Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(295)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 890683002: Fix buffer overflow due to unbounded strlen over a non-null terminated string. Detected by asan. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
11 #include "base/strings/stringprintf.h" 11 #include "base/strings/stringprintf.h"
12 #include "extensions/browser/api/cast_channel/cast_message_util.h" 12 #include "extensions/browser/api/cast_channel/cast_message_util.h"
13 #include "extensions/common/api/cast_channel/cast_channel.pb.h" 13 #include "extensions/common/api/cast_channel/cast_channel.pb.h"
14 #include "extensions/common/cast/cast_cert_validator.h" 14 #include "extensions/common/cast/cast_cert_validator.h"
15 15
16 namespace extensions { 16 namespace extensions {
17 namespace core_api { 17 namespace core_api {
18 namespace cast_channel { 18 namespace cast_channel {
19 namespace { 19 namespace {
20 20
21 const char* const kParseErrorPrefix = "Failed to parse auth message: "; 21 const char* const kParseErrorPrefix = "Failed to parse auth message: ";
22 22
23 const unsigned char kAudioOnlyPolicy[] = 23 const char kAudioOnlyPolicy[] =
mark a. foltz 2015/01/29 19:43:08 This has to remain unsigned right? It breaks comp
Kevin M 2015/01/30 00:11:10 Done.
24 {0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79, 0x02, 0x05, 0x02}; 24 {0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xD6, 0x79, 0x02, 0x05, 0x02};
25 25
26 namespace cast_crypto = ::extensions::core_api::cast_crypto; 26 namespace cast_crypto = ::extensions::core_api::cast_crypto;
27 27
28 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply 28 // Extracts an embedded DeviceAuthMessage payload from an auth challenge reply
29 // message. 29 // message.
30 AuthResult ParseAuthMessage(const CastMessage& challenge_reply, 30 AuthResult ParseAuthMessage(const CastMessage& challenge_reply,
31 DeviceAuthMessage* auth_message) { 31 DeviceAuthMessage* auth_message) {
32 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) { 32 if (challenge_reply.payload_type() != CastMessage_PayloadType_BINARY) {
33 return AuthResult::CreateWithParseError( 33 return AuthResult::CreateWithParseError(
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after
130 if (!result.success()) { 130 if (!result.success()) {
131 return result; 131 return result;
132 } 132 }
133 133
134 const AuthResponse& response = auth_message.response(); 134 const AuthResponse& response = auth_message.response();
135 result = VerifyCredentials(response, peer_cert); 135 result = VerifyCredentials(response, peer_cert);
136 if (!result.success()) { 136 if (!result.success()) {
137 return result; 137 return result;
138 } 138 }
139 139
140 if (response.client_auth_certificate().find(reinterpret_cast<const char*>( 140 if (response.client_auth_certificate().find(std::string(
mark a. foltz 2015/01/29 19:43:08 For readability, consider declaring a separate con
Kevin M 2015/01/30 00:11:10 Done.
141 kAudioOnlyPolicy)) != std::string::npos) { 141 kAudioOnlyPolicy, (arraysize(kAudioOnlyPolicy) /
mark a. foltz 2015/01/29 19:43:08 Extra ()
Kevin M 2015/01/30 00:11:10 Done.
142 sizeof(unsigned char)))) != std::string::npos) {
142 result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY; 143 result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY;
143 } 144 }
144 145
145 return result; 146 return result;
146 } 147 }
147 148
148 // This function does the following 149 // This function does the following
149 // * Verifies that the trusted CA |response.intermediate_certificate| is 150 // * Verifies that the trusted CA |response.intermediate_certificate| is
150 // whitelisted for use. 151 // whitelisted for use.
151 // * Verifies that |response.client_auth_certificate| is signed 152 // * Verifies that |response.client_auth_certificate| is signed
(...skipping 14 matching lines...) Expand all
166 if (ret.Success()) 167 if (ret.Success())
167 ret = verification_context->VerifySignatureOverData(response.signature(), 168 ret = verification_context->VerifySignatureOverData(response.signature(),
168 peer_cert); 169 peer_cert);
169 170
170 return TranslateVerificationResult(ret); 171 return TranslateVerificationResult(ret);
171 } 172 }
172 173
173 } // namespace cast_channel 174 } // namespace cast_channel
174 } // namespace core_api 175 } // namespace core_api
175 } // namespace extensions 176 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698