Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1074)

Side by Side Diff: net/http/http_request_headers.cc

Issue 2225933004: Avoid adding invalid headers in AddHeaderFromString (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_request_headers.h ('k') | net/http/http_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_request_headers.h" 5 #include "net/http/http_request_headers.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/strings/string_split.h" 10 #include "base/strings/string_split.h"
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 LOG(DFATAL) << "\"" << header_line << "\" is missing colon delimiter."; 125 LOG(DFATAL) << "\"" << header_line << "\" is missing colon delimiter.";
126 return; 126 return;
127 } 127 }
128 128
129 if (key_end_index == 0) { 129 if (key_end_index == 0) {
130 LOG(DFATAL) << "\"" << header_line << "\" is missing header key."; 130 LOG(DFATAL) << "\"" << header_line << "\" is missing header key.";
131 return; 131 return;
132 } 132 }
133 133
134 const base::StringPiece header_key(header_line.data(), key_end_index); 134 const base::StringPiece header_key(header_line.data(), key_end_index);
135 if (!HttpUtil::IsValidHeaderName(header_key)) {
136 LOG(DFATAL) << "\"" << header_line << "\" has invalid header key.";
137 return;
138 }
135 139
136 const std::string::size_type value_index = key_end_index + 1; 140 const std::string::size_type value_index = key_end_index + 1;
137 141
138 if (value_index < header_line.size()) { 142 if (value_index < header_line.size()) {
139 std::string header_value(header_line.data() + value_index, 143 base::StringPiece header_value(header_line.data() + value_index,
140 header_line.size() - value_index); 144 header_line.size() - value_index);
141 std::string::const_iterator header_value_begin = 145 header_value = HttpUtil::TrimLWS(header_value);
142 header_value.begin(); 146 if (!HttpUtil::IsValidHeaderValue(header_value)) {
143 std::string::const_iterator header_value_end = 147 LOG(DFATAL) << "\"" << header_line << "\" has invalid header value.";
144 header_value.end(); 148 return;
145 HttpUtil::TrimLWS(&header_value_begin, &header_value_end);
146
147 if (header_value_begin == header_value_end) {
148 // Value was all LWS.
149 SetHeader(header_key, "");
150 } else {
151 SetHeader(header_key,
152 base::StringPiece(&*header_value_begin,
153 header_value_end - header_value_begin));
154 } 149 }
150 SetHeader(header_key, header_value);
155 } else if (value_index == header_line.size()) { 151 } else if (value_index == header_line.size()) {
156 SetHeader(header_key, ""); 152 SetHeader(header_key, "");
157 } else { 153 } else {
158 NOTREACHED(); 154 NOTREACHED();
159 } 155 }
160 } 156 }
161 157
162 void HttpRequestHeaders::AddHeadersFromString( 158 void HttpRequestHeaders::AddHeadersFromString(
163 const base::StringPiece& headers) { 159 const base::StringPiece& headers) {
164 for (const base::StringPiece& header : base::SplitStringPieceUsingSubstr( 160 for (const base::StringPiece& header : base::SplitStringPieceUsingSubstr(
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
253 for (HeaderVector::const_iterator it = headers_.begin(); 249 for (HeaderVector::const_iterator it = headers_.begin();
254 it != headers_.end(); ++it) { 250 it != headers_.end(); ++it) {
255 if (base::EqualsCaseInsensitiveASCII(key, it->key)) 251 if (base::EqualsCaseInsensitiveASCII(key, it->key))
256 return it; 252 return it;
257 } 253 }
258 254
259 return headers_.end(); 255 return headers_.end();
260 } 256 }
261 257
262 } // namespace net 258 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_request_headers.h ('k') | net/http/http_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698