Add transport security state generator tests.

net/tools/transport_security_state_generator/trie/trie_writer.cc

 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/tools/transport_security_state_generator/trie/trie_writer.h"
 
 #include <algorithm>
 
 #include "base/logging.h"
 #include "base/strings/string_piece.h"
@@ skipping 46 matching lines @@
                        HuffmanBuilder* huffman_builder)
     : huffman_table_(huffman_table),
       domain_ids_map_(domain_ids_map),
       expect_ct_report_uri_map_(expect_ct_report_uri_map),
       expect_staple_report_uri_map_(expect_staple_report_uri_map),
       pinsets_map_(pinsets_map),
       huffman_builder_(huffman_builder) {}
 
 TrieWriter::~TrieWriter() {}
 
-uint32_t TrieWriter::WriteEntries(
-    const TransportSecurityStateEntries& entries) {
+bool TrieWriter::WriteEntries(const TransportSecurityStateEntries& entries,
+                              uint32_t* root_position) {
+  if (entries.empty())
+    return false;
+
   ReversedEntries reversed_entries;
-
   for (auto const& entry : entries) {
     std::unique_ptr<ReversedEntry> reversed_entry(
         new ReversedEntry(ReverseName(entry->hostname), entry.get()));
     reversed_entries.push_back(std::move(reversed_entry));
   }
 
   std::stable_sort(reversed_entries.begin(), reversed_entries.end(),
                    CompareReversedEntries);
 
-  return WriteDispatchTables(reversed_entries.begin(), reversed_entries.end());
+  return WriteDispatchTables(reversed_entries.begin(), reversed_entries.end(),
+                             root_position);
 }
 
-uint32_t TrieWriter::WriteDispatchTables(ReversedEntries::iterator start,
-                                         ReversedEntries::iterator end) {
+bool TrieWriter::WriteDispatchTables(ReversedEntries::iterator start,
+                                     ReversedEntries::iterator end,
+                                     uint32_t* position) {
   DCHECK(start != end) << "No entries passed to WriteDispatchTables";
 
   TrieBitBuffer writer;
 
   std::vector<uint8_t> prefix = LongestCommonPrefix(start, end);
   for (size_t i = 0; i < prefix.size(); ++i) {
     writer.WriteBit(1);
   }
   writer.WriteBit(0);
 
   if (prefix.size()) {
     for (size_t i = 0; i < prefix.size(); ++i) {
-      writer.WriteChar(prefix.at(i), huffman_table_, huffman_builder_);
+      if (!writer.WriteChar(prefix.at(i), huffman_table_, huffman_builder_)) {
+        return false;
+      }
     }
   }
 
   RemovePrefix(prefix.size(), start, end);
   int32_t last_position = -1;
 
   while (start != end) {
     uint8_t candidate = (*start)->reversed_name.at(0);
     ReversedEntries::iterator sub_entries_end = start + 1;
 
     for (; sub_entries_end != end; sub_entries_end++) {
       if ((*sub_entries_end)->reversed_name.at(0) != candidate) {
         break;
       }
     }
 
-    writer.WriteChar(candidate, huffman_table_, huffman_builder_);
+    if (!writer.WriteChar(candidate, huffman_table_, huffman_builder_)) {
+      return false;
+    }
 
     if (candidate == kTerminalValue) {
-      DCHECK((sub_entries_end - start) == 1)
-          << "Multiple values with the same name";
-      WriteEntry((*start)->entry, &writer);
+      if (sub_entries_end - start != 1) {
+        return false;
+      }
+      if (!WriteEntry((*start)->entry, &writer)) {
+        return false;
+      }
     } else {
       RemovePrefix(1, start, sub_entries_end);
-      uint32_t position = WriteDispatchTables(start, sub_entries_end);
-      writer.WritePosition(position, &last_position);
+      uint32_t table_position;
+      if (!WriteDispatchTables(start, sub_entries_end, &table_position)) {
+        return false;
+      }
+
+      writer.WritePosition(table_position, &last_position);
     }
 
     start = sub_entries_end;
   }
 
-  writer.WriteChar(kEndOfTableValue, huffman_table_, huffman_builder_);
+  if (!writer.WriteChar(kEndOfTableValue, huffman_table_, huffman_builder_)) {
+    return false;
+  }
 
-  uint32_t position = buffer_.position();
+  *position = buffer_.position();
   writer.Flush();
   writer.WriteToBitWriter(&buffer_);
-  return position;
+  return true;
 }
 
-void TrieWriter::WriteEntry(const TransportSecurityStateEntry* entry,
+bool TrieWriter::WriteEntry(const TransportSecurityStateEntry* entry,
                             TrieBitBuffer* writer) {
   uint8_t include_subdomains = 0;
   if (entry->include_subdomains) {
     include_subdomains = 1;
   }
   writer->WriteBit(include_subdomains);
 
   uint8_t force_https = 0;
   if (entry->force_https) {
     force_https = 1;
   }
   writer->WriteBit(force_https);
 
   if (entry->pinset.size()) {
     writer->WriteBit(1);
+
     NameIDMap::const_iterator pin_id_it = pinsets_map_.find(entry->pinset);
-    DCHECK(pin_id_it != pinsets_map_.cend()) << "invalid pinset";
+    if (pin_id_it == pinsets_map_.cend()) {
+      return false;
+    }
+
     const uint8_t& pin_id = pin_id_it->second;
-    DCHECK(pin_id <= 16) << "too many pinsets";
+    if (pin_id > 15) {

[martijnc, 2017/02/08 20:58:21]

The check was incorrect before, 4 bits can encode the values 0-15 so 16 would
overflow.

