New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 751197 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Aug 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Expect-CT causes crash if report results in a net error

Project Member Reported by est...@chromium.org, Aug 1 2017

Issue description

ChromeExpectCTReporter checks the response code on report preflights before checking if the request was successful. This results in a crash if the preflight endpoint is a net error.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 2 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/75a8d05e46ac1bf5b18c5966b2832132e72527ff

commit 75a8d05e46ac1bf5b18c5966b2832132e72527ff
Author: Emily Stark <estark@google.com>
Date: Wed Aug 02 00:08:42 2017

Check Expect-CT preflight success before accessing response code

While adding Expect-CT support for chrome://net-internals, I noticed that a
crash can occur if the report URL results in a net error. This appears to be due
to accessing the response code before checking the request status is
success. Unfortunately, I can't reproduce the crash in a browser or unit test,
perhaps because it's a race.

Bug:  751197 
Change-Id: I60c2b4debe19da9ef98f838ce2013747644a39d8
Reviewed-on: https://chromium-review.googlesource.com/596514
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#491161}
[modify] https://crrev.com/75a8d05e46ac1bf5b18c5966b2832132e72527ff/chrome/browser/ssl/chrome_expect_ct_reporter.cc

Labels: Merge-Request-60
Labels: -Merge-Request-60 Merge-Request-61
Oops, got my milestones confused; requesting merge to M61.
Labels: -Merge-Request-61 Merge-Approved-61
Approving merge to M61 Chrome OS.
Cc: kbleicher@chromium.org
kbleicher: thanks! Is there a separate merge approval I need for non-ChromeOS?

Comment 6 Deleted

Before we approve merge for non-ChromeOS platforms, estark@, could you pls confirm change listed at #1 is well baked/verified in Canary, having enough automation coverage and will be a safe merge to M61? Thank you.
govind: I verified the change. I believe it's safe to merge because it's very small, and the feature is covered by automated tests and a Finch feature flag in case there are any problems and we need to turn it off.
Thank you  estark@. Merge approved for non-ChromeOS platforms as well. If merge happens by 5:00 PM PT tomorrow, we can take it in for next week beta release.
Project Member

Comment 10 by bugdroid1@chromium.org, Aug 4 2017

Labels: -merge-approved-61 merge-merged-3163
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/15484107312c6d7aac512c7b82087dee03fbb8c6

commit 15484107312c6d7aac512c7b82087dee03fbb8c6
Author: Emily Stark <estark@google.com>
Date: Fri Aug 04 00:30:02 2017

Check Expect-CT preflight success before accessing response code

While adding Expect-CT support for chrome://net-internals, I noticed that a
crash can occur if the report URL results in a net error. This appears to be due
to accessing the response code before checking the request status is
success. Unfortunately, I can't reproduce the crash in a browser or unit test,
perhaps because it's a race.

TBR=estark@google.com

(cherry picked from commit 75a8d05e46ac1bf5b18c5966b2832132e72527ff)

Bug:  751197 
Change-Id: I60c2b4debe19da9ef98f838ce2013747644a39d8
Reviewed-on: https://chromium-review.googlesource.com/596514
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#491161}
Reviewed-on: https://chromium-review.googlesource.com/601411
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/branch-heads/3163@{#301}
Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528}
[modify] https://crrev.com/15484107312c6d7aac512c7b82087dee03fbb8c6/chrome/browser/ssl/chrome_expect_ct_reporter.cc

Status: Fixed (was: Assigned)

Sign in to add a comment