From b36eabf380e2818b8b181f8af4bb4a89aeabe59b Mon Sep 17 00:00:00 2001
From: "wtc@chromium.org"
 <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon, 26 Oct 2009 17:01:43 +0000
Subject: Add a CERT_RDN_ENCODED_BLOB case to CertSubjectCommonNameHasNull
 because we get CERT_RDN_ENCODED_BLOB on machines patched for the CryptoAPI
 ASN.1 security vulnerabilities.

R=rvargas
BUG=24190
TEST=the X509CertificateTest.PaypalNullCertParsing test
in net_unittests (debug build) should not hit a NOTREACHED()
assertion failure when running on a patched Windows machine.
Review URL: http://codereview.chromium.org/337014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30057 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/base/x509_certificate_win.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'net')

diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc
index 0ae4cfb..91c1fd8 100644
--- a/net/base/x509_certificate_win.cc
+++ b/net/base/x509_certificate_win.cc
@@ -204,6 +204,12 @@ bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) {
         PCERT_RDN_ATTR rdn_attr = &rdn->rgRDNAttr[j];
         if (strcmp(rdn_attr->pszObjId, szOID_COMMON_NAME) == 0) {
           switch (rdn_attr->dwValueType) {
+            // After the CryptoAPI ASN.1 security vulnerabilities described in
+            // http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx
+            // were patched, we get CERT_RDN_ENCODED_BLOB for a common name
+            // that contains a NULL character.
+            case CERT_RDN_ENCODED_BLOB:
+              break;
             // Array of 8-bit characters.
             case CERT_RDN_PRINTABLE_STRING:
             case CERT_RDN_TELETEX_STRING:
-- 
cgit v1.1