diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-28 04:16:56 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-10-28 04:16:56 +0000 |
| commit | 1dc1dffcf9ba7823511684da330a6ce0a8eb40ed (patch) | |
| tree | 8752f9944288624eff563060d2a265d102540e97 | |
| parent | 1f41000155f9659b8b9af077fc2af18e06b3aaa5 (diff) | |
| download | chromium_src-1dc1dffcf9ba7823511684da330a6ce0a8eb40ed.zip chromium_src-1dc1dffcf9ba7823511684da330a6ce0a8eb40ed.tar.gz chromium_src-1dc1dffcf9ba7823511684da330a6ce0a8eb40ed.tar.bz2 | |
Check cert_handle_ is not NULL to Verify()
If X509Certificate is created in URLRequestAutomationJob or
URLRequestInterceptJob, cert_handle_ is NULL.
So if such certificate is being to be verified (not sure it happens), it would cause crash or some
problem.
BUG=15614
TEST=none
Review URL: http://codereview.chromium.org/329036
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30319 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/base/x509_certificate_win.cc | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index 91c1fd8..cc6fda2d 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -436,6 +436,7 @@ void X509Certificate::Initialize() { std::wstring subject_info; std::wstring issuer_info; DWORD name_size; + DCHECK(cert_handle_); name_size = CertNameToStr(cert_handle_->dwCertEncodingType, &cert_handle_->pCertInfo->Subject, CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG, @@ -484,6 +485,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, } void X509Certificate::Persist(Pickle* pickle) { + DCHECK(cert_handle_); DWORD length; if (!CertSerializeCertificateStoreElement(cert_handle_, 0, NULL, &length)) { @@ -501,16 +503,19 @@ void X509Certificate::Persist(Pickle* pickle) { void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const { dns_names->clear(); - scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info; - GetCertSubjectAltName(cert_handle_, &alt_name_info); - CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); - if (alt_name) { - int num_entries = alt_name->cAltEntry; - for (int i = 0; i < num_entries; i++) { - // dNSName is an ASN.1 IA5String representing a string of ASCII - // characters, so we can use WideToASCII here. - if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) - dns_names->push_back(WideToASCII(alt_name->rgAltEntry[i].pwszDNSName)); + if (cert_handle_) { + scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info; + GetCertSubjectAltName(cert_handle_, &alt_name_info); + CERT_ALT_NAME_INFO* alt_name = alt_name_info.get(); + if (alt_name) { + int num_entries = alt_name->cAltEntry; + for (int i = 0; i < num_entries; i++) { + // dNSName is an ASN.1 IA5String representing a string of ASCII + // characters, so we can use WideToASCII here. + if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME) + dns_names->push_back( + WideToASCII(alt_name->rgAltEntry[i].pwszDNSName)); + } } } if (dns_names->empty()) @@ -521,6 +526,8 @@ int X509Certificate::Verify(const std::string& hostname, int flags, CertVerifyResult* verify_result) const { verify_result->Reset(); + if (!cert_handle_) + return ERR_UNEXPECTED; // Build and validate certificate chain. @@ -671,6 +678,7 @@ int X509Certificate::Verify(const std::string& hostname, // of the EV Certificate Guidelines Version 1.0 at // http://cabforum.org/EV_Certificate_Guidelines.pdf. bool X509Certificate::VerifyEV() const { + DCHECK(cert_handle_); net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance(); PCCERT_CHAIN_CONTEXT chain_context = ConstructCertChain(cert_handle_, |