Index: Source/platform/network/HTTPParsers.cpp |
diff --git a/Source/platform/network/HTTPParsers.cpp b/Source/platform/network/HTTPParsers.cpp |
index 29b7f5f2d128c47d16a63d16e8498d44dd6b0352..06aa4599b54bc1caf6ec37cb67db2b111c2ff4fa 100644 |
--- a/Source/platform/network/HTTPParsers.cpp |
+++ b/Source/platform/network/HTTPParsers.cpp |
@@ -107,21 +107,33 @@ static inline bool skipValue(const String& str, unsigned& pos) |
return pos != start; |
} |
-bool isValidHTTPHeaderValue(const String& name) |
+// See RFC 7230, Section 3.2.3. |
+bool isValidHTTPHeaderValue(const String& value) |
{ |
- // FIXME: This should really match name against |
- // field-value in section 4.2 of RFC 2616. |
+ UChar c = value[0]; |
tkent
2015/03/19 23:04:08
Looks this has an out-of-bound access issue
nit:
shiva.jm
2015/03/20 06:23:52
These looks ok, if we just have value.length(), it
|
+ if (c == ' ' || c == '\t') |
+ return false; |
+ |
+ c = value[value.length() - 1]; |
tkent
2015/03/19 23:04:08
c -> char lastCharacter
|
+ if (c == ' ' || c == '\t') |
+ return false; |
- return name.containsOnlyLatin1() && !name.contains('\r') && !name.contains('\n') && !name.contains(static_cast<UChar>('\0')); |
+ for (unsigned i = 0; i < value.length(); ++i) { |
+ c = value[i]; |
+ if (c == 0x7F || c > 0xFF || (c < 0x20 && c != '\t')) |
+ return false; |
tkent
2015/03/19 23:04:08
wrong indentation
shiva.jm
2015/03/20 06:23:52
Done.
|
+ } |
+ |
+ return true; |
} |
-// See RFC 2616, Section 2.2. |
-bool isValidHTTPToken(const String& characters) |
+// See RFC 7230, Section 3.2.6. |
+bool isValidHTTPToken(const String& value) |
{ |
- if (characters.isEmpty()) |
+ if (value.isEmpty()) |
return false; |
- for (unsigned i = 0; i < characters.length(); ++i) { |
- UChar c = characters[i]; |
+ for (unsigned i = 0; i < value.length(); ++i) { |
+ UChar c = value[i]; |
if (c <= 0x20 || c >= 0x7F |
|| c == '(' || c == ')' || c == '<' || c == '>' || c == '@' |
|| c == ',' || c == ';' || c == ':' || c == '\\' || c == '"' |