[Webkit-unassigned] [Bug 46450] Add Windows implementation of PlatformCertificateInfo
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 24 09:02:04 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=46450
--- Comment #4 from Sam Weinig <sam at webkit.org> 2010-09-24 09:02:04 PST ---
(In reply to comment #3)
> (From update of attachment 68653 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=68653&action=review
>
> > WebKit2/Shared/win/PlatformCertificateInfo.cpp:54
> > + RetainPtr<CFDictionaryRef> certificateInfo = wkGetSSLCertificateInfo(cfResponse);
> > + if (!certificateInfo)
> > + return;
>
> Why the RetainPtr? There's no need to retain/release the dictionary in this function.
Quite true. Removed.
>
> > WebKit2/Shared/win/PlatformCertificateInfo.cpp:60
> > + m_certificateContext = CertDuplicateCertificateContext((PCCERT_CONTEXT)data);
>
> static_cast would be nicer.
>
> Seems like this file needs a sprinkling of :: on the CryptoAPI calls.
>
Fixed both.
> > WebKit2/Shared/win/PlatformCertificateInfo.cpp:118
> > + nameSize = CertGetNameString(certificate, dwType, 0, pvTypePara, 0, 0);
> > + if (!nameSize)
> > + return 0;
> > + OwnArrayPtr<WCHAR> name(new WCHAR[nameSize - 1]);
> > + CertGetNameString(certificate, dwType, 0, pvTypePara, name.get(), nameSize);
>
> I think you're causing a buffer overrun here. You're telling CertGetNameString that the buffer is nameSize characters long, but it's only nameSize - 1 characters long!
>
> You should also use ::CertGetNameStringW.
Ok. This was debugging code I stole from somewhere else, but I will fix it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list