124569 2013-11-19 01:08:18 -0800 [curl] Improve ssl certificate storage and check 2013-11-21 09:40:45 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 119436 117300 1 sipka webkit-unassigned bfulgham commit-queue galpeter sipka oldest_to_newest 951997 0 217277 sipka 2013-11-19 01:08:18 -0800 Created attachment 217277 proposed patch Storage and check the whole certificate chain, not just the root certificate. 952321 1 217277 bfulgham 2013-11-19 16:53:02 -0800 Comment on attachment 217277 proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=217277&action=review Looks good overall. I have some concern about the BIO_get_mem_data call (though I realize this wasn't code you added). Can you review and let me know what you think? > Source/WebCore/platform/network/curl/SSLHandle.cpp:146 > + unsigned char *certificateData; unsigned char* certificateData; > Source/WebCore/platform/network/curl/SSLHandle.cpp:147 > + long len = BIO_get_mem_data(bio, &certificateData); The BIO_get_mem_data documentation is pretty weak. Does it ever return a negative value? If not, why is the return value signed? If it is negative, then the following code will do bad things. 952996 2 sipka 2013-11-21 01:47:39 -0800 (In reply to comment #1) > (From update of attachment 217277 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=217277&action=review > Thanks for the detailed review. > Looks good overall. I have some concern about the BIO_get_mem_data call (though I realize this wasn't code you added). Can you review and let me know what you think? > BIO_get_mem_data() sets pp to a pointer to the start of the memory BIOs data and returns the total amount of data available. length = BIO_get_mem_data(bio, &certificateData); // here - certificateData is a pointer to encoded data, length - length of data. > > Source/WebCore/platform/network/curl/SSLHandle.cpp:146 > > + unsigned char *certificateData; > > unsigned char* certificateData; > I changed this. > > Source/WebCore/platform/network/curl/SSLHandle.cpp:147 > > + long len = BIO_get_mem_data(bio, &certificateData); > > The BIO_get_mem_data documentation is pretty weak. Does it ever return a negative value? If not, why is the return value signed? If it is negative, then the following code will do bad things. Yes, I made the change what is necessary to avoid unexpected behaviors in Bug119436 which this bug depends on. 952997 3 217534 sipka 2013-11-21 01:48:36 -0800 Created attachment 217534 proposed patch 953002 4 217537 sipka 2013-11-21 02:04:28 -0800 Created attachment 