Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(231)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate.cc

Issue 7792077: Fix a benign off-by-one error of kNumSerials in IsBlacklisted. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/data/ssl/certificates/diginotar_public_ca_2025.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <map> 10 #include <map>
(...skipping 623 matching lines...) Expand 10 before | Expand all | Expand 10 after
634 cache->Remove(cert_handle_); 634 cache->Remove(cert_handle_);
635 FreeOSCertHandle(cert_handle_); 635 FreeOSCertHandle(cert_handle_);
636 } 636 }
637 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { 637 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) {
638 cache->Remove(intermediate_ca_certs_[i]); 638 cache->Remove(intermediate_ca_certs_[i]);
639 FreeOSCertHandle(intermediate_ca_certs_[i]); 639 FreeOSCertHandle(intermediate_ca_certs_[i]);
640 } 640 }
641 } 641 }
642 642
643 bool X509Certificate::IsBlacklisted() const { 643 bool X509Certificate::IsBlacklisted() const {
644 static const unsigned kNumSerials = 257; 644 static const unsigned kNumSerials = 256;
645 static const unsigned kSerialBytes = 16; 645 static const unsigned kSerialBytes = 16;
646 static const uint8 kSerials[kNumSerials][kSerialBytes] = { 646 static const uint8 kSerials[kNumSerials][kSerialBytes] = {
647 // Not a real certificate. For testing only. 647 // Not a real certificate. For testing only.
648 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd, 0x1c}, 648 {0x07,0x7a,0x59,0xbc,0xd5,0x34,0x59,0x60,0x1c,0xa6,0x90,0x72,0x67,0xa6,0xdd, 0x1c},
649 649
650 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014. 650 // The next nine certificates all expire on Fri Mar 14 23:59:59 2014.
651 // Some serial numbers actually have a leading 0x00 byte required to 651 // Some serial numbers actually have a leading 0x00 byte required to
652 // encode a positive integer in DER if the most significant bit is 0. 652 // encode a positive integer in DER if the most significant bit is 0.
653 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes. 653 // We omit the leading 0x00 bytes to make all serial numbers 16 bytes.
654 654
(...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after
940 } 940 }
941 941
942 // Special case for DigiNotar: this serial number had a leading 0x00 byte 942 // Special case for DigiNotar: this serial number had a leading 0x00 byte
943 static const uint8 kDigiNotarLeadingZero[15] = { 943 static const uint8 kDigiNotarLeadingZero[15] = {
944 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05 944 0x17,0x7f,0xb6,0x53,0x6b,0x98,0xce,0x40,0xd5,0x4b,0x8b,0x24,0xe3,0x16,0x05
945 }; 945 };
946 946
947 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) && 947 if (serial_number_.size() == sizeof(kDigiNotarLeadingZero) &&
948 memcmp(serial_number_.data(), kDigiNotarLeadingZero, 948 memcmp(serial_number_.data(), kDigiNotarLeadingZero,
949 sizeof(kDigiNotarLeadingZero)) == 0) { 949 sizeof(kDigiNotarLeadingZero)) == 0) {
950 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials, kNumSer ials + 1); 950 UMA_HISTOGRAM_ENUMERATION("Net.SSLCertBlacklisted", kNumSerials,
951 return true; 951 kNumSerials + 1);
952 return true;
952 } 953 }
953 954
954 return false; 955 return false;
955 } 956 }
956 957
957 // static 958 // static
958 bool X509Certificate::IsPublicKeyBlacklisted( 959 bool X509Certificate::IsPublicKeyBlacklisted(
959 const std::vector<SHA1Fingerprint>& public_key_hashes) { 960 const std::vector<SHA1Fingerprint>& public_key_hashes) {
960 static const unsigned kNumHashes = 3; 961 static const unsigned kNumHashes = 3;
961 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = { 962 static const uint8 kHashes[kNumHashes][base::SHA1_LENGTH] = {
(...skipping 26 matching lines...) Expand all
988 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash, 989 bool X509Certificate::IsSHA1HashInSortedArray(const SHA1Fingerprint& hash,
989 const uint8* array, 990 const uint8* array,
990 size_t array_byte_len) { 991 size_t array_byte_len) {
991 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH); 992 DCHECK_EQ(0u, array_byte_len % base::SHA1_LENGTH);
992 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH; 993 const unsigned arraylen = array_byte_len / base::SHA1_LENGTH;
993 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH, 994 return NULL != bsearch(hash.data, array, arraylen, base::SHA1_LENGTH,
994 CompareSHA1Hashes); 995 CompareSHA1Hashes);
995 } 996 }
996 997
997 } // namespace net 998 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/data/ssl/certificates/diginotar_public_ca_2025.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698