From 8c5bef217802a407314e5f518df411fb31c02c4e Mon Sep 17 00:00:00 2001
From: "agl@chromium.org"
 <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 14 Apr 2011 22:00:54 +0000
Subject: net: cut an HSTS hole out at latest.chrome.google.com

BUG=none
TEST=none

http://codereview.chromium.org/6852030

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81653 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/base/transport_security_state.cc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'net/base/transport_security_state.cc')

diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index 8644032..6118f35 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -509,6 +509,7 @@ bool TransportSecurityState::IsPreloadedSTS(
     {19, true, "\006health\006google\003com"},
     {21, true, "\010checkout\006google\003com"},
     {19, true, "\006chrome\006google\003com"},
+    {26, false, "\006latest\006chrome\006google\003com"},
     {28, false, "\016aladdinschools\007appspot\003com"},
     {14, true, "\011ottospora\002nl"},
     {17, true, "\004docs\006google\003com"},
@@ -540,9 +541,10 @@ bool TransportSecurityState::IsPreloadedSTS(
   for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) {
     for (size_t j = 0; j < kNumPreloadedSTS; j++) {
       if (kPreloadedSTS[j].length == canonicalized_host.size() - i &&
-          (kPreloadedSTS[j].include_subdomains || i == 0) &&
           memcmp(kPreloadedSTS[j].dns_name, &canonicalized_host[i],
                  kPreloadedSTS[j].length) == 0) {
+        if (!kPreloadedSTS[j].include_subdomains && i != 0)
+          return false;
         *include_subdomains = kPreloadedSTS[j].include_subdomains;
         return true;
       }
@@ -550,9 +552,10 @@ bool TransportSecurityState::IsPreloadedSTS(
     if (sni_available) {
       for (size_t j = 0; j < kNumPreloadedSNISTS; j++) {
         if (kPreloadedSNISTS[j].length == canonicalized_host.size() - i &&
-            (kPreloadedSNISTS[j].include_subdomains || i == 0) &&
             memcmp(kPreloadedSNISTS[j].dns_name, &canonicalized_host[i],
                    kPreloadedSNISTS[j].length) == 0) {
+          if (!kPreloadedSNISTS[j].include_subdomains && i != 0)
+            return false;
           *include_subdomains = kPreloadedSNISTS[j].include_subdomains;
           return true;
         }
-- 
cgit v1.1