Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(273)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/parse_certificate.cc

Issue 2341943002: Add error details to TBSCertificate parsing function and tests. (Closed)
Patch Set: update comment Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/parse_certificate.cc
diff --git a/net/cert/internal/parse_certificate.cc b/net/cert/internal/parse_certificate.cc
index 2c42facf23e181d50f60bc8e3520d56617c6cb2b..df2da3bccff0d394b0cf55957e460ab0b73cc16a 100644
--- a/net/cert/internal/parse_certificate.cc
+++ b/net/cert/internal/parse_certificate.cc
@@ -30,6 +30,9 @@ DEFINE_CERT_ERROR_ID(
DEFINE_CERT_ERROR_ID(kSignatureValueNotBitString,
"Couldn't read Certificate.signatureValue as BIT STRING");
+DEFINE_CERT_ERROR_ID(kUnconsumedDataInsideTbsCertificateSequence,
+ "Unconsumed data inside TBSCertificate");
mattm 2016/09/16 21:41:48 should tbs be lowercase?
eroman 2016/09/16 22:07:18 I intentionally upper-cased it to refer to the typ
mattm 2016/09/16 22:16:44 ah, sounds good.
+
// Returns true if |input| is a SEQUENCE and nothing else.
WARN_UNUSED_RESULT bool IsSequenceTLV(const der::Input& input) {
der::Parser parser(input);
@@ -258,7 +261,16 @@ bool ParseCertificate(const der::Input& certificate_tlv,
// }
bool ParseTbsCertificate(const der::Input& tbs_tlv,
const ParseCertificateOptions& options,
- ParsedTbsCertificate* out) {
+ ParsedTbsCertificate* out,
+ CertErrors* errors) {
+ // The rest of this function assumes that |errors| is non-null.
+ if (!errors) {
+ CertErrors unused_errors;
+ return ParseTbsCertificate(tbs_tlv, options, out, &unused_errors);
+ }
+
+ // TODO(crbug.com/634443): Add useful error information to |errors|.
+
der::Parser parser(tbs_tlv);
// Certificate ::= SEQUENCE {
@@ -374,8 +386,10 @@ bool ParseTbsCertificate(const der::Input& tbs_tlv,
// However because only v1, v2, and v3 certificates are supported by the
// parsing, there shouldn't be any subsequent data in those versions, so
// reject.
- if (tbs_parser.HasMore())
+ if (tbs_parser.HasMore()) {
+ errors->AddError(kUnconsumedDataInsideTbsCertificateSequence);
return false;
+ }
// By definition the input was a single TBSCertificate, so there shouldn't be
// unconsumed data.
« no previous file with comments | « net/cert/internal/parse_certificate.h ('k') | net/cert/internal/parse_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698