Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2268423004:
Revert of Make calling SetHeader() with invalid value fatal (Closed)
DescriptionRevert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ )
Reason for revert:
This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point.
Original issue's description:
> Make calling SetHeader() with invalid value fatal
>
> crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject
> individual CR and NL as well as CRNL.
>
> I believe that all callers of net::HttpRequestHeaders::SetHeader() and
> SetHeaderIfMissing() which use user-supplied values already verify the
> value with IsValidHeaderValue() first. However, to be sure, temporarily
> make it a fatal error to call SetHeader() with an invalid value.
>
> If you see a crash attributed to this CL:
>
> 1. Associate it with the bug.
> 2. Follow the stack flow to work out how untrusted data ended up
> being passed to SetHeader().
> 3. Add a call to IsValidHeaderValue() at the point where the untrusted
> data was introduced. A tighter check such as IsToken() may be appopriate.
>
> BUG=627398
>
> Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9
> Cr-Commit-Position: refs/heads/master@{#405702}
R=mmenke@chromium.org
# Not skipping CQ checks because original CL landed more than 1 days ago.
BUG=627398
Committed: https://crrev.com/6c2cdfb89375fe0734615bd8081283d25fb0aad5
Cr-Commit-Position: refs/heads/master@{#414633}
Patch Set 1 #
Messages
Total messages: 18 (10 generated)
Created Revert of Make calling SetHeader() with invalid value fatal
Description was changed from ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} TBR=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 ========== to ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} R=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 ==========
The CQ bit was checked by ricea@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
On 2016/08/24 02:52:09, Adam Rice wrote: > Created Revert of Make calling SetHeader() with invalid value fatal LGTM. Sorry for the delay, thought you just TBRed this.
The CQ bit was checked by mmenke@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by ricea@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
On 2016/08/25 19:31:08, mmenke (busy) wrote: > LGTM. Sorry for the delay, thought you just TBRed this. Sorry for the confusion. That's probably what I should have done.
Message was sent while issue was closed.
Description was changed from ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} R=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 ========== to ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} R=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Description was changed from ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} R=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 ========== to ========== Revert of Make calling SetHeader() with invalid value fatal (patchset #1 id:1 of https://codereview.chromium.org/2143903002/ ) Reason for revert: This CL has served its purpose of finding bad callers of SetHeader() and should be reverted before the branch point. Original issue's description: > Make calling SetHeader() with invalid value fatal > > crrev.com/2134083003 made net::HttpUtil::IsValidHeaderValue() reject > individual CR and NL as well as CRNL. > > I believe that all callers of net::HttpRequestHeaders::SetHeader() and > SetHeaderIfMissing() which use user-supplied values already verify the > value with IsValidHeaderValue() first. However, to be sure, temporarily > make it a fatal error to call SetHeader() with an invalid value. > > If you see a crash attributed to this CL: > > 1. Associate it with the bug. > 2. Follow the stack flow to work out how untrusted data ended up > being passed to SetHeader(). > 3. Add a call to IsValidHeaderValue() at the point where the untrusted > data was introduced. A tighter check such as IsToken() may be appopriate. > > BUG=627398 > > Committed: https://crrev.com/c5c1a790acc423f359c22641ac2ab0f3f9e6d7a9 > Cr-Commit-Position: refs/heads/master@{#405702} R=mmenke@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=627398 Committed: https://crrev.com/6c2cdfb89375fe0734615bd8081283d25fb0aad5 Cr-Commit-Position: refs/heads/master@{#414633} ==========
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/6c2cdfb89375fe0734615bd8081283d25fb0aad5 Cr-Commit-Position: refs/heads/master@{#414633} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
