Skip to content

Commit

Permalink
Handle invalid IP addresses in certificates.
Browse files Browse the repository at this point in the history 
Some certificates have invalid IP addresses in them (for example,
https://www.1010ez.med.va.gov - certificate reproduced below). Currently Chrome
crashes when loading the certificate viewer for such certificates because we
hit a CHECK when the IP is not 4 nor 16 bytes long.

This change causes such invalid IP addresses to be rendered as hex bytes.

-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgIDAtRTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5DeWJlcnRydXN0IEluYzERMA8GA1UECxMIU2VydmljZXMxDDAK
BgNVBAsTA1BLSTEnMCUGA1UEAxMeQ3liZXJ0cnVzdCBQdWJsaWMgSXNzdWluZyBD
QSAxMB4XDTEzMDcwOTE2MzQxMVoXDTE0MDcwOTE2MzQxMVowgdcxEzARBgoJkiaJ
k/IsZAEZFgNnb3YxEjAQBgoJkiaJk/IsZAEZFgJ2YTElMCMGA1UECAwcV2VzdCBW
aXJnaW5pYSxEQ1w9dmEsRENcPWdvdjEUMBIGA1UEBxMLTWFydGluc2J1cmcxKjAo
BgNVBAoTIVVTIERlcGFydG1lbnQgb2YgVmV0ZXJhbnMgQWZmYWlyczEjMCEGA1UE
CxMaQ2FwaXRvbCBSZWdpb24gRGF0YSBDZW50ZXIxHjAcBgNVBAMTFXd3dy4xMDEw
ZXoubWVkLnZhLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7b
2C1+XZ1ecJznpGgdrxE5qAz4W0KCzDMr8AVqXxj1zToeZUCEu/OV6BP1dzQ/RUS6
lzlMHS0eWL4d/B3gUHy4McvrrR7kTydTJ9oaScSIY+81rOYByrWr8B5C+jKTPbl+
yvc89jOncVsu0gPKUPmFl/X+E3js4gR91Ime2Jd5hObR9KDJGnDSf7/E5jGgqtr1
Nm0P3gGT8IUJ8XlmoN1JgtbFl68AahpukkEeahliKzNKULGv1PrruceorF/Trqpm
QfgptTnO7zDVSXbOUIoCDjXzPjKTkJC3SDF4J8IRYufv7d7jpNjE7VW7Jh8X/DIC
gbPPJV9nhrsbhfc9iJcCAwEAAaOCAlIwggJOMBMGA1UdEQQMMAqHCAAAAAD///8A
MIHTBggrBgEFBQcBAQSBxjCBwzBABggrBgEFBQcwAoY0aHR0cDovL2FpYTEuY29t
LXN0cm9uZy1pZC5uZXQvQ0EvQ1QtUFVCTElDLUlDQS0xLnA3YzB/BggrBgEFBQcw
AoZzbGRhcDovL2RpcjEuY29tLXN0cm9uZy1pZC5uZXQvY249Q3liZXJ0cnVzdCBQ
dWJsaWMgSXNzdWluZyBDQSAxLG91PVBLSSxvdT1TZXJ2aWNlcyxvPUN5YmVydHJ1
c3QsIGM9VVM/Y0FDZXJ0aWZpY2F0ZTAOBgNVHQ8BAf8EBAMCBaAwIwYDVR0lBBww
GgYEVR0lAAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFFScgUYKFsr/
YPnqikUKdVxOst6KMIHrBgNVHR8EgeMwgeAwPKA6oDiGNmh0dHA6Ly9jZHAxLmNv
bS1zdHJvbmctaWQubmV0L0NEUC9DVC1QVUJMSUMtSS1DQS0xLmNybDCBn6CBnKCB
mYaBlmxkYXA6Ly9kaXIxLnNzcC1zdHJvbmctaWQubmV0L2NuJTNkQ3liZXJ0cnVz
dCUyMFB1YmxpYyUyMElzc3VpbmclMjBDQSUyMDEsb3UlM2RQS0ksb3UlM2RTZXJ2
aWNlcyxvJTNkQ3liZXJ0cnVzdCUyMEluYyxjJTNkVVM/Y2VydGlmaWNhdGVSZXZv
Y2F0aW9uTGlzdDAdBgNVHQ4EFgQUIctu7j8dD+eGZa2R9OaLnKFKIwwwDQYJKoZI
hvcNAQEFBQADggEBAD8fhMinh/DN0n/KyIOCEBqe1aJkiC86aqIJaC5e0Sg5MkHs
bLFSRTmWoyXJVlAk52+K/q1uUQGoP6s+mRiNGtmqENRz9vgU1tAmQzQBT8VtnNTQ
GJWtyI1Pab6Lh+RDsD2Y6EY3Q19A7FUOQKo3OdZis6LMzAmA6FT5o9Z27PHop/aB
EY9G26KGu8BT+q7RweZuDBSmQCxFTrjy2Bno+U2QSfWc9S2XHcaeUrt6wtkf8dTb
H/bTcSeXKa05AFyHoVeAPQ3lplHowjCvzFy93/RiVX903d8CGsfaoqgH8QNXAlQ6
ZqPITBlyJlK9qTvcsRD8rvEWLTHT1SgbHoBLEMg=
-----END CERTIFICATE-----

BUG=none
R=wtc@chromium.org

Review URL: https://codereview.chromium.org/184033009

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@254876 0039d316-1c4b-4281-b951-d872f2087c98
  • Loading branch information
agl@chromium.org committed Mar 4, 2014
1 parent 2e85bda commit 20e4fea
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -537,11 +537,14 @@ std::string ProcessGeneralName(PRArenaPool* arena,
break;
case certIPAddress: {
key = l10n_util::GetStringUTF8(IDS_CERT_GENERAL_NAME_IP_ADDRESS);

net::IPAddressNumber ip(
current->name.other.data,
current->name.other.data + current->name.other.len);
value = net::IPEndPoint(ip, 0).ToStringWithoutPort();
if (value.empty()) {

if (net::GetAddressFamily(ip) != net::ADDRESS_FAMILY_UNSPECIFIED) {
value = net::IPAddressToString(ip);
} else {
// Invalid IP address.
value = ProcessRawBytes(&current->name.other);
}
Expand Down

0 comments on commit 20e4fea

Please sign in to comment.