Issue 7645010: Fix security bug that allowed invalid header fields to be injected by

Issue 7645010: Fix security bug that allowed invalid header fields to be injected by (Closed)

Created:
9 years, 4 months ago by bbudge

Modified:
9 years, 4 months ago

Reviewers:
darin (slow to review), brettw, commit-bot: I haz the power

CC:
chromium-reviews, darin-cc_chromium.org, Paweł Hajdan Jr.

Base URL:
svn://svn.chromium.org/chrome/trunk/src/

Visibility:
Public.

Description

Fix security bug that allowed invalid header fields to be injected by setting the HTTP method to a multi-line string. BUG= http://code.google.com/p/nativeclient/issues/detail?id=2024 TEST=TestShellTests, url_request_info_unittest.cc Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=96888

Patch Set 2 : '' #

Total comments: 1

Created: 9 years, 4 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+93 lines, -2 lines)			Patch
	M	webkit/plugins/ppapi/ppb_url_request_info_impl.cc	View	1	2 chunks	+67 lines, -2 lines	1 comment	Download
	M	webkit/plugins/ppapi/url_request_info_unittest.cc	View		1 chunk	+26 lines, -0 lines	0 comments	Download

Messages

Total messages: 8 (0 generated)

Expand Messages | Collapse Messages

bbudge

http://codereview.chromium.org/7645010/diff/1/webkit/plugins/ppapi/ppb_url_request_info_impl.cc File webkit/plugins/ppapi/ppb_url_request_info_impl.cc (right): http://codereview.chromium.org/7645010/diff/1/webkit/plugins/ppapi/ppb_url_request_info_impl.cc#newcode74 webkit/plugins/ppapi/ppb_url_request_info_impl.cc:74: // converted to upper-case. This isn't quite true; this ...

9 years, 4 months ago (2011-08-13 00:00:41 UTC) #2

brettw

9 years, 4 months ago (2011-08-14 18:30:42 UTC) #3

bbudge

9 years, 4 months ago (2011-08-15 15:03:52 UTC) #4

brettw

LGTM with improved comment. http://codereview.chromium.org/7645010/diff/1/webkit/plugins/ppapi/ppb_url_request_info_impl.cc File webkit/plugins/ppapi/ppb_url_request_info_impl.cc (right): http://codereview.chromium.org/7645010/diff/1/webkit/plugins/ppapi/ppb_url_request_info_impl.cc#newcode74 webkit/plugins/ppapi/ppb_url_request_info_impl.cc:74: // converted to upper-case. No, ...

9 years, 4 months ago (2011-08-15 15:54:56 UTC) #5

darin (slow to review)

http://codereview.chromium.org/7645010/diff/6001/webkit/plugins/ppapi/ppb_url_request_info_impl.cc File webkit/plugins/ppapi/ppb_url_request_info_impl.cc (right): http://codereview.chromium.org/7645010/diff/6001/webkit/plugins/ppapi/ppb_url_request_info_impl.cc#newcode47 webkit/plugins/ppapi/ppb_url_request_info_impl.cc:47: bool IsValidToken(const std::string& token) { It makes me a ...

9 years, 4 months ago (2011-08-16 05:23:47 UTC) #7

bbudge

9 years, 4 months ago (2011-08-16 12:40:07 UTC) #8

On 2011/08/16 05:23:47, darin wrote:
>
http://codereview.chromium.org/7645010/diff/6001/webkit/plugins/ppapi/ppb_url...
> File webkit/plugins/ppapi/ppb_url_request_info_impl.cc (right):
> 
>
http://codereview.chromium.org/7645010/diff/6001/webkit/plugins/ppapi/ppb_url...
> webkit/plugins/ppapi/ppb_url_request_info_impl.cc:47: bool IsValidToken(const
> std::string& token) {
> It makes me a bit sad to see this validation code replicated here from webkit.

> an alternative would be to create a webkit API to invoke these validation
> routines.
> 
> Or, we could even put this validation logic behind AssociatedURLLoader with an
> option to disable it.

I agree. I'll look for a good place to put this.

Expand Messages | Collapse Messages