OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_stream_parser.h" | 5 #include "net/http/http_stream_parser.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 950 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
961 if (response_header_start_offset_ >= 0) { | 961 if (response_header_start_offset_ >= 0) { |
962 received_bytes_ += end_offset; | 962 received_bytes_ += end_offset; |
963 headers = new HttpResponseHeaders( | 963 headers = new HttpResponseHeaders( |
964 HttpUtil::AssembleRawHeaders(read_buf_->StartOfBuffer(), end_offset)); | 964 HttpUtil::AssembleRawHeaders(read_buf_->StartOfBuffer(), end_offset)); |
965 } else { | 965 } else { |
966 // Enough data was read -- there is no status line, so this is HTTP/0.9, or | 966 // Enough data was read -- there is no status line, so this is HTTP/0.9, or |
967 // the server is broken / doesn't speak HTTP. | 967 // the server is broken / doesn't speak HTTP. |
968 | 968 |
969 // If the port is not the default for the scheme, assume it's not a real | 969 // If the port is not the default for the scheme, assume it's not a real |
970 // HTTP/0.9 response, and fail the request. | 970 // HTTP/0.9 response, and fail the request. |
971 // TODO(crbug.com/624462): Further restrict the cases in which we allow | 971 base::StringPiece scheme = request_->url.scheme_piece(); |
972 // HTTP/0.9. | |
973 std::string scheme(request_->url.scheme()); | |
974 if (!http_09_on_non_default_ports_enabled_ && | 972 if (!http_09_on_non_default_ports_enabled_ && |
975 url::DefaultPortForScheme(scheme.c_str(), scheme.length()) != | 973 url::DefaultPortForScheme(scheme.data(), scheme.length()) != |
976 request_->url.EffectiveIntPort()) { | 974 request_->url.EffectiveIntPort()) { |
977 return ERR_INVALID_HTTP_RESPONSE; | 975 // Allow Shoutcast responses over HTTP, as it's somewhat common and relies |
| 976 // on HTTP/0.9 on weird ports to work. |
| 977 // See |
| 978 // https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/qS63pY
so4P0 |
| 979 if (read_buf_->offset() < 3 || scheme != "http" || |
| 980 !base::LowerCaseEqualsASCII( |
| 981 base::StringPiece(read_buf_->StartOfBuffer(), 3), "icy")) { |
| 982 return ERR_INVALID_HTTP_RESPONSE; |
| 983 } |
978 } | 984 } |
979 | 985 |
980 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK")); | 986 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK")); |
981 } | 987 } |
982 | 988 |
983 // Check for multiple Content-Length headers when the response is not | 989 // Check for multiple Content-Length headers when the response is not |
984 // chunked-encoded. If they exist, and have distinct values, it's a potential | 990 // chunked-encoded. If they exist, and have distinct values, it's a potential |
985 // response smuggling attack. | 991 // response smuggling attack. |
986 if (!headers->IsChunkEncoded()) { | 992 if (!headers->IsChunkEncoded()) { |
987 if (HeadersContainMultipleCopiesOfField(*headers, "Content-Length")) | 993 if (HeadersContainMultipleCopiesOfField(*headers, "Content-Length")) |
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1174 } | 1180 } |
1175 return false; | 1181 return false; |
1176 } | 1182 } |
1177 | 1183 |
1178 bool HttpStreamParser::SendRequestBuffersEmpty() { | 1184 bool HttpStreamParser::SendRequestBuffersEmpty() { |
1179 return request_headers_ == nullptr && request_body_send_buf_ == nullptr && | 1185 return request_headers_ == nullptr && request_body_send_buf_ == nullptr && |
1180 request_body_read_buf_ == nullptr; | 1186 request_body_read_buf_ == nullptr; |
1181 } | 1187 } |
1182 | 1188 |
1183 } // namespace net | 1189 } // namespace net |
OLD | NEW |