217537 proposed patch Add missing ChangeLog 953123 5 217537 bfulgham 2013-11-21 09:14:07 -0800 Comment on attachment 217537 proposed patch r=me. 953140 6 217537 commit-queue 2013-11-21 09:40:42 -0800 Comment on attachment 217537 proposed patch Clearing flags on attachment: 217537 Committed r159632: <http://trac.webkit.org/changeset/159632> 953141 7 commit-queue 2013-11-21 09:40:45 -0800 All reviewed patches have been landed. Closing bug. 217277 2013-11-19 01:08:18 -0800 2013-11-21 01:48:36 -0800 proposed patch certChain.patch text/plain 3876 sipka ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvY3VybC9TU0xIYW5k bGUuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5j cHAKaW5kZXggNDRhNWEzYS4uZDRmOGJlYyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxh dGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxh dGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5jcHAKQEAgLTMyLDMwICszMiw0MCBAQAogI2lu Y2x1ZGUgPG9wZW5zc2wvcGVtLmg+CiAjaW5jbHVkZSA8b3BlbnNzbC9zc2wuaD4KICNpbmNsdWRl IDxvcGVuc3NsL3g1MDlfdmZ5Lmg+CisjaW5jbHVkZSA8d3RmL0hhc2hTZXQuaD4KIAogbmFtZXNw YWNlIFdlYkNvcmUgewogCi1zdGF0aWMgSGFzaE1hcDxTdHJpbmcsIFN0cmluZz4gYWxsb3dlZEhv c3RzOworc3RhdGljIEhhc2hNYXA8U3RyaW5nLCBIYXNoU2V0PFN0cmluZz4+IGFsbG93ZWRIb3N0 czsKIAogdm9pZCBhbGxvd3NBbnlIVFRQU0NlcnRpZmljYXRlSG9zdHMoY29uc3QgU3RyaW5nJiBo b3N0KQogewotICAgIEhhc2hNYXA8U3RyaW5nLCBTdHJpbmc+OjppdGVyYXRvciBpdCA9IGFsbG93 ZWRIb3N0cy5maW5kKGhvc3QpOworICAgIEhhc2hNYXA8U3RyaW5nLCBIYXNoU2V0PFN0cmluZz4+ OjppdGVyYXRvciBpdCA9IGFsbG93ZWRIb3N0cy5maW5kKGhvc3QpOwogICAgIGlmIChpdCAhPSBh bGxvd2VkSG9zdHMuZW5kKCkpCi0gICAgICAgIGl0LT52YWx1ZSA9IFN0cmluZygpOwotICAgIGVs c2UKLSAgICAgICAgYWxsb3dlZEhvc3RzLmFkZChob3N0LCBTdHJpbmcoKSk7CisgICAgICAgIGl0 LT52YWx1ZS5jbGVhcigpOworICAgIGVsc2UgeworICAgICAgICBIYXNoU2V0PFN0cmluZz4gY2Vy dGlmaWNhdGVzOworICAgICAgICBhbGxvd2VkSG9zdHMuYWRkKGhvc3QsIGNlcnRpZmljYXRlcyk7 CisgICAgfQogfQogCi1ib29sIHNzbElnbm9yZUhUVFBTQ2VydGlmaWNhdGUoY29uc3QgU3RyaW5n JiBob3N0LCBjb25zdCBTdHJpbmcmIGNlcnQpCitib29sIHNzbElnbm9yZUhUVFBTQ2VydGlmaWNh dGUoY29uc3QgU3RyaW5nJiBob3N0LCBjb25zdCBIYXNoU2V0PFN0cmluZz4mIGNlcnRpZmljYXRl cykKIHsKLSAgICBIYXNoTWFwPFN0cmluZywgU3RyaW5nPjo6aXRlcmF0b3IgaXQgPSBhbGxvd2Vk SG9zdHMuZmluZChob3N0KTsKKyAgICBIYXNoTWFwPFN0cmluZywgSGFzaFNldDxTdHJpbmc+Pjo6 aXRlcmF0b3IgaXQgPSBhbGxvd2VkSG9zdHMuZmluZChob3N0KTsKICAgICBpZiAoaXQgIT0gYWxs b3dlZEhvc3RzLmVuZCgpKSB7CiAgICAgICAgIGlmICgoaXQtPnZhbHVlKS5pc0VtcHR5KCkpIHsK LSAgICAgICAgICAgIGl0LT52YWx1ZSA9IGNlcnQ7CisgICAgICAgICAgICBpdC0+dmFsdWUgPSBj ZXJ0aWZpY2F0ZXM7CiAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgfQotICAgICAg