-
Vlad Tsyrklevich authored
This reverts commit d0de1771. Reason for revert: speculative revert, this might cause hangs on Linux component builds due to linker symbol resolution issues. Original change's description: > [CFI] Use ProtectedMemory in CertVerifyProcNSS > > Because CertVerifyProcNSS dynamically resolves a pointer to the function > CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1] > indirect call (cfi-icall) checking can not verify that it is the > intended target for that function pointer call site. > > Since we can not use cfi-icall to check the function pointer, instead we > place the pointer in ProtectedMemory, a wrapper for keeping variables in > read-only memory except for when they are initialized. After setting the > pointer in protected memory we can use the UnsanitizedCfiCall wrapper to > disable cfi-icall checking when calling it since we know it can not be > tampered with. > > [1] https://www.chromium.org/developers/testing/control-flow-integrity > > Bug: 771365 > Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet > Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12 > Reviewed-on: https://chromium-review.googlesource.com/765098 > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Eric Roman <eroman@chromium.org> > Commit-Queue: Peter Collingbourne <pcc@chromium.org> > Cr-Commit-Position: refs/heads/master@{#517169} TBR=eroman@chromium.org,pcc@chromium.org,vtsyrklevich@chromium.org Change-Id: I2d9a65fd6284c2cf954b46588d70fd1fa6292014 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 771365 Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet Reviewed-on: https://chromium-review.googlesource.com/775595Reviewed-by:
Peter Collingbourne <pcc@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#517223}
63e4d43d
