| Index: net/base/cert_verify_proc_openssl.cc
|
| diff --git a/net/base/cert_verify_proc_openssl.cc b/net/base/cert_verify_proc_openssl.cc
|
| index 122c7b436e6c701a42533f434b56b1f1fe48e386..b9cd0b11d71b89f6149d419d3ab0e9257ae2aa72 100644
|
| --- a/net/base/cert_verify_proc_openssl.cc
|
| +++ b/net/base/cert_verify_proc_openssl.cc
|
| @@ -188,9 +188,11 @@ int CertVerifyProcOpenSSL::VerifyInternal(X509Certificate* cert,
|
| if (!sk_X509_push(intermediates.get(), *it))
|
| return ERR_OUT_OF_MEMORY;
|
| }
|
| - int rv = X509_STORE_CTX_init(ctx.get(), X509Certificate::cert_store(),
|
| - cert->os_cert_handle(), intermediates.get());
|
| - CHECK_EQ(1, rv);
|
| + if (X509_STORE_CTX_init(ctx.get(), X509Certificate::cert_store(),
|
| + cert->os_cert_handle(), intermediates.get()) != 1) {
|
| + NOTREACHED();
|
| + return ERR_FAILED;
|
| + }
|
|
|
| if (X509_verify_cert(ctx.get()) != 1) {
|
| int x509_error = X509_STORE_CTX_get_error(ctx.get());
|
|
|
Chromium Code Reviews
Issue 11572060:
Improve CertVerifyProcOpenSSL robustness against malicious data (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master