ICBpZiAoaXQtPnZhbHVlID09IGNlcnQpCi0gICAgICAgICAgICByZXR1cm4gdHJ1ZTsKKyAgICAg ICAgaWYgKGNlcnRpZmljYXRlcy5zaXplKCkgIT0gaXQtPnZhbHVlLnNpemUoKSkKKyAgICAgICAg ICAgIHJldHVybiBmYWxzZTsKKyAgICAgICAgSGFzaFNldDxTdHJpbmc+Ojpjb25zdF9pdGVyYXRv ciBjZXJ0c0l0ZXIgPSBjZXJ0aWZpY2F0ZXMuYmVnaW4oKTsKKyAgICAgICAgSGFzaFNldDxTdHJp bmc+OjppdGVyYXRvciB2YWx1ZUl0ZXIgPSAoaXQtPnZhbHVlKS5iZWdpbigpOworICAgICAgICBm b3IgKDsgdmFsdWVJdGVyICE9IChpdC0+dmFsdWUpLmVuZCgpOyArK3ZhbHVlSXRlciwgKytjZXJ0 c0l0ZXIpIHsKKyAgICAgICAgICAgIGlmICgqY2VydHNJdGVyICE9ICp2YWx1ZUl0ZXIpCisgICAg ICAgICAgICAgICAgcmV0dXJuIGZhbHNlOworICAgICAgICB9CisgICAgICAgIHJldHVybiB0cnVl OwogICAgIH0KICAgICByZXR1cm4gZmFsc2U7CiB9CkBAIC0xMTgsMjQgKzEyOCwzMSBAQCB1bnNp Z25lZCBzc2xDZXJ0aWZpY2F0ZUZsYWcoY29uc3QgdW5zaWduZWQmIHNzbEVycm9yKQogfQogCiAj aWYgIVBMQVRGT1JNKFdJTikKLS8vIHN1Y2Nlc3Mgb2YgY2VydGlmaWNhdGUgZXh0cmFjdGlvbgot Ym9vbCBwZW1EYXRhKFg1MDlfU1RPUkVfQ1RYKiBjdHgsIFN0cmluZyYgY2VydGlmaWNhdGUpCisv LyBzdWNjZXNzIG9mIGNlcnRpZmljYXRlcyBleHRyYWN0aW9uCitib29sIHBlbURhdGEoWDUwOV9T VE9SRV9DVFgqIGN0eCwgSGFzaFNldDxTdHJpbmc+JiBjZXJ0aWZpY2F0ZXMpCiB7Ci0gICAgWDUw OSogZXJyQ2VydCA9IFg1MDlfU1RPUkVfQ1RYX2dldF9jdXJyZW50X2NlcnQoY3R4KTsKLQotICAg IC8vIGdldCB0aGUgY2VydCBpbiBQRU0gZm9ybWF0Ci0gICAgQklPKiBiaW8gPSBCSU9fbmV3KEJJ T19zX21lbSgpKTsKLQotICAgIGludCByZXMgPSBQRU1fd3JpdGVfYmlvX1g1MDkoYmlvLCBlcnJD ZXJ0KTsKLSAgICBpZiAoIXJlcykKLSAgICAgICAgcmV0dXJuIGZhbHNlOworICAgIGJvb2wgb2sg PSB0cnVlOworICAgIFNUQUNLX09GKFg1MDkpKiBjZXJ0cyA9IFg1MDlfU1RPUkVfQ1RYX2dldDFf Y2hhaW4oY3R4KTsKKyAgICBmb3IgKGludCBpID0gMDsgaSA8IHNrX1g1MDlfbnVtKGNlcnRzKTsg aSsrKSB7CisgICAgICAgIFg1MDkqIHVDZXJ0ID0gc2tfWDUwOV92YWx1ZShjZXJ0cywgaSk7Cisg ICAgICAgIEJJTyogYmlvID0gQklPX25ldyhCSU9fc19tZW0oKSk7CisgICAgICAgIGludCByZXMg PSBQRU1fd3JpdGVfYmlvX1g1MDkoYmlvLCB1Q2VydCk7CisgICAgICAgIGlmICghcmVzKSB7Cisg ICAgICAgICAgICBvayA9IGZhbHNlOworICAgICAgICAgICAgQklPX2ZyZWUoYmlvKTsKKyAgICAg ICAgICAgIGJyZWFrOworICAgICAgICB9CisgICAgICAgIAorICAgICAgICB1bnNpZ25lZCBjaGFy ICpjZXJ0aWZpY2F0ZURhdGE7CisgICAgICAgIGxvbmcgbGVuID0gQklPX2dldF9tZW1fZGF0YShi aW8sICZjZXJ0aWZpY2F0ZURhdGEpOworICAgICAgICBjZXJ0aWZpY2F0ZURhdGFbbGVuXSA9ICdc MCc7CisgICAgICAgIFN0cmluZyBjZXJ0aWZpY2F0ZSA9IGNlcnRpZmljYXRlRGF0YTsKKyAgICAg ICAgY2VydGlmaWNhdGVzLmFkZChjZXJ0aWZpY2F0ZSk7CisgICAgICAgIEJJT19mcmVlKGJpbyk7 CisgICAgfQogCi0gICAgdW5zaWduZWQgY2hhciAqZGF0YTsKLSAgICBsb25nIGxlbiA9IEJJT19n ZXRfbWVtX2RhdGEoYmlvLCAmZGF0YSk7Ci0gICAgZGF0YVtsZW5dID0gJ1wwJzsKLSAgICBjZXJ0 aWZpY2F0ZSA9IGRhdGE7Ci0gICAgQklPX2ZyZWUoYmlvKTsKLSAgICByZXR1cm4gdHJ1ZTsKKyAg ICBza19YNTA5X3BvcF9mcmVlKGNlcnRzLCBYNTA5X2ZyZWUpOworICAgIHJldHVybiBvazsKIH0K