mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1368107 - Remove TransportSecurityInfo::GetHostNameRaw(). r=keeler 

GetHostNameRaw() returns a char* string, which is less safe and ergonomic
compared to the Mozilla string classes. GetHostName() can be used instead.

MozReview-Commit-ID: GYvTnISNN35

--HG--
extra : rebase_source : da257f5fba2c26cd92d932c3d1d363458b84a65b
This commit is contained in:
Cykesiopka 2017-06-03 13:35:51 +08:00
Родитель f2ce0dde51
Коммит 0adca03a5d
8 изменённых файлов: 25 добавлений и 24 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
security/certverifier/CertVerifier.cpp
Просмотреть файл

@ -20,6 +20,7 @@
#include "mozilla/Casting.h"
#include "mozilla/IntegerPrintfMacros.h"
#include "nsNSSComponent.h"
#include "nsPromiseFlatString.h"
#include "nsServiceManagerUtils.h"
#include "pk11pub.h"
#include "pkix/pkix.h"
@ -942,7 +943,7 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
/*optional*/ const SECItem* sctsFromTLS,
Time time,
/*optional*/ void* pinarg,
const char* hostname,
const nsACString& hostname,
/*out*/ UniqueCERTCertList& builtChain,
/*optional*/ UniqueCERTCertList* peerCertChain,
/*optional*/ bool saveIntermediatesInPermanentDatabase,
@ -957,21 +958,21 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
{
MOZ_ASSERT(peerCert);
// XXX: MOZ_ASSERT(pinarg);
MOZ_ASSERT(hostname);
MOZ_ASSERT(hostname[0]);
MOZ_ASSERT(!hostname.IsEmpty());
if (evOidPolicy) {
*evOidPolicy = SEC_OID_UNKNOWN;
}
if (!hostname || !hostname[0]) {
if (hostname.IsEmpty()) {
return Result::ERROR_BAD_CERT_DOMAIN;
}
// CreateCertErrorRunnable assumes that CheckCertHostname is only called
// if VerifyCert succeeded.
Result rv = VerifyCert(peerCert.get(), certificateUsageSSLServer, time,
pinarg, hostname, builtChain, peerCertChain, flags,
pinarg, PromiseFlatCString(hostname).get(), builtChain,
peerCertChain, flags,
stapledOCSPResponse, sctsFromTLS, originAttributes,
evOidPolicy, ocspStaplingStatus, keySizeStatus,
sha1ModeResult, pinningTelemetryInfo, ctInfo);
@ -1005,8 +1006,9 @@ CertVerifier::VerifySSLServerCert(const UniqueCERTCertificate& peerCert,
}
Input hostnameInput;
rv = hostnameInput.Init(BitwiseCast<const uint8_t*, const char*>(hostname),
strlen(hostname));
rv = hostnameInput.Init(
BitwiseCast<const uint8_t*, const char*>(hostname.BeginReading()),
hostname.Length());
if (rv != Success) {
return Result::FATAL_ERROR_INVALID_ARGS;
}

3
security/certverifier/CertVerifier.h
Просмотреть файл

@ -15,6 +15,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/TimeStamp.h"
#include "mozilla/UniquePtr.h"
#include "nsString.h"
#include "pkix/pkixtypes.h"
#if defined(_MSC_VER)
@ -148,7 +149,7 @@ public:
/*optional*/ const SECItem* sctsFromTLS,
mozilla::pkix::Time time,
/*optional*/ void* pinarg,
const char* hostname,
const nsACString& hostname,
/*out*/ UniqueCERTCertList& builtChain,
/*optional*/ UniqueCERTCertList* peerCertChain = nullptr,
/*optional*/ bool saveIntermediatesInPermanentDatabase = false,

