Issue metadata
Sign in to add a comment
|
SecurityInfoForRequest may not update cert_missing_subject_alt_name field |
||||||||||||||||||||||
Issue description
This:
if (visible_security_state.certificate) {
security_info->cert_missing_subject_alt_name =
!visible_security_state.certificate->GetSubjectAltName(nullptr,
nullptr);
Should be
security_info->cert_missing_subject_alt_name = (visible_security_state.certificate && !visible_security_state.certificate->GetSubjectAltName(nullptr, nullptr);
Otherwise, the field is left unset in some cases.
In practice, this is almost certainly harmless, but it creates a misunderstanding of this function's contract.
,
Jul 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e9780e628ecaf9ae84ef16ffc779367fd4a15c40 commit e9780e628ecaf9ae84ef16ffc779367fd4a15c40 Author: Eric Lawrence <elawrence@chromium.org> Date: Thu Jul 20 22:24:08 2017 Ensure SecurityInfoForRequest sets cert_missing_subject_alt_name Previously, SecurityInfoForRequest updated cert_missing_subject_alt_name only if a certificate was present. It should instead set the field to false if a certificate is not present. Bug: 733308 Change-Id: Ieff93a1b6c243d2019c23fb1484d727211eeab20 Reviewed-on: https://chromium-review.googlesource.com/576114 Reviewed-by: Adrienne Porter Felt <felt@chromium.org> Commit-Queue: Eric Lawrence <elawrence@chromium.org> Cr-Commit-Position: refs/heads/master@{#488441} [modify] https://crrev.com/e9780e628ecaf9ae84ef16ffc779367fd4a15c40/components/security_state/core/security_state.cc
,
Jul 21 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jul 18 2017