Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(8)

Side by Side Diff: extensions/browser/content_hash_reader.cc

Issue 329303007: Fix several problems with the content verification code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ready Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/content_hash_reader.h" 5 #include "extensions/browser/content_hash_reader.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/file_util.h" 8 #include "base/file_util.h"
9 #include "base/json/json_reader.h" 9 #include "base/json/json_reader.h"
10 #include "base/strings/string_util.h" 10 #include "base/strings/string_util.h"
(...skipping 15 matching lines...) Expand all
26 const base::Version& extension_version, 26 const base::Version& extension_version,
27 const base::FilePath& extension_root, 27 const base::FilePath& extension_root,
28 const base::FilePath& relative_path, 28 const base::FilePath& relative_path,
29 const ContentVerifierKey& key) 29 const ContentVerifierKey& key)
30 : extension_id_(extension_id), 30 : extension_id_(extension_id),
31 extension_version_(extension_version.GetString()), 31 extension_version_(extension_version.GetString()),
32 extension_root_(extension_root), 32 extension_root_(extension_root),
33 relative_path_(relative_path), 33 relative_path_(relative_path),
34 key_(key), 34 key_(key),
35 status_(NOT_INITIALIZED), 35 status_(NOT_INITIALIZED),
36 have_verified_contents_(false),
37 have_computed_hashes_(false),
36 block_size_(0) { 38 block_size_(0) {
37 } 39 }
38 40
39 ContentHashReader::~ContentHashReader() { 41 ContentHashReader::~ContentHashReader() {
40 } 42 }
41 43
42 bool ContentHashReader::Init() { 44 bool ContentHashReader::Init() {
43 DCHECK_EQ(status_, NOT_INITIALIZED); 45 DCHECK_EQ(status_, NOT_INITIALIZED);
44 status_ = FAILURE; 46 status_ = FAILURE;
45 base::FilePath verified_contents_path = 47 base::FilePath verified_contents_path =
46 file_util::GetVerifiedContentsPath(extension_root_); 48 file_util::GetVerifiedContentsPath(extension_root_);
47 49
48 if (!base::PathExists(verified_contents_path)) 50 if (!base::PathExists(verified_contents_path))
49 return false; 51 return false;
50 52
51 verified_contents_.reset(new VerifiedContents(key_.data, key_.size)); 53 verified_contents_.reset(new VerifiedContents(key_.data, key_.size));
52 if (!verified_contents_->InitFrom(verified_contents_path, false) || 54 if (!verified_contents_->InitFrom(verified_contents_path, false) ||
53 !verified_contents_->valid_signature() || 55 !verified_contents_->valid_signature() ||
54 !verified_contents_->version().Equals(extension_version_) || 56 !verified_contents_->version().Equals(extension_version_) ||
55 verified_contents_->extension_id() != extension_id_) { 57 verified_contents_->extension_id() != extension_id_)
56 base::DeleteFile(verified_contents_path, false /* recursive */);
57 return false; 58 return false;
58 } 59
60 have_verified_contents_ = true;
59 61
60 base::FilePath computed_hashes_path = 62 base::FilePath computed_hashes_path =
61 file_util::GetComputedHashesPath(extension_root_); 63 file_util::GetComputedHashesPath(extension_root_);
62 if (!base::PathExists(computed_hashes_path)) 64 if (!base::PathExists(computed_hashes_path))
63 return false; 65 return false;
64 66
65 ComputedHashes::Reader reader; 67 ComputedHashes::Reader reader;
66 if (!reader.InitFromFile(computed_hashes_path) || 68 if (!reader.InitFromFile(computed_hashes_path))
67 !reader.GetHashes(relative_path_, &block_size_, &hashes_) ||
68 block_size_ % crypto::kSHA256Length != 0) {
69 base::DeleteFile(computed_hashes_path, false /* recursive */);
70 return false; 69 return false;
71 } 70
71 have_computed_hashes_ = true;
72
73 if (!reader.GetHashes(relative_path_, &block_size_, &hashes_) ||
74 block_size_ % crypto::kSHA256Length != 0)
75 return false;
76
77 const std::string* expected_root =
78 verified_contents_->GetTreeHashRoot(relative_path_);
79 if (!expected_root)
80 return false;
72 81
73 std::string root = 82 std::string root =
74 ComputeTreeHashRoot(hashes_, block_size_ / crypto::kSHA256Length); 83 ComputeTreeHashRoot(hashes_, block_size_ / crypto::kSHA256Length);
75 const std::string* expected_root = NULL; 84 if (*expected_root != root)
76 expected_root = verified_contents_->GetTreeHashRoot(relative_path_);
77 if (expected_root && *expected_root != root) {
78 base::DeleteFile(computed_hashes_path, false /* recursive */);
79 return false; 85 return false;
80 }
81 86
82 status_ = SUCCESS; 87 status_ = SUCCESS;
83 return true; 88 return true;
84 } 89 }
85 90
86 int ContentHashReader::block_count() const { 91 int ContentHashReader::block_count() const {
87 DCHECK(status_ != NOT_INITIALIZED); 92 DCHECK(status_ != NOT_INITIALIZED);
88 return hashes_.size(); 93 return hashes_.size();
89 } 94 }
90 95
91 int ContentHashReader::block_size() const { 96 int ContentHashReader::block_size() const {
92 DCHECK(status_ != NOT_INITIALIZED); 97 DCHECK(status_ != NOT_INITIALIZED);
93 return block_size_; 98 return block_size_;
94 } 99 }
95 100
96 bool ContentHashReader::GetHashForBlock(int block_index, 101 bool ContentHashReader::GetHashForBlock(int block_index,
97 const std::string** result) const { 102 const std::string** result) const {
98 if (status_ != SUCCESS) 103 if (status_ != SUCCESS)
99 return false; 104 return false;
100 DCHECK(block_index >= 0); 105 DCHECK(block_index >= 0);
101 106
102 if (static_cast<unsigned>(block_index) >= hashes_.size()) 107 if (static_cast<unsigned>(block_index) >= hashes_.size())
103 return false; 108 return false;
104 *result = &hashes_[block_index]; 109 *result = &hashes_[block_index];
105 110
106 return true; 111 return true;
107 } 112 }
108 113
109 } // namespace extensions 114 } // namespace extensions
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698