diff options
| author | evanm@google.com <evanm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-09 18:02:37 +0000 |
|---|---|---|
| committer | evanm@google.com <evanm@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-12-09 18:02:37 +0000 |
| commit | 9f8821edd4e22a43159d88039ac647403f02dddc (patch) | |
| tree | 89fe895567ac603350f51b43633689fe14aec497 /net/base | |
| parent | c04558992dcba248ff8477021addf14b3b5b74f6 (diff) | |
| download | chromium_src-9f8821edd4e22a43159d88039ac647403f02dddc.zip chromium_src-9f8821edd4e22a43159d88039ac647403f02dddc.tar.gz chromium_src-9f8821edd4e22a43159d88039ac647403f02dddc.tar.bz2 | |
Fix some crashes by handling an NSS result value more carefully and reverting
a bit of Linux SSL code.
Review URL: http://codereview.chromium.org/13649
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6591 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/ssl_client_socket_nss.cc | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/net/base/ssl_client_socket_nss.cc b/net/base/ssl_client_socket_nss.cc index ffd1023..62e348b 100644 --- a/net/base/ssl_client_socket_nss.cc +++ b/net/base/ssl_client_socket_nss.cc @@ -23,16 +23,20 @@ static const int kRecvBufferSize = 4096; -// nss calls this if an incoming certificate is invalid. -static SECStatus ownBadCertHandler(void* arg, PRFileDesc* socket) { +namespace { + +// NSS calls this if an incoming certificate is invalid. +SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket) { PRErrorCode err = PR_GetError(); LOG(INFO) << "server certificate is invalid; NSS error code " << err; // Return SECSuccess to override the problem, // or SECFailure to let the original function fail // Chromium wants it to fail here, and may retry it later. - return SECFailure; + LOG(WARNING) << "TODO(dkegel): return SECFailure here"; + return SECSuccess; } +} // anonymous namespace namespace net { @@ -249,7 +253,9 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { SSLChannelInfo channel_info; SECStatus ok = SSL_GetChannelInfo(nss_fd_, &channel_info, sizeof(channel_info)); - if (ok == SECSuccess) { + if (ok == SECSuccess && + channel_info.length == sizeof(channel_info) && + channel_info.cipherSuite) { SSLCipherSuiteInfo cipher_info; ok = SSL_GetCipherSuiteInfo(channel_info.cipherSuite, &cipher_info, sizeof(cipher_info)); @@ -257,7 +263,8 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->security_bits = cipher_info.effectiveKeyBits; } else { ssl_info->security_bits = -1; - NOTREACHED(); + LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() + << " for cipherSuite " << channel_info.cipherSuite; } } ssl_info->cert_status = server_cert_status_; @@ -497,7 +504,7 @@ int SSLClientSocketNSS::DoConnectComplete(int result) { if (rv != SECSuccess) return ERR_UNEXPECTED; - rv = SSL_BadCertHook(nss_fd_, ownBadCertHandler, NULL); + rv = SSL_BadCertHook(nss_fd_, OwnBadCertHandler, NULL); if (rv != SECSuccess) return ERR_UNEXPECTED; |