Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(153)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/api/cast_channel/cast_auth_util.cc

Issue 890683002: Fix buffer overflow due to unbounded strlen over a non-null terminated string. Detected by asan. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Code review feedback. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/api/cast_channel/cast_auth_util.h" 5 #include "extensions/browser/api/cast_channel/cast_auth_util.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/strings/string_number_conversions.h" 10 #include "base/strings/string_number_conversions.h"
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
130 if (!result.success()) { 130 if (!result.success()) {
131 return result; 131 return result;
132 } 132 }
133 133
134 const AuthResponse& response = auth_message.response(); 134 const AuthResponse& response = auth_message.response();
135 result = VerifyCredentials(response, peer_cert); 135 result = VerifyCredentials(response, peer_cert);
136 if (!result.success()) { 136 if (!result.success()) {
137 return result; 137 return result;
138 } 138 }
139 139
140 if (response.client_auth_certificate().find(reinterpret_cast<const char*>( 140 const std::string& audio_policy =
141 kAudioOnlyPolicy)) != std::string::npos) { 141 std::string(reinterpret_cast<const char*>(kAudioOnlyPolicy),
142 (arraysize(kAudioOnlyPolicy) / sizeof(unsigned char)));
143 if (response.client_auth_certificate().find(audio_policy) !=
144 std::string::npos) {
142 result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY; 145 result.channel_policies |= AuthResult::POLICY_AUDIO_ONLY;
143 } 146 }
144 147
145 return result; 148 return result;
146 } 149 }
147 150
148 // This function does the following 151 // This function does the following
149 // * Verifies that the trusted CA |response.intermediate_certificate| is 152 // * Verifies that the trusted CA |response.intermediate_certificate| is
150 // whitelisted for use. 153 // whitelisted for use.
151 // * Verifies that |response.client_auth_certificate| is signed 154 // * Verifies that |response.client_auth_certificate| is signed
(...skipping 14 matching lines...) Expand all
166 if (ret.Success()) 169 if (ret.Success())
167 ret = verification_context->VerifySignatureOverData(response.signature(), 170 ret = verification_context->VerifySignatureOverData(response.signature(),
168 peer_cert); 171 peer_cert);
169 172
170 return TranslateVerificationResult(ret); 173 return TranslateVerificationResult(ret);
171 } 174 }
172 175
173 } // namespace cast_channel 176 } // namespace cast_channel
174 } // namespace core_api 177 } // namespace core_api
175 } // namespace extensions 178 } // namespace extensions
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698