net/ocsp/nss_ocsp.cc - Issue 9663017: net: add OCSP tests.

Side by Side Diff: net/ocsp/nss_ocsp.cc

Issue 9663017: net: add OCSP tests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ocsp/nss_ocsp.h"	5 #include "net/ocsp/nss_ocsp.h"

6	6

7 #include <certt.h>	7 #include <certt.h>

8 #include <certdb.h>	8 #include <certdb.h>

9 #include <ocsp.h>	9 #include <ocsp.h>

10 #include <nspr.h>	10 #include <nspr.h>

(...skipping 31 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
42 pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER;	42 pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER;

43 static net::URLRequestContext* g_request_context = NULL;	43 static net::URLRequestContext* g_request_context = NULL;

44	44

45 class OCSPRequestSession;	45 class OCSPRequestSession;

46	46

47 class OCSPIOLoop {	47 class OCSPIOLoop {

48 public:	48 public:

49 void StartUsing() {	49 void StartUsing() {

50 base::AutoLock autolock(lock_);	50 base::AutoLock autolock(lock_);

51 used_ = true;	51 used_ = true;

	52 io_loop_ = MessageLoopForIO::current();

	53 DCHECK(io_loop_);

52 }	54 }

53	55

54 // Called on IO loop.	56 // Called on IO loop.

55 void Shutdown();	57 void Shutdown();

56	58

57 bool used() const {	59 bool used() const {

58 base::AutoLock autolock(lock_);	60 base::AutoLock autolock(lock_);

59 return used_;	61 return used_;

60 }	62 }

61	63

(...skipping 387 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
449 private:	451 private:

450 std::string host_;	452 std::string host_;

451 int port_;	453 int port_;

452	454

453 DISALLOW_COPY_AND_ASSIGN(OCSPServerSession);	455 DISALLOW_COPY_AND_ASSIGN(OCSPServerSession);

454 };	456 };

455	457

456 OCSPIOLoop::OCSPIOLoop()	458 OCSPIOLoop::OCSPIOLoop()

457 : shutdown_(false),	459 : shutdown_(false),

458 used_(false),	460 used_(false),

459 io_loop_(MessageLoopForIO::current()) {	461 io_loop_(NULL) {

460 DCHECK(io_loop_);

461 }	462 }

462	463

463 OCSPIOLoop::~OCSPIOLoop() {	464 OCSPIOLoop::~OCSPIOLoop() {

464 // IO thread was already deleted before the singleton is deleted	465 // IO thread was already deleted before the singleton is deleted

465 // in AtExitManager.	466 // in AtExitManager.

466 {	467 {

467 base::AutoLock autolock(lock_);	468 base::AutoLock autolock(lock_);

468 DCHECK(!io_loop_);	469 DCHECK(!io_loop_);

469 DCHECK(!used_);	470 DCHECK(!used_);

470 DCHECK(shutdown_);	471 DCHECK(shutdown_);

(...skipping 34 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
505 base::AutoLock autolock(lock_);	506 base::AutoLock autolock(lock_);

506 DCHECK_EQ(MessageLoopForIO::current(), io_loop_);	507 DCHECK_EQ(MessageLoopForIO::current(), io_loop_);

507 }	508 }

508	509

509 void OCSPIOLoop::AddRequest(OCSPRequestSession* request) {	510 void OCSPIOLoop::AddRequest(OCSPRequestSession* request) {

510 DCHECK(!ContainsKey(requests_, request));	511 DCHECK(!ContainsKey(requests_, request));

511 requests_.insert(request);	512 requests_.insert(request);

512 }	513 }

513	514

514 void OCSPIOLoop::RemoveRequest(OCSPRequestSession* request) {	515 void OCSPIOLoop::RemoveRequest(OCSPRequestSession* request) {

515 {

516 // Ignore if we've already shutdown.

517 base::AutoLock auto_lock(lock_);

518 if (shutdown_)

519 return;

520 }

521

522 DCHECK(ContainsKey(requests_, request));	516 DCHECK(ContainsKey(requests_, request));

523 requests_.erase(request);	517 requests_.erase(request);

524 }	518 }

525	519

526 void OCSPIOLoop::CancelAllRequests() {	520 void OCSPIOLoop::CancelAllRequests() {

527 std::set<OCSPRequestSession*> requests;	521 std::set<OCSPRequestSession*> requests;

528 requests.swap(requests_);	522 requests.swap(requests_);

529	523

530 for (std::set<OCSPRequestSession*>::iterator it = requests.begin();	524 // We can't use an iterator here because CancelURLRequest will call back into

531 it != requests.end(); ++it)	525 // us with RemoveRequest and mutate \|requests_\|.

