Temporary fix to prevent the DRP from being activated improperly.

chrome/browser/net/pref_proxy_config_tracker_impl.cc

Index: chrome/browser/net/pref_proxy_config_tracker_impl.cc
diff --git a/chrome/browser/net/pref_proxy_config_tracker_impl.cc b/chrome/browser/net/pref_proxy_config_tracker_impl.cc
index b7d0d3aa20eed9e84df81d8d4ed24ac25734946e..1e49a887cb2e1e44ed6296c3e4950649821f5851 100644
--- a/chrome/browser/net/pref_proxy_config_tracker_impl.cc
+++ b/chrome/browser/net/pref_proxy_config_tracker_impl.cc
@@ -7,6 +7,7 @@
 #include "base/bind.h"
 #include "base/prefs/pref_registry_simple.h"
 #include "base/prefs/pref_service.h"
+#include "base/strings/string_util.h"
 #include "base/values.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/prefs/proxy_config_dictionary.h"
@@ -15,9 +16,65 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_source.h"
+#include "net/proxy/proxy_list.h"
+#include "net/proxy/proxy_server.h"
 
 using content::BrowserThread;
 
+namespace {
+
+// Determine if |proxy| is of the form "*.googlezip.net".
+bool IsGooglezipDataReductionProxy(const net::ProxyServer& proxy) {
+  return proxy.is_valid() && !proxy.is_direct() &&
+         EndsWith(proxy.host_port_pair().host(), ".googlezip.net", true);
+}
+
+// Removes any Data Reduction Proxies like *.googlezip.net from |proxy_list|.
+void RemoveGooglezipDataReductionProxiesFromList(net::ProxyList* proxy_list) {
+  if (proxy_list->IsEmpty())
+    return;
+
+  bool found_googlezip_proxy = false;
+  for (const net::ProxyServer& proxy : proxy_list->GetAll()) {
+    if (IsGooglezipDataReductionProxy(proxy)) {
+      found_googlezip_proxy = true;
+      break;
+    }
+  }
+  if (!found_googlezip_proxy)
+    return;
+
+  net::ProxyList replacement_list;
+  for (const net::ProxyServer& proxy : proxy_list->GetAll())

[eroman, 2015/05/12 03:13:53]

can you put curlies around this?

[sclittle, 2015/05/12 03:30:00]

Done.

+    if (!IsGooglezipDataReductionProxy(proxy))
+      replacement_list.AddProxyServer(proxy);
+
+  if (replacement_list.IsEmpty())
+    replacement_list.AddProxyServer(net::ProxyServer::Direct());
+  *proxy_list = replacement_list;
+}
+
+// Remove any Data Reduction Proxies like *.googlezip.net from |proxy_rules|.
+// This is to prevent a Data Reduction Proxy from being activated in an
+// unsupported way, such as from a proxy pref, which could cause Chrome to use
+// the Data Reduction Proxy without adding any of the necessary authentication
+// headers or applying the Data Reduction Proxy bypass logic. See
+// http://crbug.com/476610.
+// TODO(sclittle): Add UMA to record how often this method is called, and how
+// often it actually removes a *.googlezip.net proxy. This method should be
+// removed once it stops actually finding and removing *.googlezip.net proxies
+// from the proxy rules.
+void RemoveGooglezipDataReductionProxies(
+    net::ProxyConfig::ProxyRules* proxy_rules) {
+  RemoveGooglezipDataReductionProxiesFromList(&proxy_rules->fallback_proxies);
+  RemoveGooglezipDataReductionProxiesFromList(&proxy_rules->proxies_for_ftp);
+  RemoveGooglezipDataReductionProxiesFromList(&proxy_rules->proxies_for_http);
+  RemoveGooglezipDataReductionProxiesFromList(&proxy_rules->proxies_for_https);
+  RemoveGooglezipDataReductionProxiesFromList(&proxy_rules->single_proxies);
+}
+
+}  // namespace
+
 //============================= ChromeProxyConfigService =======================
 
 ChromeProxyConfigService::ChromeProxyConfigService(
@@ -179,25 +236,37 @@ net::ProxyConfigService::ConfigAvailability
         bool ignore_fallback_config,
         ProxyPrefs::ConfigState* effective_config_state,
         net::ProxyConfig* effective_config) {
+  net::ProxyConfigService::ConfigAvailability rv;
   *effective_config_state = pref_state;
 
   if (PrefPrecedes(pref_state)) {
     *effective_config = pref_config;
-    return net::ProxyConfigService::CONFIG_VALID;
-  }
-
-  // If there's no system proxy config, fall back to prefs or default.
-  if (system_availability == net::ProxyConfigService::CONFIG_UNSET) {
+    rv = net::ProxyConfigService::CONFIG_VALID;
+  } else if (system_availability == net::ProxyConfigService::CONFIG_UNSET) {
+    // If there's no system proxy config, fall back to prefs or default.
     if (pref_state == ProxyPrefs::CONFIG_FALLBACK && !ignore_fallback_config)
       *effective_config = pref_config;
     else
       *effective_config = net::ProxyConfig::CreateDirect();
-    return net::ProxyConfigService::CONFIG_VALID;
+    rv = net::ProxyConfigService::CONFIG_VALID;
+  } else {
+    *effective_config_state = ProxyPrefs::CONFIG_SYSTEM;
+    *effective_config = system_config;
+    rv = system_availability;
   }
 
-  *effective_config_state = ProxyPrefs::CONFIG_SYSTEM;
-  *effective_config = system_config;
-  return system_availability;
+  // Remove any Data Reduction Proxies like *.googlezip.net from the proxy
+  // config rules, since specifying a DRP in the proxy rules is not a supported
+  // means of activating the DRP, and could cause requests to be sent to the DRP
+  // without the appropriate authentication headers and without using any of the
+  // DRP bypass logic. This prevents the Data Reduction Proxy from being
+  // improperly activated via the proxy pref.
+  // TODO(sclittle): This is a temporary hotfix for http://crbug.com/476610, and

[eroman, 2015/05/12 03:13:53]

not sure what "hotfix" is supposed to mean. In my mind a hotfix is a patch you
apply to a live system, which doesn't seem relevant here. How about just calling
this either a "fix" or a "hack"

[sclittle, 2015/05/12 03:30:00]

Done.

+  // should be removed once that bug is fixed and verified.
+  if (rv == net::ProxyConfigService::CONFIG_VALID)
+    RemoveGooglezipDataReductionProxies(&effective_config->proxy_rules());
+
+  return rv;
 }
 
 // static