Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(884)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3ext.c

Issue 9663034: Fix a buffer length bug and nits in the next protocol negotiation (NPN) (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/nextprotocleanup.patch ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * SSL3 Protocol 2 * SSL3 Protocol
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 588 matching lines...) Expand 10 before | Expand all | Expand 10 after
599 } 599 }
600 600
601 static SECStatus 601 static SECStatus
602 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, 602 ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type,
603 SECItem *data) 603 SECItem *data)
604 { 604 {
605 SECStatus rv; 605 SECStatus rv;
606 unsigned char resultBuffer[255]; 606 unsigned char resultBuffer[255];
607 SECItem result = { siBuffer, resultBuffer, 0 }; 607 SECItem result = { siBuffer, resultBuffer, 0 };
608 608
609 if (ss->firstHsDone) { 609 PORT_Assert(!ss->firstHsDone);
wtc 2012/03/10 00:43:15 ss->firstHsDone cannot be true here. Line 650 bel
610 » PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
611 » return SECFailure;
612 }
613 610
614 rv = ssl3_ValidateNextProtoNego(data->data, data->len); 611 rv = ssl3_ValidateNextProtoNego(data->data, data->len);
615 if (rv != SECSuccess) 612 if (rv != SECSuccess)
616 return rv; 613 return rv;
617 614
618 /* ss->nextProtoCallback cannot normally be NULL if we negotiated the 615 /* ss->nextProtoCallback cannot normally be NULL if we negotiated the
619 * extension. However, It is possible that an application erroneously 616 * extension. However, It is possible that an application erroneously
620 * cleared the callback between the time we sent the ClientHello and now. 617 * cleared the callback between the time we sent the ClientHello and now.
621 */ 618 */
622 PORT_Assert(ss->nextProtoCallback != NULL); 619 PORT_Assert(ss->nextProtoCallback != NULL);
623 if (!ss->nextProtoCallback) { 620 if (!ss->nextProtoCallback) {
621 /* XXX Use a better error code. This is an application error, not an
622 * NSS bug. */
624 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); 623 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
625 return SECFailure; 624 return SECFailure;
626 } 625 }
627 626
628 rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, 627 rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
629 result.data, &result.len, sizeof resultBuffer); 628 result.data, &result.len, sizeof resultBuffer);
630 if (rv != SECSuccess) 629 if (rv != SECSuccess)
631 return rv; 630 return rv;
632 /* If the callback wrote more than allowed to |result| it has corrupted our 631 /* If the callback wrote more than allowed to |result| it has corrupted our
633 * stack. */ 632 * stack. */
634 if (result.len > sizeof result) { 633 if (result.len > sizeof resultBuffer) {
wtc 2012/03/10 00:43:15 This is the fix for the buffer length bug. We wil
635 PORT_SetError(SEC_ERROR_OUTPUT_LEN); 634 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
636 return SECFailure; 635 return SECFailure;
637 } 636 }
638 637
639 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 638 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
640 return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); 639 return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
641 } 640 }
642 641
643 static PRInt32 642 static PRInt32
644 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, 643 ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
(...skipping 1217 matching lines...) Expand 10 before | Expand all | Expand 10 after
1862 1861
1863 /* The echoed extension must be empty. */ 1862 /* The echoed extension must be empty. */
1864 if (data->len != 0) 1863 if (data->len != 0)
1865 return SECFailure; 1864 return SECFailure;
1866 1865
1867 /* Keep track of negotiated extensions. */ 1866 /* Keep track of negotiated extensions. */
1868 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; 1867 ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
1869 1868
1870 return SECSuccess; 1869 return SECSuccess;
1871 } 1870 }
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/nextprotocleanup.patch ('k') | net/third_party/nss/ssl/sslsock.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698