Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2375693002:
LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string (Closed)
|
Created:
4 years, 2 months ago by Rob Percival Modified:
4 years, 2 months ago CC:
chromium-reviews, rsleevi+watch_chromium.org, certificate-transparency-chrome_googlegroups.com Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionLogDnsClient now rejects responses unless they contain exactly one TXT RDATA string
Previously, multiple TXT RDATA strings would be concatenated if present,
allowing a larger number of audit proof nodes to be delivered. However,
the CT-over-DNS draft RFC
(https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft-ct-over-dns.md)
explicitly states that the response should contain only one string, and trying
to handle other cases only causes confusion.
BUG=624894
Committed: https://crrev.com/9dc75a8c1abe75bf6dd4674090f7b7591d1ea0f9
Cr-Commit-Position: refs/heads/master@{#423140}
Patch Set 1 #Patch Set 2 : Tests #
Total comments: 2
Patch Set 3 : Adds missing #include <numeric> #
Total comments: 6
Patch Set 4 : Use checked_cast #
Dependent Patchsets: Messages
Total messages: 35 (20 generated)
The CQ bit was checked by robpercival@chromium.org to run a CQ dry run
robpercival@chromium.org changed reviewers: + eranm@chromium.org, rsleevi@chromium.org
PTAL.
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
On 2016/09/27 17:45:32, Rob Percival wrote: > PTAL. LGTM, handing over to Ryan for owners approval.
Is it worth having a test for this case?
On 2016/09/27 19:44:40, Eran Messeri wrote: > Is it worth having a test for this case? Tests coming right up...
On 2016/09/28 13:08:14, Rob Percival wrote: > On 2016/09/27 19:44:40, Eran Messeri wrote: > > Is it worth having a test for this case? > > Tests coming right up... PTAL.
The CQ bit was checked by robpercival@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
still lgtm % compilation fix (see comment) https://codereview.chromium.org/2375693002/diff/20001/components/certificate_... File components/certificate_transparency/log_dns_client_unittest.cc (right): https://codereview.chromium.org/2375693002/diff/20001/components/certificate_... components/certificate_transparency/log_dns_client_unittest.cc:464: std::string first_chunk_of_proof = std::accumulate( You may be missing an include, as compilation fails on some platforms with: ../../components/certificate_transparency/log_dns_client_unittest.cc:464:43: error: no member named 'accumulate' in namespace 'std' std::string first_chunk_of_proof = std::accumulate(
The CQ bit was checked by robpercival@chromium.org to run a CQ dry run
https://codereview.chromium.org/2375693002/diff/20001/components/certificate_... File components/certificate_transparency/log_dns_client_unittest.cc (right): https://codereview.chromium.org/2375693002/diff/20001/components/certificate_... components/certificate_transparency/log_dns_client_unittest.cc:464: std::string first_chunk_of_proof = std::accumulate( On 2016/09/30 10:02:40, Eran Messeri wrote: > You may be missing an include, as compilation fails on some platforms with: > ../../components/certificate_transparency/log_dns_client_unittest.cc:464:43: > error: no member named 'accumulate' in namespace 'std' > std::string first_chunk_of_proof = std::accumulate( Done.
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm
https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... File components/certificate_transparency/mock_log_dns_traffic.cc (right): https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:203: CHECK_LE(str.size(), 0xFFul); nit: The 0xFFul is weird to see here. C++11 will auto-sign extend to ul/ull, so you could just state 0xFFu. However, CHECK'ing during test code is very much an anti-pattern that should not be done. Tests should fail, not crash. https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:204: answer.insert(answer.end(), static_cast<char>(str.size())); Why not use the safe-numerics here, if you want the CHECKing behaviour?
https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... File components/certificate_transparency/mock_log_dns_traffic.cc (right): https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:203: CHECK_LE(str.size(), 0xFFul); On 2016/10/03 23:20:12, Ryan Sleevi (slow) wrote: > nit: The 0xFFul is weird to see here. C++11 will auto-sign extend to ul/ull, so > you could just state 0xFFu. > > However, CHECK'ing during test code is very much an anti-pattern that should not > be done. Tests should fail, not crash. Would you recommend instead making all of the methods in this class that currently ASSERT/EXPECT/CHECK return bool and ASSERTing on that in the tests? https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:204: answer.insert(answer.end(), static_cast<char>(str.size())); On 2016/10/03 23:20:12, Ryan Sleevi (slow) wrote: > Why not use the safe-numerics here, if you want the CHECKing behaviour? It seemed like overkill for a scenario that shouldn't occur unless someone sets up a test with an excessively long string, in which case crashing appeared reasonable.
https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... File components/certificate_transparency/mock_log_dns_traffic.cc (right): https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:204: answer.insert(answer.end(), static_cast<char>(str.size())); On 2016/10/04 11:46:47, Rob Percival wrote: > On 2016/10/03 23:20:12, Ryan Sleevi (slow) wrote: > > Why not use the safe-numerics here, if you want the CHECKing behaviour? > > It seemed like overkill for a scenario that shouldn't occur unless someone sets > up a test with an excessively long string, in which case crashing appeared > reasonable. Done.
The CQ bit was checked by robpercival@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... File components/certificate_transparency/mock_log_dns_traffic.cc (right): https://codereview.chromium.org/2375693002/diff/40001/components/certificate_... components/certificate_transparency/mock_log_dns_traffic.cc:203: CHECK_LE(str.size(), 0xFFul); On 2016/10/04 11:46:47, Rob Percival wrote: > On 2016/10/03 23:20:12, Ryan Sleevi (slow) wrote: > > nit: The 0xFFul is weird to see here. C++11 will auto-sign extend to ul/ull, > so > > you could just state 0xFFu. > > > > However, CHECK'ing during test code is very much an anti-pattern that should > not > > be done. Tests should fail, not crash. > > Would you recommend instead making all of the methods in this class that > currently ASSERT/EXPECT/CHECK return bool and ASSERTing on that in the tests? Here's an implementation of that: https://codereview.chromium.org/2389993003/
The CQ bit was checked by robpercival@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from eranm@chromium.org, rsleevi@chromium.org Link to the patchset: https://codereview.chromium.org/2375693002/#ps60001 (title: "Use checked_cast")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Committed patchset #4 (id:60001)
Message was sent while issue was closed.
Description was changed from ========== LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string Previously, multiple TXT RDATA strings would be concatenated if present, allowing a larger number of audit proof nodes to be delivered. However, the CT-over-DNS draft RFC (https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft...) explicitly states that the response should contain only one string, and trying to handle other cases only causes confusion. BUG=624894 ========== to ========== LogDnsClient now rejects responses unless they contain exactly one TXT RDATA string Previously, multiple TXT RDATA strings would be concatenated if present, allowing a larger number of audit proof nodes to be delivered. However, the CT-over-DNS draft RFC (https://github.com/google/certificate-transparency-rfcs/blob/master/dns/draft...) explicitly states that the response should contain only one string, and trying to handle other cases only causes confusion. BUG=624894 Committed: https://crrev.com/9dc75a8c1abe75bf6dd4674090f7b7591d1ea0f9 Cr-Commit-Position: refs/heads/master@{#423140} ==========
Message was sent while issue was closed.
Patchset 4 (id:??) landed as https://crrev.com/9dc75a8c1abe75bf6dd4674090f7b7591d1ea0f9 Cr-Commit-Position: refs/heads/master@{#423140} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
