Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Side by Side Diff: net/quic/core/crypto/quic_crypto_server_config.cc

Issue 2626443002: Fix QUIC crash when ProofSource::GetProof fails (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" 5 #include "net/quic/core/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
(...skipping 1309 matching lines...) Expand 10 before | Expand all | Expand 10 after
1320 client_hello_state, 1320 client_hello_state,
1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { 1321 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const {
1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb); 1322 ValidateClientHelloHelper helper(client_hello_state, &done_cb);
1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; 1323 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello;
1324 ClientHelloInfo* info = &(client_hello_state->info); 1324 ClientHelloInfo* info = &(client_hello_state->info);
1325 1325
1326 if (get_proof_failed) { 1326 if (get_proof_failed) {
1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); 1327 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE);
1328 } 1328 }
1329 1329
1330 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { 1330 if (signed_config->chain != nullptr &&
1331 !ValidateExpectedLeafCertificate(client_hello,
1332 signed_config->chain->certs)) {
1331 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); 1333 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE);
1332 } 1334 }
1333 1335
1334 if (info->client_nonce.size() != kNonceSize) { 1336 if (info->client_nonce.size() != kNonceSize) {
1335 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); 1337 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE);
1336 // Invalid client nonce. 1338 // Invalid client nonce.
1337 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); 1339 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString();
1338 DVLOG(1) << "Invalid client nonce."; 1340 DVLOG(1) << "Invalid client nonce.";
1339 } 1341 }
1340 1342
(...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after
1979 rand->RandBytes(&server_nonce[sizeof(timestamp)], 1981 rand->RandBytes(&server_nonce[sizeof(timestamp)],
1980 sizeof(server_nonce) - sizeof(timestamp)); 1982 sizeof(server_nonce) - sizeof(timestamp));
1981 1983
1982 return server_nonce_boxer_.Box( 1984 return server_nonce_boxer_.Box(
1983 rand, 1985 rand,
1984 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); 1986 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce)));
1985 } 1987 }
1986 1988
1987 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( 1989 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate(
1988 const CryptoHandshakeMessage& client_hello, 1990 const CryptoHandshakeMessage& client_hello,
1989 const QuicSignedServerConfig& signed_config) const { 1991 const std::vector<string>& certs) const {
1990 if (signed_config.chain->certs.empty()) { 1992 if (certs.empty()) {
1991 return false; 1993 return false;
1992 } 1994 }
1993 1995
1994 uint64_t hash_from_client; 1996 uint64_t hash_from_client;
1995 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { 1997 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) {
1996 return false; 1998 return false;
1997 } 1999 }
1998 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == 2000 return CryptoUtils::ComputeLeafCertHash(certs.at(0)) == hash_from_client;
1999 hash_from_client;
2000 } 2001 }
2001 2002
2002 bool QuicCryptoServerConfig::ClientDemandsX509Proof( 2003 bool QuicCryptoServerConfig::ClientDemandsX509Proof(
2003 const CryptoHandshakeMessage& client_hello) const { 2004 const CryptoHandshakeMessage& client_hello) const {
2004 const QuicTag* their_proof_demands; 2005 const QuicTag* their_proof_demands;
2005 size_t num_their_proof_demands; 2006 size_t num_their_proof_demands;
2006 2007
2007 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, 2008 if (client_hello.GetTaglist(kPDMD, &their_proof_demands,
2008 &num_their_proof_demands) != QUIC_NO_ERROR) { 2009 &num_their_proof_demands) != QUIC_NO_ERROR) {
2009 return false; 2010 return false;
(...skipping 15 matching lines...) Expand all
2025 expiry_time(QuicWallTime::Zero()), 2026 expiry_time(QuicWallTime::Zero()),
2026 priority(0), 2027 priority(0),
2027 source_address_token_boxer(nullptr) {} 2028 source_address_token_boxer(nullptr) {}
2028 2029
2029 QuicCryptoServerConfig::Config::~Config() {} 2030 QuicCryptoServerConfig::Config::~Config() {}
2030 2031
2031 QuicSignedServerConfig::QuicSignedServerConfig() {} 2032 QuicSignedServerConfig::QuicSignedServerConfig() {}
2032 QuicSignedServerConfig::~QuicSignedServerConfig() {} 2033 QuicSignedServerConfig::~QuicSignedServerConfig() {}
2033 2034
2034 } // namespace net 2035 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698