Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(39)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verify_proc_ios.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)
Patch Set: rebase on updated 2755203002 Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_mac.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_ios.cc
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc
index 84ecd2aea84ba31730c706d83dc16c03ed414667..4706f10dc646ac38e9da56bbad9167bf450d713e 100644
--- a/net/cert/cert_verify_proc_ios.cc
+++ b/net/cert/cert_verify_proc_ios.cc
@@ -101,7 +101,7 @@ int BuildAndEvaluateSecTrustRef(CFArrayRef cert_array,
return OK;
}
-void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
+bool GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
DCHECK_LT(0, CFArrayGetCount(cert_chain));
SecCertificateRef verified_cert = nullptr;
@@ -117,7 +117,7 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
std::string der_bytes;
if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes))
- return;
+ return false;
base::StringPiece spki_bytes;
if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
@@ -139,11 +139,12 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
}
if (!verified_cert) {
NOTREACHED();
- return;
+ return false;
}
verify_result->verified_cert =
X509Certificate::CreateFromHandle(verified_cert, verified_chain);
+ return !!verify_result->verified_cert;
}
} // namespace
@@ -264,7 +265,8 @@ int CertVerifyProcIOS::VerifyInternal(
verify_result->cert_status |= GetCertFailureStatusFromTrust(trust_ref);
}
- GetCertChainInfo(final_chain, verify_result);
+ if (!GetCertChainInfo(final_chain, verify_result))
+ return ERR_CERT_INVALID;
eroman 2017/03/22 22:17:52 Is it necessary to set cert_status too?
mattm 2017/03/23 22:59:02 Hm, I guess setting cert_status and letting that p
// iOS lacks the ability to distinguish built-in versus non-built-in roots,
// so opt to 'fail open' of any restrictive policies that apply to built-in
« no previous file with comments | « net/cert/cert_verify_proc_builtin.cc ('k') | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_mac.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698