Source/core/frame/csp/CSPSourceList.cpp - Issue 700463003: CSP: Harden hash parsing.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/frame/csp/CSPSourceList.cpp

Issue 700463003: CSP: Harden hash parsing. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Test. Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/core/frame/csp/CSPSourceList.cpp

diff --git a/Source/core/frame/csp/CSPSourceList.cpp b/Source/core/frame/csp/CSPSourceList.cpp

index da259835b8b1e68e184baf290e714b7a7406ade8..0241d43eca8d977944b2bc06126155e75b50fb50 100644

--- a/Source/core/frame/csp/CSPSourceList.cpp

+++ b/Source/core/frame/csp/CSPSourceList.cpp

@@ -298,17 +298,12 @@ bool CSPSourceList::parseHash(const UChar* begin, const UChar* end, DigestValue&

String prefix;

hashAlgorithm = ContentSecurityPolicyHashAlgorithmNone;

+ size_t hashLength = end - begin;

- // Instead of this sizeof() calculation to get the length of this array,

- // it would be preferable to use WTF_ARRAY_LENGTH for simplicity and to

- // guarantee a compile time calculation. Unfortunately, on some

- // compliers, the call to WTF_ARRAY_LENGTH fails on arrays of anonymous

- // stucts, so, for now, it is necessary to resort to this sizeof

- // calculation.

- for (size_t i = 0; i < (sizeof(kSupportedPrefixes) / sizeof(kSupportedPrefixes[0])); i++) {

- if (equalIgnoringCase(kSupportedPrefixes[i].prefix, begin, strlen(kSupportedPrefixes[i].prefix))) {

- prefix = kSupportedPrefixes[i].prefix;

- hashAlgorithm = kSupportedPrefixes[i].algorithm;

+ for (const auto& algorithm : kSupportedPrefixes) {

jww 2014/11/03 21:16:55 nit: Calling this 'algorithm' is confusing given t

+ if (hashLength > strlen(algorithm.prefix) && equalIgnoringCase(algorithm.prefix, begin, strlen(algorithm.prefix))) {

+ prefix = algorithm.prefix;

+ hashAlgorithm = algorithm.algorithm;

break;

}

@@ -319,14 +314,17 @@ bool CSPSourceList::parseHash(const UChar* begin, const UChar* end, DigestValue&

const UChar* position = begin + prefix.length();

const UChar* hashBegin = position;

+ ASSERT(position < end);

skipWhile<UChar, isBase64EncodedCharacter>(position, end);

ASSERT(hashBegin <= position);

// Base64 encodings may end with exactly one or two '=' characters

- skipExactly<UChar>(position, position + 1, '=');

+ if (position < end)

+ skipExactly<UChar>(position, position + 1, '=');

+ if (position < end)

+ skipExactly<UChar>(position, position + 1, '=');

- if ((position + 1) != end || *position != '\'' || !(position - hashBegin))

+ if (position + 1 != end || *position != '\'' || position == hashBegin)

return false;

Vector<char> hashVector;

« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/1.1/scripthash-malformed-expected.txt ('k') | no next file » | no next file with comments »