extensions/browser/sandboxed_unpacker.h - Issue 829583002: Validate hash_sha256 checksum on .crx update.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: extensions/browser/sandboxed_unpacker.h

Issue 829583002: Validate hash_sha256 checksum on .crx update. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix unittest build for windows. Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: extensions/browser/sandboxed_unpacker.h

diff --git a/extensions/browser/sandboxed_unpacker.h b/extensions/browser/sandboxed_unpacker.h

index 60a5bbdd4aa0b517857e283c22c11b4bcc92bb2a..398600bff8c466be15e45a6dcd1b2db5ff90c3d6 100644

--- a/extensions/browser/sandboxed_unpacker.h

+++ b/extensions/browser/sandboxed_unpacker.h

@@ -12,6 +12,7 @@

#include "base/memory/ref_counted.h"

#include "base/time/time.h"

#include "content/public/browser/utility_process_host_client.h"

+#include "extensions/browser/crx_file_info.h"

#include "extensions/common/manifest.h"

class SkBitmap;

@@ -21,6 +22,10 @@ class DictionaryValue;

class SequencedTaskRunner;

}

+namespace crypto {

+class SecureHash;

namespace extensions {

class Extension;

@@ -79,7 +84,7 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {

// |client| with the result. If |run_out_of_process| is provided, unpacking

// is done in a sandboxed subprocess. Otherwise, it is done in-process.

SandboxedUnpacker(

- const base::FilePath& crx_path,

+ const CRXFileInfo& file,

Manifest::Location location,

int creation_flags,

const base::FilePath& extensions_dir,

@@ -148,6 +153,9 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {

ERROR_SERIALIZING_CATALOG,

ERROR_SAVING_CATALOG,

+ // SandboxedUnpacker::ValidateSignature()

+ CRX_HASH_VERIFICATION_FAILED,

NUM_FAILURE_REASONS

};

@@ -160,6 +168,11 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {

// Return true on success.

virtual bool CreateTempDirectory();

+ // Finalizes hash calculation and checks the result against the expected

+ // package hash. In case of mismatch, depending on the command-line option,

+ // we will either fail installation, or just update histograms.

+ bool FinalizeHash(scoped_ptr<crypto::SecureHash>& hash);

// Validates the signature of the extension and extract the key to

// |public_key_|. Returns true if the signature validates, false otherwise.

@@ -202,6 +215,12 @@ class SandboxedUnpacker : public content::UtilityProcessHostClient {

// The path to the CRX to unpack.

base::FilePath crx_path_;

+ // The package hash that was reported from the Web Store.

+ std::string package_hash_;

+ // Whether we need to check the .crx hash sum.

+ bool check_crx_hash_;

// Our client.

scoped_refptr<SandboxedUnpackerClient> client_;

« no previous file with comments | « extensions/browser/crx_file_info.cc ('k') | extensions/browser/sandboxed_unpacker.cc » ('j') | no next file with comments »