| Summary: | Add Windows implementation of PlatformCertificateInfo | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Sam Weinig <sam> | ||||
| Component: | WebKit2 | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | aroben, webkit.review.bot | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | PC | ||||||
| OS: | Windows XP | ||||||
| Attachments: |
|
||||||
|
Description
Sam Weinig
2010-09-23 23:27:28 PDT
Created attachment 68653 [details]
Patch
Attachment 68653 [details] did not pass style-queue:
Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1
WebKit2/Shared/win/PlatformCertificateInfo.h:30: Code inside a namespace should not be indented. [whitespace/indent] [4]
WebKit2/Shared/win/PlatformCertificateInfo.cpp:26: Found header this file implements before WebCore config.h. Should be: config.h, primary header, blank line, and then alphabetically sorted. [build/include_order] [4]
WebKit2/UIProcess/API/C/win/WKCertificateInfoWin.cpp:26: Found header this file implements before WebCore config.h. Should be: config.h, primary header, blank line, and then alphabetically sorted. [build/include_order] [4]
Total errors found: 3 in 7 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 68653 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=68653&action=review > WebKit2/Shared/win/PlatformCertificateInfo.cpp:54 > + RetainPtr<CFDictionaryRef> certificateInfo = wkGetSSLCertificateInfo(cfResponse); > + if (!certificateInfo) > + return; Why the RetainPtr? There's no need to retain/release the dictionary in this function. > WebKit2/Shared/win/PlatformCertificateInfo.cpp:60 > + m_certificateContext = CertDuplicateCertificateContext((PCCERT_CONTEXT)data); static_cast would be nicer. Seems like this file needs a sprinkling of :: on the CryptoAPI calls. > WebKit2/Shared/win/PlatformCertificateInfo.cpp:118 > + nameSize = CertGetNameString(certificate, dwType, 0, pvTypePara, 0, 0); > + if (!nameSize) > + return 0; > + OwnArrayPtr<WCHAR> name(new WCHAR[nameSize - 1]); > + CertGetNameString(certificate, dwType, 0, pvTypePara, name.get(), nameSize); I think you're causing a buffer overrun here. You're telling CertGetNameString that the buffer is nameSize characters long, but it's only nameSize - 1 characters long! You should also use ::CertGetNameStringW. (In reply to comment #3) > (From update of attachment 68653 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=68653&action=review > > > WebKit2/Shared/win/PlatformCertificateInfo.cpp:54 > > + RetainPtr<CFDictionaryRef> certificateInfo = wkGetSSLCertificateInfo(cfResponse); > > + if (!certificateInfo) > > + return; > > Why the RetainPtr? There's no need to retain/release the dictionary in this function. Quite true. Removed. > > > WebKit2/Shared/win/PlatformCertificateInfo.cpp:60 > > + m_certificateContext = CertDuplicateCertificateContext((PCCERT_CONTEXT)data); > > static_cast would be nicer. > > Seems like this file needs a sprinkling of :: on the CryptoAPI calls. > Fixed both. > > WebKit2/Shared/win/PlatformCertificateInfo.cpp:118 > > + nameSize = CertGetNameString(certificate, dwType, 0, pvTypePara, 0, 0); > > + if (!nameSize) > > + return 0; > > + OwnArrayPtr<WCHAR> name(new WCHAR[nameSize - 1]); > > + CertGetNameString(certificate, dwType, 0, pvTypePara, name.get(), nameSize); > > I think you're causing a buffer overrun here. You're telling CertGetNameString that the buffer is nameSize characters long, but it's only nameSize - 1 characters long! > > You should also use ::CertGetNameStringW. Ok. This was debugging code I stole from somewhere else, but I will fix it. |