12
security/manager/ssl/SSLServerCertVerification.cpp
Просмотреть файл

@ -128,6 +128,7 @@
#include "nsNSSShutDown.h"
#include "nsSSLStatus.h"
#include "nsServiceManagerUtils.h"
#include "nsString.h"
#include "nsURLHelper.h"
#include "nsXPCOMCIDInternal.h"
#include "pkix/pkix.h"
@ -338,7 +339,7 @@ MapCertErrorToProbeValue(PRErrorCode errorCode)
SECStatus
DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
const char* hostName,
const nsACString& hostName,
PRTime now, PRErrorCode defaultErrorCodeToReport,
/*out*/ uint32_t& collectedErrors,
/*out*/ PRErrorCode& errorCodeTrust,
@ -346,7 +347,6 @@ DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
/*out*/ PRErrorCode& errorCodeTime)
{
MOZ_ASSERT(cert);
MOZ_ASSERT(hostName);
MOZ_ASSERT(collectedErrors == 0);
MOZ_ASSERT(errorCodeTrust == 0);
MOZ_ASSERT(errorCodeMismatch == 0);
@ -419,8 +419,8 @@ DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
}
Input hostnameInput;
Result result = hostnameInput.Init(
BitwiseCast<const uint8_t*, const char*>(hostName),
strlen(hostName));
BitwiseCast<const uint8_t*, const char*>(hostName.BeginReading()),
hostName.Length());
if (result != Success) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
@ -682,7 +682,7 @@ CreateCertErrorRunnable(CertVerifier& certVerifier,
PRErrorCode errorCodeTrust = 0;
PRErrorCode errorCodeMismatch = 0;
PRErrorCode errorCodeTime = 0;
if (DetermineCertOverrideErrors(cert, infoObject->GetHostNameRaw(), now,
if (DetermineCertOverrideErrors(cert, infoObject->GetHostName(), now,
defaultErrorCodeToReport, collected_errors,
errorCodeTrust, errorCodeMismatch,
errorCodeTime) != SECSuccess) {
@ -1403,7 +1403,7 @@ AuthCertificate(CertVerifier& certVerifier,
Result rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse,
sctsFromTLSExtension, time,
infoObject,
infoObject->GetHostNameRaw(),
infoObject->GetHostName(),
certList, &peerCertChain,
saveIntermediates, flags,
infoObject->

7
security/manager/ssl/TransportSecurityInfo.h
Просмотреть файл

@ -43,7 +43,7 @@ protected:
virtual ~TransportSecurityInfo();
public:
TransportSecurityInfo();
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSITRANSPORTSECURITYINFO
NS_DECL_NSIINTERFACEREQUESTOR
@ -55,7 +55,6 @@ public:
nsresult SetSecurityState(uint32_t aState);
const nsACString & GetHostName() const { return mHostName; }
const char * GetHostNameRaw() const { return mHostName.get(); }
void SetHostName(const char* host);
@ -69,11 +68,11 @@ public:
nsresult SetOriginAttributes(const OriginAttributes& aOriginAttributes);
PRErrorCode GetErrorCode() const;
void GetErrorLogMessage(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
nsString &result);
void SetCanceled(PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType);

2
security/manager/ssl/nsNSSCallbacks.cpp
Просмотреть файл

@ -1132,7 +1132,7 @@ DetermineEVAndCTStatusAndSetNewCert(RefPtr<nsSSLStatus> sslStatus,
sctsFromTLSExtension,
mozilla::pkix::Now(),
infoObject,
infoObject->GetHostNameRaw(),
infoObject->GetHostName(),
unusedBuiltChain,
&peerCertChain,
saveIntermediates,

4
security/manager/ssl/nsNSSCertificateDB.cpp
Просмотреть файл

@ -1400,14 +1400,13 @@ VerifyCertAtTime(nsIX509Cert* aCert,
SECOidTag evOidPolicy;
mozilla::pkix::Result result;
const nsCString& flatHostname = PromiseFlatCString(aHostname);
if (!aHostname.IsVoid() && aUsage == certificateUsageSSLServer) {
result = certVerifier->VerifySSLServerCert(nssCert,
nullptr, // stapledOCSPResponse
nullptr, // sctsFromTLSExtension
aTime,
nullptr, // Assume no context
flatHostname.get(),
aHostname,
resultChain,
nullptr, // no peerCertChain
false, // don't save intermediates
@ -1415,6 +1414,7 @@ VerifyCertAtTime(nsIX509Cert* aCert,
OriginAttributes(),
&evOidPolicy);
} else {
const nsCString& flatHostname = PromiseFlatCString(aHostname);
result = certVerifier->VerifyCert(nssCert.get(), aUsage, aTime,
nullptr, // Assume no context
aHostname.IsVoid() ? nullptr

3
security/manager/ssl/nsNSSIOLayer.cpp
Просмотреть файл

@ -450,7 +450,6 @@ nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
if (!certVerifier) {
return NS_OK;
}
nsAutoCString hostnameFlat(PromiseFlatCString(hostname));
CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY;
UniqueCERTCertList unusedBuiltChain;
mozilla::pkix::Result result =
@ -459,7 +458,7 @@ nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
nullptr, // sctsFromTLSExtension
mozilla::pkix::Now(),
nullptr, // pinarg
hostnameFlat.get(),
hostname,
unusedBuiltChain,
nullptr, // no peerCertChain
false, // save intermediates

2
security/manager/ssl/nsSiteSecurityService.cpp
Просмотреть файл

@ -1076,7 +1076,7 @@ nsSiteSecurityService::ProcessPKPHeader(
nullptr, // stapledOCSPResponse
nullptr, // sctsFromTLSExtension
now, nullptr, // pinarg
host.get(), // hostname
host, // hostname
certList,
nullptr, // no peerCertChain
false, // don't store intermediates