| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/x509_certificate.h" | 5 #include "net/cert/x509_certificate.h" |
| 6 | 6 |
| 7 #include <limits.h> | 7 #include <limits.h> |
| 8 #include <stdlib.h> | 8 #include <stdlib.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 533 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 544 // Do not allow wildcards for public/ICANN registry controlled domains - | 544 // Do not allow wildcards for public/ICANN registry controlled domains - |
| 545 // that is, prevent *.com or *.co.uk as valid presented names, but do not | 545 // that is, prevent *.com or *.co.uk as valid presented names, but do not |
| 546 // prevent *.appspot.com (a private registry controlled domain). | 546 // prevent *.appspot.com (a private registry controlled domain). |
| 547 // In addition, unknown top-level domains (such as 'intranet' domains or | 547 // In addition, unknown top-level domains (such as 'intranet' domains or |
| 548 // new TLDs/gTLDs not yet added to the registry controlled domain dataset) | 548 // new TLDs/gTLDs not yet added to the registry controlled domain dataset) |
| 549 // are also implicitly prevented. | 549 // are also implicitly prevented. |
| 550 // Because |reference_domain| must contain at least one name component that | 550 // Because |reference_domain| must contain at least one name component that |
| 551 // is not registry controlled, this ensures that all reference domains | 551 // is not registry controlled, this ensures that all reference domains |
| 552 // contain at least three domain components when using wildcards. | 552 // contain at least three domain components when using wildcards. |
| 553 size_t registry_length = | 553 size_t registry_length = |
| 554 registry_controlled_domains::GetRegistryLength( | 554 registry_controlled_domains::GetCanonicalHostRegistryLength( |
| 555 reference_name, | 555 reference_name, |
| 556 registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, | 556 registry_controlled_domains::INCLUDE_UNKNOWN_REGISTRIES, |
| 557 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); | 557 registry_controlled_domains::EXCLUDE_PRIVATE_REGISTRIES); |
| 558 | 558 |
| 559 // Because |reference_name| was already canonicalized, the following | 559 // Because |reference_name| was already canonicalized, the following |
| 560 // should never happen. | 560 // should never happen. |
| 561 CHECK_NE(std::string::npos, registry_length); | 561 CHECK_NE(std::string::npos, registry_length); |
| 562 | 562 |
| 563 // Account for the leading dot in |reference_domain|. | 563 // Account for the leading dot in |reference_domain|. |
| 564 bool is_registry_controlled = | 564 bool is_registry_controlled = |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 712 RemoveFromCache(cert_handle_); | 712 RemoveFromCache(cert_handle_); |
| 713 FreeOSCertHandle(cert_handle_); | 713 FreeOSCertHandle(cert_handle_); |
| 714 } | 714 } |
| 715 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | 715 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { |
| 716 RemoveFromCache(intermediate_ca_certs_[i]); | 716 RemoveFromCache(intermediate_ca_certs_[i]); |
| 717 FreeOSCertHandle(intermediate_ca_certs_[i]); | 717 FreeOSCertHandle(intermediate_ca_certs_[i]); |
| 718 } | 718 } |
| 719 } | 719 } |
| 720 | 720 |
| 721 } // namespace net | 721 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2451353002:
Reduce buggy usage of the registry controlled domain service. (Closed)
