ParseCertificateDate() accepts invalid dates |
|||
Issue descriptionIn particular, date values are allowed to have a leading plus sign, by virtue of using base::StringToInt() (In cert/x509_cert_types.cc)
,
Mar 23 2016
It also allows dates to have negative time components, by virtue of not checking if the parsed result was negative.
,
Mar 23 2016
.. although that is caught later by exploded.HasValidValues() so meh.
,
Mar 23 2016
Actually I think it does manifest as its own bug because of: 70 if (valid && year_length == 2) 71 exploded.year += exploded.year < 50 ? 2000 : 1900; 72 Since I think if year was "-9" then year_length == 2, and the final exploded.year will be (2000-9)
,
Mar 23 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1f90fcb579588d6491f04ffc586ba2bf5b2a1653 commit 1f90fcb579588d6491f04ffc586ba2bf5b2a1653 Author: eroman <eroman@chromium.org> Date: Wed Mar 23 22:28:55 2016 Don't allow negative date components in ParseCertificateDate(), or ones starting with a plus. BUG=596523, 596544 Review URL: https://codereview.chromium.org/1832583002 Cr-Commit-Position: refs/heads/master@{#382949} [modify] https://crrev.com/1f90fcb579588d6491f04ffc586ba2bf5b2a1653/net/cert/x509_cert_types.cc [modify] https://crrev.com/1f90fcb579588d6491f04ffc586ba2bf5b2a1653/net/cert/x509_cert_types_unittest.cc
,
Mar 23 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 by eroman@chromium.org
, Mar 21 2016