Refactor CommonNameMismatchHandler to check null response head

Bug: 842484
Test: CommonNameMismatchBrowserTest.NoCrashIfBothSubdomainsHaveCommonNameErrors
Change-Id: I6551dfbc129a544e449040c12a30236c6a57efe8
Reviewed-on: https://chromium-review.googlesource.com/1057417Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Commit-Queue: Mark Pilgrim <pilgrim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#558365}

chrome/browser/ssl/common_name_mismatch_handler.cc

@@ -123,15 +123,9 @@ void CommonNameMismatchHandler::Cancel() {
   check_url_callback_.Reset();
 }
 
-void CommonNameMismatchHandler::OnSimpleLoaderRedirect(
-    const net::RedirectInfo& redirect_info,
-    const network::ResourceResponseHead& response_head) {
-  OnSimpleLoaderResponseStarted(redirect_info.new_url, response_head);
-}
-
-void CommonNameMismatchHandler::OnSimpleLoaderResponseStarted(
+void CommonNameMismatchHandler::OnSimpleLoaderHandler(
     const GURL& final_url,
-    const network::ResourceResponseHead& response_head) {
+    const network::ResourceResponseHead* head) {
   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
   DCHECK(IsCheckingSuggestedUrl());
   DCHECK(!check_url_callback_.is_null());
@@ -140,8 +134,9 @@ void CommonNameMismatchHandler::OnSimpleLoaderResponseStarted(
 
   // Make sure the URL is a HTTPS page and returns a proper response code.
   int response_code = -1;
-  if (response_head.headers) {
-    response_code = response_head.headers->response_code();
+  // head may be null here, if called from OnSimpleLoaderComplete.
+  if (head && head->headers) {
+    response_code = head->headers->response_code();
   }
   if (response_code == 200 && final_url.SchemeIsCryptographic() &&
       final_url.host() != request_url_.host()) {
@@ -152,10 +147,22 @@ void CommonNameMismatchHandler::OnSimpleLoaderResponseStarted(
   base::ResetAndReturn(&check_url_callback_).Run(result, check_url_);
 }
 
+void CommonNameMismatchHandler::OnSimpleLoaderRedirect(
+    const net::RedirectInfo& redirect_info,
+    const network::ResourceResponseHead& response_head) {
+  OnSimpleLoaderHandler(redirect_info.new_url, &response_head);
+}
+
+void CommonNameMismatchHandler::OnSimpleLoaderResponseStarted(
+    const GURL& final_url,
+    const network::ResourceResponseHead& response_head) {
+  OnSimpleLoaderHandler(final_url, &response_head);
+}
+
 void CommonNameMismatchHandler::OnSimpleLoaderComplete(
     std::unique_ptr<std::string> response_body) {
-  OnSimpleLoaderResponseStarted(simple_url_loader_->GetFinalURL(),
-                                *simple_url_loader_->ResponseInfo());
+  OnSimpleLoaderHandler(simple_url_loader_->GetFinalURL(),
+                        simple_url_loader_->ResponseInfo());
 }
 
 bool CommonNameMismatchHandler::IsCheckingSuggestedUrl() const {

chrome/browser/ssl/common_name_mismatch_handler.h

@@ -77,6 +77,8 @@ class CommonNameMismatchHandler {
   void Cancel();
 
  private:
+  void OnSimpleLoaderHandler(const GURL& final_url,
+                             const network::ResourceResponseHead* head);
   void OnSimpleLoaderRedirect(
       const net::RedirectInfo& redirect_info,
       const network::ResourceResponseHead& response_head);

chrome/browser/ssl/ssl_browsertest.cc

@@ -5147,6 +5147,59 @@ IN_PROC_BROWSER_TEST_P(CommonNameMismatchBrowserTest,
             contents->GetLastCommittedURL().spec());
 }
 
+// Visit the URL www.mail.example.com on a server that presents an invalid
+// certificate for mail.example.com. Verify that the page shows an interstitial
+// for www.mail.example.com with no crash.
+IN_PROC_BROWSER_TEST_P(CommonNameMismatchBrowserTest,
+                       NoCrashIfBothSubdomainsHaveCommonNameErrors) {
+  net::EmbeddedTestServer https_server_example_domain(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_server_example_domain.ServeFilesFromSourceDirectory(
+      base::FilePath(kDocRoot));
+  ASSERT_TRUE(https_server_example_domain.Start());
+
+  scoped_refptr<net::X509Certificate> cert =
+      https_server_example_domain.GetCertificate();
+
+  // Use the "spdy_pooling.pem" cert which has "mail.example.com"
+  // as one of its SANs.
+  net::CertVerifyResult verify_result;
+  verify_result.verified_cert =
+      net::ImportCertFromFile(net::GetTestCertsDirectory(), "spdy_pooling.pem");
+  verify_result.cert_status = net::CERT_STATUS_COMMON_NAME_INVALID;
+
+  // Request to "www.mail.example.com" should result in
+  // |net::ERR_CERT_COMMON_NAME_INVALID| error.
+  mock_cert_verifier()->AddResultForCertAndHost(
+      cert.get(), "www.mail.example.com", verify_result,
+      net::ERR_CERT_COMMON_NAME_INVALID);
+
+  // Request to "mail.example.com" should also result in
+  // |net::ERR_CERT_COMMON_NAME_INVALID| error.
+  mock_cert_verifier()->AddResultForCertAndHost(
+      cert.get(), "mail.example.com", verify_result,
+      net::ERR_CERT_COMMON_NAME_INVALID);
+
+  // Use a complex URL to ensure the path, etc., are preserved. The path itself
+  // does not matter.
+  const GURL https_server_url =
+      https_server_example_domain.GetURL("/ssl/google.html?a=b#anchor");
+  GURL::Replacements replacements;
+  replacements.SetHostStr("www.mail.example.com");
+  const GURL https_server_mismatched_url =
+      https_server_url.ReplaceComponents(replacements);
+
+  // Should simply show an interstitial, because both subdomains have common
+  // name errors.
+  WebContents* contents = browser()->tab_strip_model()->GetActiveWebContents();
+  ui_test_utils::NavigateToURL(browser(), https_server_mismatched_url);
+  WaitForInterstitial(contents);
+
+  CheckSecurityState(contents, net::CERT_STATUS_COMMON_NAME_INVALID,
+                     security_state::DANGEROUS,
+                     AuthState::SHOWING_INTERSTITIAL);
+}
+
 // Visit the URL example.org on a server that presents a valid certificate
 // for www.example.org. Verify that the page redirects to www.example.org.
 IN_PROC_BROWSER_TEST_P(CommonNameMismatchBrowserTest,