Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(462)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_openssl.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)
Patch Set: update for eroman's comments Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_verify_proc_ios.cc ('K') | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | net/cert/cert_verify_proc_win.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_openssl.cc
diff --git a/net/cert/cert_verify_proc_openssl.cc b/net/cert/cert_verify_proc_openssl.cc
index 13a19d8e16322329c01a24395f2f30ddf7c2520f..73fa97214d4129cbadeeb1047742b8cfe3e08589 100644
--- a/net/cert/cert_verify_proc_openssl.cc
+++ b/net/cert/cert_verify_proc_openssl.cc
@@ -109,8 +109,11 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
// Set verify_result->verified_cert and
// verify_result->is_issued_by_known_root.
if (verified_cert) {
- verify_result->verified_cert =
+ scoped_refptr<X509Certificate> verified_cert_with_chain =
X509Certificate::CreateFromHandle(verified_cert, verified_chain);
+ if (!verified_cert_with_chain)
+ return false;
+ verify_result->verified_cert = std::move(verified_cert_with_chain);
// For OpenSSL builds, only certificates used for unit tests are treated
// as not issued by known roots. The only way to determine whether a
@@ -129,6 +132,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
verify_result->is_issued_by_known_root = false;
}
}
+ return true;
}
void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,
@@ -212,7 +216,8 @@ int CertVerifyProcOpenSSL::VerifyInternal(
verify_result->cert_status |= cert_status;
}
- GetCertChainInfo(ctx.get(), verify_result);
+ if (!GetCertChainInfo(ctx.get(), verify_result))
+ verify_result->cert_status |= CERT_STATUS_INVALID;
AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);
if (IsCertStatusError(verify_result->cert_status))
« net/cert/cert_verify_proc_ios.cc ('K') | « net/cert/cert_verify_proc_nss.cc ('k') | net/cert/cert_verify_proc_win.cc » ('j') | net/cert/cert_verify_proc_win.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698