Kill renderer on failure to deserialize security info in most cases

This CL adds a bool return value to DeserializeSecurityInfo() to
indicate if the information could be deserialized, and also adds a basic
sanity check to one of the deserialized values (|security_bits|).

In most places where security info is deserialized, this CL kills the
renderer if deserialization fails. The remaining place that this CL
doesn't handle is when the renderer passes ContextMenuParams to the
browser; this case requires a little more refactoring because the
renderer does the deserialization and passes the deserialized SSLStatus
to the browser.

Follow-up to https://codereview.chromium.org/1225983003/

BUG=508232

Review URL: https://codereview.chromium.org/1230003004

Cr-Commit-Position: refs/heads/master@{#338600}

1 files changed, 1 insertions, 2 deletions

diff --git a/content/browser/ssl/ssl_manager.cc b/content/browser/ssl/ssl_manager.cc
index 6f258a7..ab1048c 100644
--- a/content/browser/ssl/ssl_manager.cc
+++ b/content/browser/ssl/ssl_manager.cc
@@ -117,8 +117,7 @@ void SSLManager::DidCommitProvisionalLoad(const LoadCommittedDetails& details) {
     if (entry) {
       // We may not have an entry if this is a navigation to an initial blank
       // page. Add the new data we have.
-      entry->GetSSL() =
-          DeserializeSecurityInfo(details.serialized_security_info);
+      entry->GetSSL() = details.ssl_status;
     }
   }