ICNlbmRpZgogCkBAIC0xNTksMTAgKzE3NiwxMCBAQCBzdGF0aWMgaW50IGNlcnRWZXJpZnlDYWxs YmFjayhpbnQgb2ssIFg1MDlfU1RPUkVfQ1RYKiBjdHgpCiAgICAgSGFzaE1hcDxTdHJpbmcsIFN0 cmluZz46Oml0ZXJhdG9yIGl0ID0gYWxsb3dlZEhvc3RzLmZpbmQoaG9zdCk7CiAgICAgb2sgPSAo aXQgIT0gYWxsb3dlZEhvc3RzLmVuZCgpKTsKICNlbHNlCi0gICAgU3RyaW5nIGNlcnRpZmljYXRl OwotICAgIGlmICghcGVtRGF0YShjdHgsIGNlcnRpZmljYXRlKSkKKyAgICBIYXNoU2V0PFN0cmlu Zz4gY2VydGlmaWNhdGVzOworICAgIGlmICghcGVtRGF0YShjdHgsIGNlcnRpZmljYXRlcykpCiAg ICAgICAgIHJldHVybiAwOwotICAgIG9rID0gc3NsSWdub3JlSFRUUFNDZXJ0aWZpY2F0ZShob3N0 Lmxvd2VyKCksIGNlcnRpZmljYXRlKTsKKyAgICBvayA9IHNzbElnbm9yZUhUVFBTQ2VydGlmaWNh dGUoaG9zdC5sb3dlcigpLCBjZXJ0aWZpY2F0ZXMpOwogI2VuZGlmCiAKICAgICBpZiAob2spIHsK 217534 2013-11-21 01:48:36 -0800 2013-11-21 02:04:28 -0800 proposed patch certChain.patch text/plain 3936 sipka ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvY3VybC9TU0xIYW5k bGUuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5j cHAKaW5kZXggZTQ1NGMyZi4uYWE0ZDYxNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxh dGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxh dGZvcm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5jcHAKQEAgLTMyLDMwICszMiwzNSBAQAogI2lu Y2x1ZGUgPG9wZW5zc2wvcGVtLmg+CiAjaW5jbHVkZSA8b3BlbnNzbC9zc2wuaD4KICNpbmNsdWRl IDxvcGVuc3NsL3g1MDlfdmZ5Lmg+CisjaW5jbHVkZSA8d3RmL0hhc2hTZXQuaD4KIAogbmFtZXNw YWNlIFdlYkNvcmUgewogCi1zdGF0aWMgSGFzaE1hcDxTdHJpbmcsIFN0cmluZz4gYWxsb3dlZEhv c3RzOworc3RhdGljIEhhc2hNYXA8U3RyaW5nLCBIYXNoU2V0PFN0cmluZz4+IGFsbG93ZWRIb3N0 czsKIAogdm9pZCBhbGxvd3NBbnlIVFRQU0NlcnRpZmljYXRlSG9zdHMoY29uc3QgU3RyaW5nJiBo b3N0KQogewotICAgIEhhc2hNYXA8U3RyaW5nLCBTdHJpbmc+OjppdGVyYXRvciBpdCA9IGFsbG93 ZWRIb3N0cy5maW5kKGhvc3QpOwotICAgIGlmIChpdCAhPSBhbGxvd2VkSG9zdHMuZW5kKCkpCi0g ICAgICAgIGl0LT52YWx1ZSA9IFN0cmluZygpOwotICAgIGVsc2UKLSAgICAgICAgYWxsb3dlZEhv c3RzLmFkZChob3N0LCBTdHJpbmcoKSk7CisgICAgSGFzaFNldDxTdHJpbmc+IGNlcnRpZmljYXRl czsKKyAgICBhbGxvd2VkSG9zdHMuc2V0KGhvc3QsIGNlcnRpZmljYXRlcyk7CiB9CiAKLWJvb2wg c3NsSWdub3JlSFRUUFNDZXJ0aWZpY2F0ZShjb25zdCBTdHJpbmcmIGhvc3QsIGNvbnN0IFN0cmlu ZyYgY2VydCkKK2Jvb2wgc3NsSWdub3JlSFRUUFNDZXJ0aWZpY2F0ZShjb25zdCBTdHJpbmcmIGhv c3QsIGNvbnN0IEhhc2hTZXQ8U3RyaW5nPiYgY2VydGlmaWNhdGVzKQogewotICAgIEhhc2hNYXA8 U3RyaW5nLCBTdHJpbmc+OjppdGVyYXRvciBpdCA9IGFsbG93ZWRIb3N0cy5maW5kKGhvc3QpOwor ICAgIEhhc2hNYXA8U3RyaW5nLCBIYXNoU2V0PFN0cmluZz4+OjppdGVyYXRvciBpdCA9IGFsbG93 ZWRIb3N0cy5maW5kKGhvc3QpOwogICAgIGlmIChpdCAhPSBhbGxvd2VkSG9zdHMuZW5kKCkpIHsK ICAgICAgICAgaWYgKChpdC0+dmFsdWUpLmlzRW1wdHkoKSkgewotICAgICAgICAgICAgaXQtPnZh