net: cut an HSTS hole out at latest.chrome.google.com

BUG=none TEST=none http://codereview.chromium.org/6852030 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81653 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-14 22:00:54 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-14 22:00:54 +0000
commit: 8c5bef217802a407314e5f518df411fb31c02c4e (patch)
tree: f89b470d17f327253f3fff00ff7ccbeb8f544b26 /net/base/transport_security_state.cc
parent: a964e11511d9d88667b1bdca3a71d676dd5f8954 (diff)
download: chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.zip
chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.tar.gz
chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.tar.bz2
1 files changed, 5 insertions, 2 deletions
diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index 8644032..6118f35 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -509,6 +509,7 @@ bool TransportSecurityState::IsPreloadedSTS(
     {19, true, "\006health\006google\003com"},
     {21, true, "\010checkout\006google\003com"},
     {19, true, "\006chrome\006google\003com"},
+    {26, false, "\006latest\006chrome\006google\003com"},
     {28, false, "\016aladdinschools\007appspot\003com"},
     {14, true, "\011ottospora\002nl"},
     {17, true, "\004docs\006google\003com"},
@@ -540,9 +541,10 @@ bool TransportSecurityState::IsPreloadedSTS(
   for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
     for (size_t j = 0; j < kNumPreloadedSTS; j++) {
       if (kPreloadedSTS[j].length == canonicalized_host.size() - i &&
-          (kPreloadedSTS[j].include_subdomains || i == 0) &&
           memcmp(kPreloadedSTS[j].dns_name, &canonicalized_host[i],
                  kPreloadedSTS[j].length) == 0) {
+        if (!kPreloadedSTS[j].include_subdomains && i != 0)
+          return false;
         *include_subdomains = kPreloadedSTS[j].include_subdomains;
         return true;
       }
@@ -550,9 +552,10 @@ bool TransportSecurityState::IsPreloadedSTS(
     if (sni_available) {
       for (size_t j = 0; j < kNumPreloadedSNISTS; j++) {
         if (kPreloadedSNISTS[j].length == canonicalized_host.size() - i &&
-            (kPreloadedSNISTS[j].include_subdomains || i == 0) &&
             memcmp(kPreloadedSNISTS[j].dns_name, &canonicalized_host[i],
                    kPreloadedSNISTS[j].length) == 0) {
+          if (!kPreloadedSNISTS[j].include_subdomains && i != 0)
+            return false;
           *include_subdomains = kPreloadedSNISTS[j].include_subdomains;
           return true;
         }
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-14 22:00:54 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-14 22:00:54 +0000
commit	8c5bef217802a407314e5f518df411fb31c02c4e (patch)
tree	f89b470d17f327253f3fff00ff7ccbeb8f544b26 /net/base/transport_security_state.cc
parent	a964e11511d9d88667b1bdca3a71d676dd5f8954 (diff)
download	chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.zip chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.tar.gz chromium_src-8c5bef217802a407314e5f518df411fb31c02c4e.tar.bz2