-
Vlad Tsyrklevich authored
Because CertVerifyProcNSS dynamically resolves a pointer to the function CERT_CacheOCSPResponseFromSideChannel(), Control Flow Integrity [1] indirect call (cfi-icall) checking can not verify that it is the intended target for that function pointer call site. Since we can not use cfi-icall to check the function pointer, instead we place the pointer in ProtectedMemory, a wrapper for keeping variables in read-only memory except for when they are initialized. After setting the pointer in protected memory we can use the UnsanitizedCfiCall wrapper to disable cfi-icall checking when calling it since we know it can not be tampered with. [1] https://www.chromium.org/developers/testing/control-flow-integrity Bug: 771365 Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: I5d65b3591681f3daa917b6516eec1e5e47513d12 Reviewed-on: https://chromium-review.googlesource.com/765098Reviewed-by:
Peter Collingbourne <pcc@chromium.org> Reviewed-by:
Eric Roman <eroman@chromium.org> Commit-Queue: Peter Collingbourne <pcc@chromium.org> Cr-Commit-Position: refs/heads/master@{#517169}
d0de1771