bHVlID0gY2VydDsKKyAgICAgICAgICAgIGl0LT52YWx1ZSA9IGNlcnRpZmljYXRlczsKICAgICAg ICAgICAgIHJldHVybiB0cnVlOwogICAgICAgICB9Ci0gICAgICAgIGlmIChpdC0+dmFsdWUgPT0g Y2VydCkKLSAgICAgICAgICAgIHJldHVybiB0cnVlOworICAgICAgICBpZiAoY2VydGlmaWNhdGVz LnNpemUoKSAhPSBpdC0+dmFsdWUuc2l6ZSgpKQorICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwor ICAgICAgICBIYXNoU2V0PFN0cmluZz46OmNvbnN0X2l0ZXJhdG9yIGNlcnRzSXRlciA9IGNlcnRp ZmljYXRlcy5iZWdpbigpOworICAgICAgICBIYXNoU2V0PFN0cmluZz46Oml0ZXJhdG9yIHZhbHVl SXRlciA9IChpdC0+dmFsdWUpLmJlZ2luKCk7CisgICAgICAgIGZvciAoOyB2YWx1ZUl0ZXIgIT0g KGl0LT52YWx1ZSkuZW5kKCk7ICsrdmFsdWVJdGVyLCArK2NlcnRzSXRlcikgeworICAgICAgICAg ICAgaWYgKCpjZXJ0c0l0ZXIgIT0gKnZhbHVlSXRlcikKKyAgICAgICAgICAgICAgICByZXR1cm4g ZmFsc2U7CisgICAgICAgIH0KKyAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgfQogICAgIHJldHVy biBmYWxzZTsKIH0KQEAgLTExOCwzMSArMTIzLDM2IEBAIHVuc2lnbmVkIHNzbENlcnRpZmljYXRl RmxhZyhjb25zdCB1bnNpZ25lZCYgc3NsRXJyb3IpCiB9CiAKICNpZiAhUExBVEZPUk0oV0lOKQot Ly8gc3VjY2VzcyBvZiBjZXJ0aWZpY2F0ZSBleHRyYWN0aW9uCi1ib29sIHBlbURhdGEoWDUwOV9T VE9SRV9DVFgqIGN0eCwgU3RyaW5nJiBjZXJ0aWZpY2F0ZSkKKy8vIHN1Y2Nlc3Mgb2YgY2VydGlm aWNhdGVzIGV4dHJhY3Rpb24KK2Jvb2wgcGVtRGF0YShYNTA5X1NUT1JFX0NUWCogY3R4LCBIYXNo U2V0PFN0cmluZz4mIGNlcnRpZmljYXRlcykKIHsKLSAgICBYNTA5KiBlcnJDZXJ0ID0gWDUwOV9T VE9SRV9DVFhfZ2V0X2N1cnJlbnRfY2VydChjdHgpOwotCi0gICAgLy8gZ2V0IHRoZSBjZXJ0IGlu IFBFTSBmb3JtYXQKLSAgICBCSU8qIGJpbyA9IEJJT19uZXcoQklPX3NfbWVtKCkpOworICAgIGJv b2wgb2sgPSB0cnVlOworICAgIFNUQUNLX09GKFg1MDkpKiBjZXJ0cyA9IFg1MDlfU1RPUkVfQ1RY X2dldDFfY2hhaW4oY3R4KTsKKyAgICBmb3IgKGludCBpID0gMDsgaSA8IHNrX1g1MDlfbnVtKGNl cnRzKTsgaSsrKSB7CisgICAgICAgIFg1MDkqIHVDZXJ0ID0gc2tfWDUwOV92YWx1ZShjZXJ0cywg aSk7CisgICAgICAgIEJJTyogYmlvID0gQklPX25ldyhCSU9fc19tZW0oKSk7CisgICAgICAgIGlu dCByZXMgPSBQRU1fd3JpdGVfYmlvX1g1MDkoYmlvLCB1Q2VydCk7CisgICAgICAgIGlmICghcmVz KSB7CisgICAgICAgICAgICBvayA9IGZhbHNlOworICAgICAgICAgICAgQklPX2ZyZWUoYmlvKTsK KyAgICAgICAgICAgIGJyZWFrOworICAgICAgICB9CiAKLSAgICBpbnQgcmVzID0gUEVNX3dyaXRl X2Jpb19YNTA5KGJpbywgZXJyQ2VydCk7Ci0gICAgaWYgKCFyZXMpIHsKLSAgICAgICAgQklPX2Zy ZWUoYmlvKTsKLSAgICAgICAgcmV0dXJuIGZhbHNlOwotICAgIH0KKyAgICAgICAgdW5zaWduZWQg Y2hhciogY2VydGlmaWNhdGVEYXRhOworICAgICAgICBsb25nIGxlbmd0aCA9IEJJT19nZXRfbWVt X2RhdGEoYmlvLCAmY2VydGlmaWNhdGVEYXRhKTsKKyAgICAgICAgaWYgKGxlbmd0aCA8IDApIHsK KyAgICAgICAgICAgIG9rID0gZmFsc2U7CisgICAgICAgICAgICBCSU9fZnJlZShiaW8pOworICAg ICAgICAgICAgYnJlYWs7CisgICAgICAgIH0KIAotICAgIHVuc2lnbmVkIGNoYXIqIGRhdGE7Ci0g ICAgbG9uZyBsZW4gPSBCSU9fZ2V0X21lbV9kYXRhKGJpbywgJmRhdGEpOwotICAgIGlmIChsZW4g PCAwKSB7CisgICAgICAgIGNlcnRpZmljYXRlRGF0YVtsZW5ndGhdID0gJ1wwJzsKKyAgICAgICAg