Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 700463003: CSP: Harden hash parsing. (Closed)

Created:
6 years, 1 month ago by Mike West
Modified:
6 years, 1 month ago
Reviewers:
jww
CC:
blink-reviews, mkwst+watchlist-csp_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

CSP: Harden hash parsing. Pathalogical cases broke CSP's hash parsing code. This patch adds some bounds checking to ensure that we don't run off the end of the string in some edge cases. BUG=427397 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=184822

Patch Set 1 #

Patch Set 2 : Test. #

Total comments: 1

Patch Set 3 : Nit. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+21 lines, -14 lines) Patch
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-malformed.html View 1 1 chunk +5 lines, -0 lines 0 comments Download
A LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-malformed-expected.txt View 1 1 chunk +4 lines, -0 lines 0 comments Download
M Source/core/frame/csp/CSPSourceList.cpp View 1 2 3 chunks +12 lines, -14 lines 0 comments Download

Messages

Total messages: 6 (2 generated)
Mike West
Joel, mind taking a look at this? -mike
6 years, 1 month ago (2014-11-03 09:36:44 UTC) #2
jww
lgtm with nit https://codereview.chromium.org/700463003/diff/20001/Source/core/frame/csp/CSPSourceList.cpp File Source/core/frame/csp/CSPSourceList.cpp (right): https://codereview.chromium.org/700463003/diff/20001/Source/core/frame/csp/CSPSourceList.cpp#newcode303 Source/core/frame/csp/CSPSourceList.cpp:303: for (const auto& algorithm : kSupportedPrefixes) ...
6 years, 1 month ago (2014-11-03 21:16:55 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/700463003/40001
6 years, 1 month ago (2014-11-04 07:32:32 UTC) #5
commit-bot: I haz the power
6 years, 1 month ago (2014-11-04 09:00:49 UTC) #6
Message was sent while issue was closed. 
Committed patchset #3 (id:40001) as 184822

Powered by Google App Engine
This is Rietveld 408576698