diff options
| author | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-09 01:51:35 +0000 |
|---|---|---|
| committer | cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-12-09 01:51:35 +0000 |
| commit | fa293c072c9e15be1c098d5ab6e509f4c1e465bb (patch) | |
| tree | 7cd9f7d0d6d0809123b53bd472acd99e6d256566 /net | |
| parent | 89ee17c470fedd310b1ae3cc20f750a32530f8a6 (diff) | |
| download | chromium_src-fa293c072c9e15be1c098d5ab6e509f4c1e465bb.zip chromium_src-fa293c072c9e15be1c098d5ab6e509f4c1e465bb.tar.gz chromium_src-fa293c072c9e15be1c098d5ab6e509f4c1e465bb.tar.bz2 | |
Sanitize index because it comes from the untrusted renderer.
BUG=NONE
TEST=NONE
Review URL: http://codereview.chromium.org/471005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34127 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/keygen_handler_nss.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/base/keygen_handler_nss.cc b/net/base/keygen_handler_nss.cc index 2610d7f..d68ba0d 100644 --- a/net/base/keygen_handler_nss.cc +++ b/net/base/keygen_handler_nss.cc @@ -60,6 +60,10 @@ KeygenHandler::KeygenHandler(int key_size_index, const std::string& challenge) : key_size_index_(key_size_index), challenge_(challenge) { + if (key_size_index_ < 0 || + key_size_index_ >= + static_cast<int>(sizeof(RSAkeySizeMap) / sizeof(RSAkeySizeMap[0]))) + key_size_index_ = 0; } // This function is largely copied from the Firefox's |