U3RyaW5nIGNlcnRpZmljYXRlID0gY2VydGlmaWNhdGVEYXRhOworICAgICAgICBjZXJ0aWZpY2F0 ZXMuYWRkKGNlcnRpZmljYXRlKTsKICAgICAgICAgQklPX2ZyZWUoYmlvKTsKLSAgICAgICAgcmV0 dXJuIGZhbHNlOwogICAgIH0KLQotICAgIGRhdGFbbGVuXSA9ICdcMCc7Ci0gICAgY2VydGlmaWNh dGUgPSBkYXRhOwotICAgIEJJT19mcmVlKGJpbyk7Ci0gICAgcmV0dXJuIHRydWU7CisgICAgICAg IHNrX1g1MDlfcG9wX2ZyZWUoY2VydHMsIFg1MDlfZnJlZSk7CisgICAgICAgIHJldHVybiBvazsK IH0KICNlbmRpZgogCkBAIC0xNjYsMTAgKzE3NiwxMCBAQCBzdGF0aWMgaW50IGNlcnRWZXJpZnlD YWxsYmFjayhpbnQgb2ssIFg1MDlfU1RPUkVfQ1RYKiBjdHgpCiAgICAgSGFzaE1hcDxTdHJpbmcs IFN0cmluZz46Oml0ZXJhdG9yIGl0ID0gYWxsb3dlZEhvc3RzLmZpbmQoaG9zdCk7CiAgICAgb2sg PSAoaXQgIT0gYWxsb3dlZEhvc3RzLmVuZCgpKTsKICNlbHNlCi0gICAgU3RyaW5nIGNlcnRpZmlj YXRlOwotICAgIGlmICghcGVtRGF0YShjdHgsIGNlcnRpZmljYXRlKSkKKyAgICBIYXNoU2V0PFN0 cmluZz4gY2VydGlmaWNhdGVzOworICAgIGlmICghcGVtRGF0YShjdHgsIGNlcnRpZmljYXRlcykp CiAgICAgICAgIHJldHVybiAwOwotICAgIG9rID0gc3NsSWdub3JlSFRUUFNDZXJ0aWZpY2F0ZSho b3N0Lmxvd2VyKCksIGNlcnRpZmljYXRlKTsKKyAgICBvayA9IHNzbElnbm9yZUhUVFBTQ2VydGlm aWNhdGUoaG9zdC5sb3dlcigpLCBjZXJ0aWZpY2F0ZXMpOwogI2VuZGlmCiAKICAgICBpZiAob2sp IHsK 217537 2013-11-21 02:04:28 -0800 2013-11-21 09:40:42 -0800 proposed patch certChain.patch text/plain 4757 sipka ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCAwMjRjMzU4Li42YTE4ODkxIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTgg QEAKKzIwMTMtMTEtMjEgIFJvYmVydCBTaXBrYSAgPHNpcGthQGluZi51LXN6ZWdlZC5odT4KKwor ICAgICAgICBbY3VybF1JbXByb3ZlIHNzbCBjZXJ0aWZpY2F0ZSBzdG9yYWdlIGFuZCBjaGVjawor ICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTI0NTY5CisK KyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgU3RvcmFnZSBh bmQgY2hlY2sgdGhlIHdob2xlIGNlcnRpZmljYXRlIGNoYWluLCBub3QganVzdCB0aGUgcm9vdCBj ZXJ0aWZpY2F0ZS4KKworICAgICAgICAqIHBsYXRmb3JtL25ldHdvcmsvY3VybC9TU0xIYW5kbGUu Y3BwOgorICAgICAgICAoV2ViQ29yZTo6YWxsb3dzQW55SFRUUFNDZXJ0aWZpY2F0ZUhvc3RzKToK KyAgICAgICAgKFdlYkNvcmU6OnNzbElnbm9yZUhUVFBTQ2VydGlmaWNhdGUpOgorICAgICAgICAo V2ViQ29yZTo6cGVtRGF0YSk6CisgICAgICAgIChXZWJDb3JlOjpjZXJ0VmVyaWZ5Q2FsbGJhY2sp OgorCiAyMDEzLTExLTIxICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNv bT4KIAogICAgICAgICBbR1RLXSBDYW5ub3Qgc2Nyb2xsIGluIG9wdGlvbiBtZW51IHdoZW4gaXQg bGFyZ2VyIHRoYW4gdGhlIHNjcmVlbgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vbmV0d29yay9jdXJsL1NTTEhhbmRsZS5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9u ZXR3b3JrL2N1cmwvU1NMSGFuZGxlLmNwcAppbmRleCBlNDU0YzJmLi5hYTRkNjE0IDEwMDY0NAot LS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL2N1cmwvU1NMSGFuZGxlLmNwcAor KysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL2N1cmwvU1NMSGFuZGxlLmNwcApA QCAtMzIsMzAgKzMyLDM1IEBACiAjaW5jbHVkZSA8b3BlbnNzbC9wZW0uaD4KICNpbmNsdWRlIDxv cGVuc3NsL3NzbC5oPgogI2luY2x1ZGUgPG9wZW5zc2wveDUwOV92ZnkuaD4KKyNpbmNsdWRlIDx3 dGYvSGFzaFNldC5oPgogCiBuYW1lc3BhY2UgV2ViQ29yZSB7CiAKLXN0YXRpYyBIYXNoTWFwPFN0 cmluZywgU3RyaW5nPiBhbGxvd2VkSG9zdHM7CitzdGF0aWMgSGFzaE1hcDxTdHJpbmcsIEhhc2hT ZXQ8U3RyaW5nPj4gYWxsb3dlZEhvc3RzOwogCiB2b2lkIGFsbG93c0FueUhUVFBTQ2VydGlmaWNh dGVIb3N0cyhjb25zdCBTdHJpbmcmIGhvc3QpCiB7Ci0gICAgSGFzaE1hcDxTdHJpbmcsIFN0cmlu Zz46Oml0ZXJhdG9yIGl0ID0gYWxsb3dlZEhvc3RzLmZpbmQoaG9zdCk7Ci0gICAgaWYgKGl0ICE9 IGFsbG93ZWRIb3N0cy5lbmQoKSkKLSAgICAgICAgaXQtPnZhbHVlID0gU3RyaW5nKCk7Ci0gICAg ZWxzZQotICAgICAgICBhbGxvd2VkSG9zdHMuYWRkKGhvc3QsIFN0cmluZygpKTsKKyAgICBIYXNo U2V0PFN0cmluZz4gY2VydGlmaWNhdGVzOworICAgIGFsbG93ZWRIb3N0cy5zZXQoaG9zdCwgY2Vy dGlmaWNhdGVzKTsKIH0KIAotYm9vbCBzc2xJZ25vcmVIVFRQU0NlcnRpZmljYXRlKGNvbnN0IFN0 cmluZyYgaG9zdCwgY29uc3QgU3RyaW5nJiBjZXJ0KQorYm9vbCBzc2xJZ25vcmVIVFRQU0NlcnRp ZmljYXRlKGNvbnN0IFN0cmluZyYgaG9zdCwgY29uc3QgSGFzaFNldDxTdHJpbmc+JiBjZXJ0aWZp Y2F0ZXMpCiB7Ci0gICAgSGFzaE1hcDxTdHJpbmcsIFN0cmluZz46Oml0ZXJhdG9yIGl0ID0gYWxs b3dlZEhvc3RzLmZpbmQoaG9zdCk7CisgICAgSGFzaE1hcDxTdHJpbmcsIEhhc2hTZXQ8U3RyaW5n Pj46Oml0ZXJhdG9yIGl0ID0gYWxsb3dlZEhvc3RzLmZpbmQoaG9zdCk7CiAgICAgaWYgKGl0ICE9 IGFsbG93ZWRIb3N0cy5lbmQoKSkgewogICAgICAgICBpZiAoKGl0LT52YWx1ZSkuaXNFbXB0eSgp KSB7Ci0gICAgICAgICAgICBpdC0+dmFsdWUgPSBjZXJ0OworICAgICAgICAgICAgaXQtPnZhbHVl ID0gY2VydGlmaWNhdGVzOwogICAgICAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgICAgIH0KLSAg ICAgICAgaWYgKGl0LT52YWx1ZSA9PSBjZXJ0KQotICAgICAgICAgICAgcmV0dXJuIHRydWU7Cisg ICAgICAgIGlmIChjZXJ0aWZpY2F0ZXMuc2l6ZSgpICE9IGl0LT52YWx1ZS5zaXplKCkpCisgICAg ICAgICAgICByZXR1cm4gZmFsc2U7CisgICAgICAgIEhhc2hTZXQ8U3RyaW5nPjo6Y29uc3RfaXRl cmF0b3IgY2VydHNJdGVyID0gY2VydGlmaWNhdGVzLmJlZ2luKCk7CisgICAgICAgIEhhc2hTZXQ8 U3RyaW5nPjo6aXRlcmF0b3IgdmFsdWVJdGVyID0gKGl0LT52YWx1ZSkuYmVnaW4oKTsKKyAgICAg ICAgZm9yICg7IHZhbHVlSXRlciAhPSAoaXQtPnZhbHVlKS5lbmQoKTsgKyt2YWx1ZUl0ZXIsICsr Y2VydHNJdGVyKSB7CisgICAgICAgICAgICBpZiAoKmNlcnRzSXRlciAhPSAqdmFsdWVJdGVyKQor ICAgICAgICAgICAgICAgIHJldHVybiBmYWxzZTsKKyAgICAgICAgfQorICAgICAgICByZXR1cm4g dHJ1ZTsKICAgICB9CiAgICAgcmV0dXJuIGZhbHNlOwogfQpAQCAtMTE4LDMxICsxMjMsMzYgQEAg dW5zaWduZWQgc3NsQ2VydGlmaWNhdGVGbGFnKGNvbnN0IHVuc2lnbmVkJiBzc2xFcnJvcikKIH0K IAogI2lmICFQTEFURk9STShXSU4pCi0vLyBzdWNjZXNzIG9mIGNlcnRpZmljYXRlIGV4dHJhY3Rp b24KLWJvb2wgcGVtRGF0YShYNTA5X1NUT1JFX0NUWCogY3R4LCBTdHJpbmcmIGNlcnRpZmljYXRl KQorLy8gc3VjY2VzcyBvZiBjZXJ0aWZpY2F0ZXMgZXh0cmFjdGlvbgorYm9vbCBwZW1EYXRhKFg1 