"	5 #include "net/http/http_response_info.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/pickle.h"	8 #include "base/pickle.h"

9 #include "base/time/time.h"	9 #include "base/time/time.h"

10 #include "net/base/auth.h"	10 #include "net/base/auth.h"

(...skipping 15 matching lines...) Expand all Loading...
26 case 1:	26 case 1:

27 return X509Certificate::PICKLETYPE_SINGLE_CERTIFICATE;	27 return X509Certificate::PICKLETYPE_SINGLE_CERTIFICATE;

28 case 2:	28 case 2:

29 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V2;	29 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V2;

30 case 3:	30 case 3:

31 default:	31 default:

32 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3;	32 return X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3;

33 }	33 }

34 }	34 }

35	35

	36 // 2 was used for SCT_STATUS_INVALID in SCTVerifyStatus enum but

	37 // was deprecated.

	38 uint64_t kObsoleteSCTInvalidStatus = 2;

	39

36 } // namespace	40 } // namespace

37	41

38 // These values can be bit-wise combined to form the flags field of the	42 // These values can be bit-wise combined to form the flags field of the

39 // serialized HttpResponseInfo.	43 // serialized HttpResponseInfo.

40 enum {	44 enum {

41 // The version of the response info used when persisting response info.	45 // The version of the response info used when persisting response info.

42 RESPONSE_INFO_VERSION = 3,	46 RESPONSE_INFO_VERSION = 3,

43	47

44 // The minimum version supported for deserializing response info.	48 // The minimum version supported for deserializing response info.

45 RESPONSE_INFO_MINIMUM_VERSION = 1,	49 RESPONSE_INFO_MINIMUM_VERSION = 1,

(...skipping 186 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
232 if (flags & RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS) {	236 if (flags & RESPONSE_INFO_HAS_SIGNED_CERTIFICATE_TIMESTAMPS) {

233 int num_scts;	237 int num_scts;

234 if (!iter.ReadInt(&num_scts))	238 if (!iter.ReadInt(&num_scts))

235 return false;	239 return false;

236 for (int i = 0; i < num_scts; ++i) {	240 for (int i = 0; i < num_scts; ++i) {

237 scoped_refptr<ct::SignedCertificateTimestamp> sct(	241 scoped_refptr<ct::SignedCertificateTimestamp> sct(

238 ct::SignedCertificateTimestamp::CreateFromPickle(&iter));	242 ct::SignedCertificateTimestamp::CreateFromPickle(&iter));

239 uint16_t status;	243 uint16_t status;

240 if (!sct.get() \|\| !iter.ReadUInt16(&status))	244 if (!sct.get() \|\| !iter.ReadUInt16(&status))

241 return false;	245 return false;

	246 if (status == kObsoleteSCTInvalidStatus)

	247 return false;
	Ryan Sleevi 2016/09/01 00:01:29 Compare this with 286-289, as an example. This pre Compare this with 286-289, as an example. This present approach can still lead to crashes (as new values are introduced & such) Something like CheckSCTStatus() seems better for this, but lifted propertly into sct_status_flags.cc NET_EXPORT bool IsValidSCTStatus(int status); And then this check can defer to it, and CheckSCTStatus could be replaced with it. Eran Messeri 2016/09/01 14:16:34 Done. Show quoted text On 2016/09/01 at 00:01:29, Ryan Sleevi (slow) wrote: > Compare this with 286-289, as an example. This present approach can still lead to crashes (as new values are introduced & such) > > Something like CheckSCTStatus() seems better for this, but lifted propertly into sct_status_flags.cc > > NET_EXPORT bool IsValidSCTStatus(int status); > > And then this check can defer to it, and CheckSCTStatus could be replaced with it. Done.
242 ssl_info.signed_certificate_timestamps.push_back(	248 ssl_info.signed_certificate_timestamps.push_back(

243 SignedCertificateTimestampAndStatus(	249 SignedCertificateTimestampAndStatus(

244 sct, static_cast<ct::SCTVerifyStatus>(status)));	250 sct, static_cast<ct::SCTVerifyStatus>(status)));

245 }	251 }

246 }	252 }

247	253

248 // Read vary-data	254 // Read vary-data

249 if (flags & RESPONSE_INFO_HAS_VARY_DATA) {	255 if (flags & RESPONSE_INFO_HAS_VARY_DATA) {

250 if (!vary_data.InitFromPickle(&iter))	256 if (!vary_data.InitFromPickle(&iter))

251 return false;	257 return false;

(...skipping 190 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
442 case CONNECTION_INFO_HTTP1_0:	448 case CONNECTION_INFO_HTTP1_0:

443 return "http/1.0";	449 return "http/1.0";

444 case NUM_OF_CONNECTION_INFOS:	450 case NUM_OF_CONNECTION_INFOS:

445 break;	451 break;

446 }	452 }

447 NOTREACHED();	453 NOTREACHED();

448 return "";	454 return "";

449 }	455 }

450	456

451 } // namespace net	457 } // namespace net

OLD	NEW

« net/cert/sct_status_flags.h ('K') | « net/cert/sct_status_flags.h ('k') | net/http/http_response_info_unittest.cc » ('j') | net/http/http_response_info_unittest.cc » ('J')