net/cert/cert_verify_proc_win.cc - Issue 2760723002: Check X509Certificate::CreateFromHandle result.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/cert_verify_proc_win.cc

Issue 2760723002: Check X509Certificate::CreateFromHandle result. (Closed)

Patch Set: rebase on updated 2755203002 Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/cert_verify_proc_win.cc

diff --git a/net/cert/cert_verify_proc_win.cc b/net/cert/cert_verify_proc_win.cc

index ef334da0ae464bfa88bfdd804d702aa02b06e2c3..e9866d44974be4ede0ac43b76cce8c9cc73963ed 100644

--- a/net/cert/cert_verify_proc_win.cc

+++ b/net/cert/cert_verify_proc_win.cc

@@ -329,10 +329,10 @@ bool IsIssuedByKnownRoot(PCCERT_CHAIN_CONTEXT chain_context) {

// Saves some information about the certificate chain |chain_context| in

// |*verify_result|. The caller MUST initialize |*verify_result| before

// calling this function.

-void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,

+bool GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,

CertVerifyResult* verify_result) {

if (chain_context->cChain == 0)

- return;

+ return true;

PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];

DWORD num_elements = first_chain->cElement;

@@ -371,7 +371,9 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,

verified_chain.push_back(element[num_elements]->pCertContext);

verify_result->verified_cert =

X509Certificate::CreateFromHandle(verified_cert, verified_chain);

+ return !!verify_result->verified_cert;

}

+ return true;

}

// Decodes the cert's certificatePolicies extension into a CERT_POLICIES_INFO

@@ -1114,7 +1116,8 @@ int CertVerifyProcWin::VerifyInternal(

}

CertVerifyResult temp_verify_result = *verify_result;

- GetCertChainInfo(chain_context, verify_result);

+ if (!GetCertChainInfo(chain_context, verify_result))

+ return ERR_CERT_INVALID;

if (!verify_result->is_issued_by_known_root &&

(flags & CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS)) {

*verify_result = temp_verify_result;

@@ -1136,7 +1139,8 @@ int CertVerifyProcWin::VerifyInternal(

verify_result->cert_status |= CERT_STATUS_INVALID;

return MapSecurityError(GetLastError());

}

- GetCertChainInfo(chain_context, verify_result);

+ if (!GetCertChainInfo(chain_context, verify_result))

+ return ERR_CERT_INVALID;

if (chain_context->TrustStatus.dwErrorStatus &

CERT_TRUST_IS_OFFLINE_REVOCATION) {

« net/cert/cert_verify_proc_mac.cc ('K') | « net/cert/cert_verify_proc_openssl.cc ('k') | net/cert/nss_cert_database.cc » ('j') | net/cert/x509_certificate.cc » ('J')