Improve CertVerifyProcOpenSSL robustness against malicious data

This patch allows OpenSSL certificate verification to fail gracefully when
preliminary initialization step fails, rather than crashing the browser.

BUG=165858


Review URL: https://chromiumcodereview.appspot.com/11572060

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@173459 0039d316-1c4b-4281-b951-d872f2087c98

This commit is contained in:

ppi@chromium.org

2012-12-17 15:02:03 +00:00

parent 343da03478

commit 7e740a05df

1 changed files with 5 additions and 3 deletions

									
										8

net/base/cert_verify_proc_openssl.cc
									
				@ -188,9 +188,11 @@ int CertVerifyProcOpenSSL::VerifyInternal(X509Certificate* cert,

				    if (!sk_X509_push(intermediates.get(), *it))

				      return ERR_OUT_OF_MEMORY;

				  }

				  int rv = X509_STORE_CTX_init(ctx.get(), X509Certificate::cert_store(),

				                               cert->os_cert_handle(), intermediates.get());

				  CHECK_EQ(1, rv);

				  if (X509_STORE_CTX_init(ctx.get(), X509Certificate::cert_store(),

				                          cert->os_cert_handle(), intermediates.get()) != 1) {

				    NOTREACHED();

				    return ERR_FAILED;

				  }

				  if (X509_verify_cert(ctx.get()) != 1) {

				    int x509_error = X509_STORE_CTX_get_error(ctx.get());

Improve CertVerifyProcOpenSSL robustness against malicious data

8 net/base/cert_verify_proc_openssl.cc

8

net/base/cert_verify_proc_openssl.cc