532 (*it)->CancelURLRequest();	526 while (!requests_.empty()) {
	Ryan Sleevi 2012/03/13 23:06:39 This is surely wrong - the swap on line 522 should This is surely wrong - the swap on line 522 should have requests_.empty() always be true. Further, I'm not sure how the original code was bugged, since mutating \|requests_\| would be fine, since we swapped on line 528 (original) and only iterate the stack copy (line 530). agl 2012/03/13 23:44:03 Yes, sorry. That was a slip with git add -p, it sh Show quoted text On 2012/03/13 23:06:39, Ryan Sleevi wrote: > This is surely wrong - the swap on line 522 should have requests_.empty() always > be true. Yes, sorry. That was a slip with git add -p, it shouldn't have been staged. This was me misunderstanding what was going wrong. The rest of the changes in this file are the bug fix. In short: 1) We would grab the MessageLoop at construction time, which broke if we did an Init/Shutdown several times with a different MessageLoop. 2) The code in RemoveRequest to ignore removals at shutdown time would mean that they were left in requests_ and triggered a use-after-free when we shut it down again. Ryan Sleevi 2012/03/13 23:50:20 For unit tests that are affected by such globals, Show quoted text On 2012/03/13 23:44:03, agl wrote: > On 2012/03/13 23:06:39, Ryan Sleevi wrote: > > This is surely wrong - the swap on line 522 should have requests_.empty() > always > > be true. > > Yes, sorry. That was a slip with git add -p, it shouldn't have been staged. This > was me misunderstanding what was going wrong. The rest of the changes in this > file are the bug fix. In short: > > 1) We would grab the MessageLoop at construction time, which broke if we did an > Init/Shutdown several times with a different MessageLoop. For unit tests that are affected by such globals, you're supposed to construct a base::ShadowingAtExitManager within the test (fixture or individual test). This should allow you to avoid most of the changes, mod this one. Show quoted text > 2) The code in RemoveRequest to ignore removals at shutdown time would mean that > they were left in requests_ and triggered a use-after-free when we shut it down > again. Is this unnecessary if using a ShadowingAtExitManager? I'm just trying to figure out where the root bug is.
	527 (*requests.begin())->CancelURLRequest();

	528 }

533 }	529 }

534	530

535 OCSPNSSInitialization::OCSPNSSInitialization() {	531 OCSPNSSInitialization::OCSPNSSInitialization() {

536 // NSS calls the functions in the function table to download certificates	532 // NSS calls the functions in the function table to download certificates

537 // or CRLs or talk to OCSP responders over HTTP. These functions must	533 // or CRLs or talk to OCSP responders over HTTP. These functions must

538 // set an NSS/NSPR error code when they fail. Otherwise NSS will get the	534 // set an NSS/NSPR error code when they fail. Otherwise NSS will get the

539 // residual error code from an earlier failed function call.	535 // residual error code from an earlier failed function call.

540 client_fcn_.version = 1;	536 client_fcn_.version = 1;

541 SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1;	537 SEC_HttpClientFcnV1Struct *ft = &client_fcn_.fcnTable.ftable1;

542 ft->createSessionFcn = OCSPCreateSession;	538 ft->createSessionFcn = OCSPCreateSession;

(...skipping 395 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
938 void SetURLRequestContextForOCSP(URLRequestContext* request_context) {	934 void SetURLRequestContextForOCSP(URLRequestContext* request_context) {

939 pthread_mutex_lock(&g_request_context_lock);	935 pthread_mutex_lock(&g_request_context_lock);

940 if (request_context) {	936 if (request_context) {

941 DCHECK(!g_request_context);	937 DCHECK(!g_request_context);

942 }	938 }

943 g_request_context = request_context;	939 g_request_context = request_context;

944 pthread_mutex_unlock(&g_request_context_lock);	940 pthread_mutex_unlock(&g_request_context_lock);

945 }	941 }

946	942

947 } // namespace net	943 } // namespace net

OLD	NEW

« no previous file with comments | « net/data/ssl/certificates/ocsp-test-root.pem ('k') | net/test/base_test_server.h » ('j') | net/tools/testserver/minica.py » ('J')