Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(3110)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_ios.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)
Patch Set: update for eroman's comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_win.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_ios.cc
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc
index 84ecd2aea84ba31730c706d83dc16c03ed414667..7e7296f85ea634d199f7e4d1cd0eb1802cbe1e16 100644
--- a/net/cert/cert_verify_proc_ios.cc
+++ b/net/cert/cert_verify_proc_ios.cc
@@ -101,7 +101,7 @@ int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
return OK;
}
-void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
+bool GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
eroman 2017/03/23 23:41:31 I left a comment about GetCertChainInfo() for the
mattm 2017/03/24 21:49:35 Done.
DCHECK_LT(0, CFArrayGetCount(cert_chain));
SecCertificateRef verified_cert = nullptr;
@@ -117,11 +117,11 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
std::string der_bytes;
if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes))
- return;
+ return false;
base::StringPiece spki_bytes;
if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
- continue;
+ return false;
HashValue sha1(HASH_VALUE_SHA1);
CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data());
@@ -139,11 +139,15 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
}
if (!verified_cert) {
NOTREACHED();
- return;
+ return false;
}
- verify_result->verified_cert =
+ scoped_refptr<X509Certificate> verified_cert_with_chain =
X509Certificate::CreateFromHandle(verified_cert, verified_chain);
+ if (!verified_cert_with_chain)
+ return false;
+ verify_result->verified_cert = std::move(verified_cert_with_chain);
+ return true;
}
} // namespace
@@ -264,7 +268,8 @@ int CertVerifyProcIOS::VerifyInternal(
verify_result->cert_status |= GetCertFailureStatusFromTrust(trust_ref);
}
- GetCertChainInfo(final_chain, verify_result);
+ if (!GetCertChainInfo(final_chain, verify_result))
+ verify_result->cert_status |= CERT_STATUS_INVALID;
// iOS lacks the ability to distinguish built-in versus non-built-in roots,
// so opt to 'fail open' of any restrictive policies that apply to built-in
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698