+      return false;
+    }
+
     writer->WriteBits(pin_id, 4);
 
     NameIDMap::const_iterator domain_id_it =
         domain_ids_map_.find(DomainConstant(entry->hostname));
-    DCHECK(domain_id_it != domain_ids_map_.cend()) << "invalid domain id";
+    if (domain_id_it == domain_ids_map_.cend()) {
+      return false;
+    }
+
     uint32_t domain_id = domain_id_it->second;
-    DCHECK(domain_id < 512) << "too many domain ids";
+    if (domain_id > 511) {
+      return false;
+    }
+
     writer->WriteBits(domain_id, 9);
 
     if (!entry->include_subdomains) {
       uint8_t include_subdomains_for_pinning = 0;
       if (entry->hpkp_include_subdomains) {
         include_subdomains_for_pinning = 1;
       }
       writer->WriteBit(include_subdomains_for_pinning);
     }
   } else {
     writer->WriteBit(0);
   }
 
   if (entry->expect_ct) {
     writer->WriteBit(1);
     NameIDMap::const_iterator expect_ct_report_uri_it =
         expect_ct_report_uri_map_.find(entry->expect_ct_report_uri);
-    DCHECK(expect_ct_report_uri_it != expect_ct_report_uri_map_.cend())
-        << "invalid expect-ct report-uri";
+    if (expect_ct_report_uri_it == expect_ct_report_uri_map_.cend()) {
+      return false;
+    }
+
     const uint8_t& expect_ct_report_id = expect_ct_report_uri_it->second;
-
-    DCHECK(expect_ct_report_id < 16) << "too many expect-ct ids";
+    if (expect_ct_report_id > 15) {
+      return false;
+    }
 
     writer->WriteBits(expect_ct_report_id, 4);
   } else {
     writer->WriteBit(0);
   }
 
   if (entry->expect_staple) {
     writer->WriteBit(1);
 
     if (entry->expect_staple_include_subdomains) {
       writer->WriteBit(1);
     } else {
       writer->WriteBit(0);
     }
 
     NameIDMap::const_iterator expect_staple_report_uri_it =
         expect_staple_report_uri_map_.find(entry->expect_staple_report_uri);
-    DCHECK(expect_staple_report_uri_it != expect_staple_report_uri_map_.cend())
-        << "invalid expect-ct report-uri";
+    if (expect_staple_report_uri_it == expect_staple_report_uri_map_.cend()) {
+      return false;
+    }
+
     const uint8_t& expect_staple_report_id =
         expect_staple_report_uri_it->second;
-    DCHECK(expect_staple_report_id < 16) << "too many expect-staple ids";
+    if (expect_staple_report_id > 15) {
+      return false;
+    }
 
     writer->WriteBits(expect_staple_report_id, 4);
   } else {
     writer->WriteBit(0);
   }
+
+  return true;
 }
 
 void TrieWriter::RemovePrefix(size_t length,
                               ReversedEntries::iterator start,
                               ReversedEntries::iterator end) {
   for (ReversedEntries::iterator it = start; it != end; ++it) {
     (*it)->reversed_name.erase((*it)->reversed_name.begin(),
                                (*it)->reversed_name.begin() + length);
   }
 }
 
 std::vector<uint8_t> TrieWriter::LongestCommonPrefix(
-    ReversedEntries::iterator start,
-    ReversedEntries::iterator end) const {
+    ReversedEntries::const_iterator start,
+    ReversedEntries::const_iterator end) const {
   if (start == end) {
     return std::vector<uint8_t>();
   }
 
   std::vector<uint8_t> prefix;
   for (size_t i = 0;; ++i) {
     if (i > (*start)->reversed_name.size()) {
       break;
     }
 
     uint8_t candidate = (*start)->reversed_name.at(i);
     if (candidate == kTerminalValue) {
       break;
     }
 
     bool ok = true;
-    for (ReversedEntries::iterator it = start + 1; it != end; ++it) {
+    for (ReversedEntries::const_iterator it = start + 1; it != end; ++it) {
       if (i > (*it)->reversed_name.size() ||
           (*it)->reversed_name.at(i) != candidate) {
         ok = false;
         break;
       }
     }
 
     if (!ok) {
       break;
     }
@@ skipping 21 matching lines @@
   return buffer_.position();
 }
 
 void TrieWriter::Flush() {
   buffer_.Flush();
 }
 
 }  // namespace transport_security_state
 
 }  // namespace net