diff options
| author | nharper <nharper@chromium.org> | 2015-06-05 18:47:17 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-06-06 01:47:42 +0000 |
| commit | ab7f492e15f167aace4d448b8e00053788038760 (patch) | |
| tree | 7c06b29df7f5a46277eed77f40f23a3a35652dc7 /net/der | |
| parent | 0be0af05218ebc7aa311eecedfe1e266a2e22419 (diff) | |
| download | chromium_src-ab7f492e15f167aace4d448b8e00053788038760.zip chromium_src-ab7f492e15f167aace4d448b8e00053788038760.tar.gz chromium_src-ab7f492e15f167aace4d448b8e00053788038760.tar.bz2 | |
Remove dangerous std::string constructor for der::Input
BUG=490472
Review URL: https://codereview.chromium.org/1160643002
Cr-Commit-Position: refs/heads/master@{#333201}
Diffstat (limited to 'net/der')
| -rw-r--r-- | net/der/input.cc | 4 | ||||
| -rw-r--r-- | net/der/input.h | 3 | ||||
| -rw-r--r-- | net/der/input_unittest.cc | 8 | ||||
| -rw-r--r-- | net/der/parse_values_unittest.cc | 131 |
4 files changed, 70 insertions, 76 deletions
diff --git a/net/der/input.cc b/net/der/input.cc index 004034e..45edfdc 100644 --- a/net/der/input.cc +++ b/net/der/input.cc @@ -17,10 +17,6 @@ Input::Input() : data_(nullptr), len_(0) { Input::Input(const uint8_t* data, size_t len) : data_(data), len_(len) { } -Input::Input(const std::string& s) - : data_(reinterpret_cast<const uint8_t*>(s.data())), len_(s.size()) { -} - bool Input::Equals(const Input& other) const { if (len_ != other.len_) return false; diff --git a/net/der/input.h b/net/der/input.h index 6731b0c..f8eb467 100644 --- a/net/der/input.h +++ b/net/der/input.h @@ -49,9 +49,6 @@ class NET_EXPORT_PRIVATE Input { // Creates an Input from the given |data| and |len|. Input(const uint8_t* data, size_t len); - // Creates an Input from the given string |s|. - explicit Input(const std::string& s); - // Returns the length in bytes of an Input's data. size_t Length() const { return len_; } diff --git a/net/der/input_unittest.cc b/net/der/input_unittest.cc index dc58d4b..7d7b720 100644 --- a/net/der/input_unittest.cc +++ b/net/der/input_unittest.cc @@ -17,8 +17,8 @@ TEST(InputTest, Equals) { Input test2(kInput, arraysize(kInput)); EXPECT_TRUE(test.Equals(test2)); - std::string input_copy(reinterpret_cast<const char*>(kInput), - arraysize(kInput)); + uint8_t input_copy[arraysize(kInput)] = {0}; + memcpy(input_copy, kInput, arraysize(kInput)); Input test_copy(input_copy); EXPECT_TRUE(test.Equals(test_copy)); @@ -85,7 +85,9 @@ TEST(ByteReaderTest, ReadToMark) { TEST(ByteReaderTest, CantReadToWrongMark) { Input out; Input in1(kInput, arraysize(kInput)); - Input in2("test"); + + const uint8_t in2_bytes[] = {'t', 'e', 's', 't'}; + Input in2(in2_bytes); ByteReader reader1(in1); ByteReader reader2(in2); ASSERT_TRUE(reader1.ReadBytes(2, &out)); diff --git a/net/der/parse_values_unittest.cc b/net/der/parse_values_unittest.cc index 8233042..ea1b5c4 100644 --- a/net/der/parse_values_unittest.cc +++ b/net/der/parse_values_unittest.cc @@ -12,6 +12,17 @@ namespace net { namespace der { namespace test { +namespace { + +template <size_t N> +Input FromStringLiteral(const char(&data)[N]) { + // Strings are null-terminated. The null terminating byte shouldn't be + // included in the Input, so the size is N - 1 instead of N. + return Input(reinterpret_cast<const uint8_t*>(data), N - 1); +} + +} // namespace + TEST(ParseValuesTest, ParseBool) { uint8_t buf[] = {0xFF, 0x00}; Input value(buf, 1); @@ -38,117 +49,103 @@ TEST(ParseValuesTest, ParseBool) { TEST(ParseValuesTest, ParseTimes) { GeneralizedTime out; - EXPECT_TRUE(ParseUTCTime(Input("140218161200Z"), &out)); + EXPECT_TRUE(ParseUTCTime(FromStringLiteral("140218161200Z"), &out)); // DER-encoded UTCTime must end with 'Z'. - EXPECT_FALSE(ParseUTCTime(Input("140218161200X"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200X"), &out)); // Check that a negative number (-4 in this case) doesn't get parsed as // a 2-digit number. - EXPECT_FALSE(ParseUTCTime(Input("-40218161200Z"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("-40218161200Z"), &out)); // Check that numbers with a leading 0 don't get parsed in octal by making // the second digit an invalid octal digit (e.g. 09). - EXPECT_TRUE(ParseUTCTime(Input("090218161200Z"), &out)); + EXPECT_TRUE(ParseUTCTime(FromStringLiteral("090218161200Z"), &out)); // Check that the length is validated. - EXPECT_FALSE(ParseUTCTime(Input("140218161200"), &out)); - EXPECT_FALSE(ParseUTCTime(Input("140218161200Z0"), &out)); - EXPECT_FALSE(ParseUTCTimeRelaxed(Input("140218161200"), &out)); - EXPECT_FALSE(ParseUTCTimeRelaxed(Input("140218161200Z0"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("140218161200Z0"), &out)); + EXPECT_FALSE(ParseUTCTimeRelaxed(FromStringLiteral("140218161200"), &out)); + EXPECT_FALSE(ParseUTCTimeRelaxed(FromStringLiteral("140218161200Z0"), &out)); // Check strictness of UTCTime parsers. - EXPECT_FALSE(ParseUTCTime(Input("1402181612Z"), &out)); - EXPECT_TRUE(ParseUTCTimeRelaxed(Input("1402181612Z"), &out)); + EXPECT_FALSE(ParseUTCTime(FromStringLiteral("1402181612Z"), &out)); + EXPECT_TRUE(ParseUTCTimeRelaxed(FromStringLiteral("1402181612Z"), &out)); // Check that the time ends in Z. - EXPECT_FALSE(ParseUTCTimeRelaxed(Input("1402181612Z0"), &out)); + EXPECT_FALSE(ParseUTCTimeRelaxed(FromStringLiteral("1402181612Z0"), &out)); // Check format of GeneralizedTime. // Leap seconds are allowed. - EXPECT_TRUE(ParseGeneralizedTime(Input("20140218161260Z"), &out)); + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20140218161260Z"), &out)); // But nothing larger than a leap second. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161261Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218161261Z"), &out)); // Minutes only go up to 59. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140218166000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218166000Z"), &out)); // Hours only go up to 23. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140218240000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218240000Z"), &out)); // The 0th day of a month is invalid. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140200161200Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140200161200Z"), &out)); // The 0th month is invalid. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140018161200Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140018161200Z"), &out)); // Months greater than 12 are invalid. - EXPECT_FALSE(ParseGeneralizedTime(Input("20141318161200Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20141318161200Z"), &out)); // Some months have 31 days. - EXPECT_TRUE(ParseGeneralizedTime(Input("20140131000000Z"), &out)); + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20140131000000Z"), &out)); // September has only 30 days. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140931000000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140931000000Z"), &out)); // February has only 28 days... - EXPECT_FALSE(ParseGeneralizedTime(Input("20140229000000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140229000000Z"), &out)); // ... unless it's a leap year. - EXPECT_TRUE(ParseGeneralizedTime(Input("20160229000000Z"), &out)); + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20160229000000Z"), &out)); // There aren't any leap days in years divisible by 100... - EXPECT_FALSE(ParseGeneralizedTime(Input("21000229000000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("21000229000000Z"), &out)); // ...unless it's also divisible by 400. - EXPECT_TRUE(ParseGeneralizedTime(Input("20000229000000Z"), &out)); + EXPECT_TRUE(ParseGeneralizedTime(FromStringLiteral("20000229000000Z"), &out)); // Check more perverse invalid inputs. - const uint8_t trailing_null_bytes[] = {'2', - '0', - '0', - '0', - '1', - '2', - '3', - '1', - '0', - '1', - '0', - '2', - '0', - '3', - 'Z', - '\0'}; - Input trailing_null(trailing_null_bytes, sizeof(trailing_null_bytes)); - EXPECT_FALSE(ParseGeneralizedTime(trailing_null, &out)); - const uint8_t embedded_null_bytes[] = {'2', - '0', - '0', - '\0', - '1', - '2', - '3', - '1', - '0', - '1', - '0', - '2', - '0', - '3', - 'Z'}; - Input embedded_null(embedded_null_bytes, sizeof(embedded_null_bytes)); - EXPECT_FALSE(ParseGeneralizedTime(embedded_null, &out)); + // Check that trailing null bytes are not ignored. + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20001231010203Z\0"), &out)); + + // Check what happens when a null byte is in the middle of the input. + EXPECT_FALSE(ParseGeneralizedTime(FromStringLiteral( + "200\0" + "1231010203Z"), + &out)); // The year can't be in hex. - EXPECT_FALSE(ParseGeneralizedTime(Input("0x201231000000Z"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("0x201231000000Z"), &out)); // The last byte must be 'Z'. - EXPECT_FALSE(ParseGeneralizedTime(Input("20001231000000X"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20001231000000X"), &out)); // Check that the length is validated. - EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161200"), &out)); - EXPECT_FALSE(ParseGeneralizedTime(Input("20140218161200Z0"), &out)); + EXPECT_FALSE(ParseGeneralizedTime(FromStringLiteral("20140218161200"), &out)); + EXPECT_FALSE( + ParseGeneralizedTime(FromStringLiteral("20140218161200Z0"), &out)); } TEST(ParseValuesTest, TimesCompare) { @@ -156,9 +153,11 @@ TEST(ParseValuesTest, TimesCompare) { GeneralizedTime time2; GeneralizedTime time3; - ASSERT_TRUE(ParseGeneralizedTime(Input("20140218161200Z"), &time1)); - ASSERT_TRUE(ParseUTCTime(Input("150218161200Z"), &time2)); - ASSERT_TRUE(ParseGeneralizedTime(Input("20160218161200Z"), &time3)); + ASSERT_TRUE( + ParseGeneralizedTime(FromStringLiteral("20140218161200Z"), &time1)); + ASSERT_TRUE(ParseUTCTime(FromStringLiteral("150218161200Z"), &time2)); + ASSERT_TRUE( + ParseGeneralizedTime(FromStringLiteral("20160218161200Z"), &time3)); EXPECT_TRUE(time1 < time2); EXPECT_TRUE(time2 < time3); EXPECT_TRUE(time1 < time3); |