Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2143903002: Make calling SetHeader() with invalid value fatal (Closed)

Created:
4 years, 5 months ago by Adam Rice
Modified:
4 years, 5 months ago
Reviewers:
mmenke
CC:
chromium-reviews, cbentzel+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Make calling SetHeader() with invalid value fatal crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject individual CR and NL as well as CRNL. I believe that all callers of net::HttpRequestHeaders::SetHeader() and SetHeaderIfMissing() which use user-supplied values already verify the value with IsValidHeaderValue() first. However, to be sure, temporarily make it a fatal error to call SetHeader() with an invalid value. If you see a crash attributed to this CL: 1. Associate it with the bug. 2. Follow the stack flow to work out how untrusted data ended up being passed to SetHeader(). 3. Add a call to IsValidHeaderValue() at the point where the untrusted data was introduced. A tighter check such as IsToken() may be appopriate. BUG=627398 Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 Cr-Commit-Position: refs/heads/master@{#405702}

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -2 lines) Patch
M net/http/http_request_headers.cc View 2 chunks +4 lines, -2 lines 0 comments Download

Messages

Total messages: 15 (7 generated)
Adam Rice
+mmenke for //net OWNERS.
4 years, 5 months ago (2016-07-13 09:17:05 UTC) #5
Adam Rice
+mmenke for real this time.
4 years, 5 months ago (2016-07-15 04:06:56 UTC) #7
mmenke
On 2016/07/15 04:06:56, Adam Rice wrote: > +mmenke for real this time. LGTM
4 years, 5 months ago (2016-07-15 04:16:40 UTC) #8
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2143903002/1
4 years, 5 months ago (2016-07-15 04:17:23 UTC) #10
commit-bot: I haz the power
Committed patchset #1 (id:1)
4 years, 5 months ago (2016-07-15 05:26:38 UTC) #11
commit-bot: I haz the power
CQ bit was unchecked.
4 years, 5 months ago (2016-07-15 05:26:50 UTC) #12
commit-bot: I haz the power
Patchset 1 (id:??) landed as https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 Cr-Commit-Position: refs/heads/master@{#405702}
4 years, 5 months ago (2016-07-15 05:28:29 UTC) #14
Adam Rice
4 years, 4 months ago (2016-08-24 02:52:09 UTC) #15
Message was sent while issue was closed. 
A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/2268423004/ by ricea@chromium.org.

The reason for reverting is: This CL has served its purpose of finding bad
callers of SetHeader() and should be reverted before the branch point..

Powered by Google App Engine
This is Rietveld 408576698