Fix object-lifetime issues in async GetProof callpaths

net/quic/core/crypto/quic_crypto_server_config.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_
 
 #include <stddef.h>
 #include <stdint.h>
 
@@ skipping 263 matching lines @@
   //     ValidatedClientHelloMsg token that holds information about
   //     the client hello.  The callback will always be called exactly
   //     once, either under the current call stack, or after the
   //     completion of an asynchronous operation.
   void ValidateClientHello(
       const CryptoHandshakeMessage& client_hello,
       const IPAddress& client_ip,
       const IPAddress& server_ip,
       QuicVersion version,
       const QuicClock* clock,
-      QuicCryptoProof* crypto_proof,
+      scoped_refptr<QuicCryptoProof> crypto_proof,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const;
 
   // ProcessClientHello processes |client_hello| and decides whether to accept
   // or reject the connection. If the connection is to be accepted, |done_cb| is
   // invoked with the contents of the ServerHello and QUIC_NO_ERROR. Otherwise
   // |done_cb| is called with a REJ or SREJ message and QUIC_NO_ERROR.
   //
   // validate_chlo_result: Output from the asynchronous call to
   //     ValidateClientHello.  Contains the client hello message and
   //     information about it.
@@ skipping 25 matching lines @@
       QuicConnectionId connection_id,
       const IPAddress& server_ip,
       const IPEndPoint& client_address,
       QuicVersion version,
       const QuicVersionVector& supported_versions,
       bool use_stateless_rejects,
       QuicConnectionId server_designated_connection_id,
       const QuicClock* clock,
       QuicRandom* rand,
       QuicCompressedCertsCache* compressed_certs_cache,
-      QuicCryptoNegotiatedParameters* params,
-      QuicCryptoProof* crypto_proof,
+      scoped_refptr<QuicCryptoNegotiatedParameters> params,
+      scoped_refptr<QuicCryptoProof> crypto_proof,
       QuicByteCount total_framing_overhead,
       QuicByteCount chlo_packet_size,
       std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const;
 
   // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing
   // the current primary config, an up to date source-address token, and cert
   // chain and proof in the case of secure QUIC. Returns true if successfully
   // filled |out|.
   //
   // |cached_network_params| is optional, and can be nullptr.
@@ skipping 201 matching lines @@
   void SelectNewPrimaryConfig(QuicWallTime now) const;
 
   // EvaluateClientHello checks |client_hello| for gross errors and determines
   // whether it can be shown to be fresh (i.e. not a replay). The results are
   // written to |info|.
   void EvaluateClientHello(
       const IPAddress& server_ip,
       QuicVersion version,
       scoped_refptr<Config> requested_config,
       scoped_refptr<Config> primary_config,
-      QuicCryptoProof* crypto_proof,
+      scoped_refptr<QuicCryptoProof> crypto_proof,
       scoped_refptr<ValidateClientHelloResultCallback::Result>
           client_hello_state,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const;
 
   // Callback class for bridging between EvaluateClientHello and
   // EvaluateClientHelloAfterGetProof.
   class EvaluateClientHelloCallback;
   friend class EvaluateClientHelloCallback;
 
   // Continuation of EvaluateClientHello after the call to
   // ProofSource::GetProof.  |found_error| indicates whether an error was
   // detected in EvaluateClientHello, and |get_proof_failed| indicates whether
   // GetProof failed.  If GetProof was not run, then |get_proof_failed| will be
   // set to false.
   void EvaluateClientHelloAfterGetProof(
       bool found_error,
       const IPAddress& server_ip,
       QuicVersion version,
       scoped_refptr<Config> requested_config,
       scoped_refptr<Config> primary_config,
-      QuicCryptoProof* crypto_proof,
+      scoped_refptr<QuicCryptoProof> crypto_proof,
       std::unique_ptr<ProofSource::Details> proof_source_details,
       bool get_proof_failed,
       scoped_refptr<ValidateClientHelloResultCallback::Result>
           client_hello_state,
       std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const;
 
   // Callback class for bridging between ProcessClientHello and
   // ProcessClientHelloAfterGetProof.
   class ProcessClientHelloCallback;
   friend class ProcessClientHelloCallback;
 
   // Portion of ProcessClientHello which executes after GetProof.
   void ProcessClientHelloAfterGetProof(
       bool found_error,
       const ValidateClientHelloResultCallback::Result& validate_chlo_result,
       bool reject_only,
       QuicConnectionId connection_id,
       const IPEndPoint& client_address,
       QuicVersion version,
       const QuicVersionVector& supported_versions,
       bool use_stateless_rejects,
       QuicConnectionId server_designated_connection_id,
       const QuicClock* clock,
       QuicRandom* rand,
       QuicCompressedCertsCache* compressed_certs_cache,
-      QuicCryptoNegotiatedParameters* params,
-      QuicCryptoProof* crypto_proof,
+      scoped_refptr<QuicCryptoNegotiatedParameters> params,
+      scoped_refptr<QuicCryptoProof> crypto_proof,
       QuicByteCount total_framing_overhead,
       QuicByteCount chlo_packet_size,
       const scoped_refptr<Config>& requested_config,
       const scoped_refptr<Config>& primary_config,
       std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const;
 
   // BuildRejection sets |out| to be a REJ message in reply to |client_hello|.
   void BuildRejection(QuicVersion version,
                       QuicWallTime now,
                       const Config& config,
                       const CryptoHandshakeMessage& client_hello,
                       const ClientHelloInfo& info,
                       const CachedNetworkParameters& cached_network_params,
                       bool use_stateless_rejects,
                       QuicConnectionId server_designated_connection_id,
                       QuicRandom* rand,
                       QuicCompressedCertsCache* compressed_certs_cache,
-                      QuicCryptoNegotiatedParameters* params,
+                      scoped_refptr<QuicCryptoNegotiatedParameters> params,
                       const QuicCryptoProof& crypto_proof,
                       QuicByteCount total_framing_overhead,
                       QuicByteCount chlo_packet_size,
                       CryptoHandshakeMessage* out) const;
 
   // CompressChain compresses the certificates in |chain->certs| and returns a
   // compressed representation. |common_sets| contains the common certificate
   // sets known locally and |client_common_set_hashes| contains the hashes of
   // the common sets known to the peer. |client_cached_cert_hashes| contains
   // 64-bit, FNV-1a hashes of certificates that the peer already possesses.
@@ skipping 209 matching lines @@
 
   // Enable serving SCT or not.
   bool enable_serving_sct_;
 
   // Does not own this observer.
   RejectionObserver* rejection_observer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerConfig);
 };
 
-struct NET_EXPORT_PRIVATE QuicCryptoProof {
+struct NET_EXPORT_PRIVATE QuicCryptoProof
+    : public base::RefCounted<QuicCryptoProof> {
   QuicCryptoProof();
-  ~QuicCryptoProof();
 
   std::string signature;
   scoped_refptr<ProofSource::Chain> chain;
   std::string cert_sct;
   // The server config that is used for this proof (and the rest of the
   // request).
   scoped_refptr<QuicCryptoServerConfig::Config> config;
   std::string primary_scid;
+
+ private:
+  friend class base::RefCounted<QuicCryptoProof>;
+  virtual ~QuicCryptoProof();
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_