MDlfU1RPUkVfQ1RYKiBjdHgsIEhhc2hTZXQ8U3RyaW5nPiYgY2VydGlmaWNhdGVzKQogewotICAg IFg1MDkqIGVyckNlcnQgPSBYNTA5X1NUT1JFX0NUWF9nZXRfY3VycmVudF9jZXJ0KGN0eCk7Ci0K LSAgICAvLyBnZXQgdGhlIGNlcnQgaW4gUEVNIGZvcm1hdAotICAgIEJJTyogYmlvID0gQklPX25l dyhCSU9fc19tZW0oKSk7CisgICAgYm9vbCBvayA9IHRydWU7CisgICAgU1RBQ0tfT0YoWDUwOSkq IGNlcnRzID0gWDUwOV9TVE9SRV9DVFhfZ2V0MV9jaGFpbihjdHgpOworICAgIGZvciAoaW50IGkg PSAwOyBpIDwgc2tfWDUwOV9udW0oY2VydHMpOyBpKyspIHsKKyAgICAgICAgWDUwOSogdUNlcnQg PSBza19YNTA5X3ZhbHVlKGNlcnRzLCBpKTsKKyAgICAgICAgQklPKiBiaW8gPSBCSU9fbmV3KEJJ T19zX21lbSgpKTsKKyAgICAgICAgaW50IHJlcyA9IFBFTV93cml0ZV9iaW9fWDUwOShiaW8sIHVD ZXJ0KTsKKyAgICAgICAgaWYgKCFyZXMpIHsKKyAgICAgICAgICAgIG9rID0gZmFsc2U7CisgICAg ICAgICAgICBCSU9fZnJlZShiaW8pOworICAgICAgICAgICAgYnJlYWs7CisgICAgICAgIH0KIAot ICAgIGludCByZXMgPSBQRU1fd3JpdGVfYmlvX1g1MDkoYmlvLCBlcnJDZXJ0KTsKLSAgICBpZiAo IXJlcykgewotICAgICAgICBCSU9fZnJlZShiaW8pOwotICAgICAgICByZXR1cm4gZmFsc2U7Ci0g ICAgfQorICAgICAgICB1bnNpZ25lZCBjaGFyKiBjZXJ0aWZpY2F0ZURhdGE7CisgICAgICAgIGxv bmcgbGVuZ3RoID0gQklPX2dldF9tZW1fZGF0YShiaW8sICZjZXJ0aWZpY2F0ZURhdGEpOworICAg ICAgICBpZiAobGVuZ3RoIDwgMCkgeworICAgICAgICAgICAgb2sgPSBmYWxzZTsKKyAgICAgICAg ICAgIEJJT19mcmVlKGJpbyk7CisgICAgICAgICAgICBicmVhazsKKyAgICAgICAgfQogCi0gICAg dW5zaWduZWQgY2hhciogZGF0YTsKLSAgICBsb25nIGxlbiA9IEJJT19nZXRfbWVtX2RhdGEoYmlv LCAmZGF0YSk7Ci0gICAgaWYgKGxlbiA8IDApIHsKKyAgICAgICAgY2VydGlmaWNhdGVEYXRhW2xl bmd0aF0gPSAnXDAnOworICAgICAgICBTdHJpbmcgY2VydGlmaWNhdGUgPSBjZXJ0aWZpY2F0ZURh dGE7CisgICAgICAgIGNlcnRpZmljYXRlcy5hZGQoY2VydGlmaWNhdGUpOwogICAgICAgICBCSU9f ZnJlZShiaW8pOwotICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgfQotCi0gICAgZGF0YVtsZW5d ID0gJ1wwJzsKLSAgICBjZXJ0aWZpY2F0ZSA9IGRhdGE7Ci0gICAgQklPX2ZyZWUoYmlvKTsKLSAg ICByZXR1cm4gdHJ1ZTsKKyAgICAgICAgc2tfWDUwOV9wb3BfZnJlZShjZXJ0cywgWDUwOV9mcmVl KTsKKyAgICAgICAgcmV0dXJuIG9rOwogfQogI2VuZGlmCiAKQEAgLTE2NiwxMCArMTc2LDEwIEBA IHN0YXRpYyBpbnQgY2VydFZlcmlmeUNhbGxiYWNrKGludCBvaywgWDUwOV9TVE9SRV9DVFgqIGN0 eCkKICAgICBIYXNoTWFwPFN0cmluZywgU3RyaW5nPjo6aXRlcmF0b3IgaXQgPSBhbGxvd2VkSG9z dHMuZmluZChob3N0KTsKICAgICBvayA9IChpdCAhPSBhbGxvd2VkSG9zdHMuZW5kKCkpOwogI2Vs c2UKLSAgICBTdHJpbmcgY2VydGlmaWNhdGU7Ci0gICAgaWYgKCFwZW1EYXRhKGN0eCwgY2VydGlm aWNhdGUpKQorICAgIEhhc2hTZXQ8U3RyaW5nPiBjZXJ0aWZpY2F0ZXM7CisgICAgaWYgKCFwZW1E YXRhKGN0eCwgY2VydGlmaWNhdGVzKSkKICAgICAgICAgcmV0dXJuIDA7Ci0gICAgb2sgPSBzc2xJ Z25vcmVIVFRQU0NlcnRpZmljYXRlKGhvc3QubG93ZXIoKSwgY2VydGlmaWNhdGUpOworICAgIG9r ID0gc3NsSWdub3JlSFRUUFNDZXJ0aWZpY2F0ZShob3N0Lmxvd2VyKCksIGNlcnRpZmljYXRlcyk7 CiAjZW5kaWYKIAogICAgIGlmIChvaykgewo=