| Index: net/spdy/header_coalescer.cc
|
| diff --git a/net/spdy/header_coalescer.cc b/net/spdy/header_coalescer.cc
|
| index 497c07991983a5423c77a16b6e4178d74736521d..03633cc61299f2a4a21c92843455fb0d8b1e517f 100644
|
| --- a/net/spdy/header_coalescer.cc
|
| +++ b/net/spdy/header_coalescer.cc
|
| @@ -7,6 +7,7 @@
|
| #include <utility>
|
|
|
| #include "base/strings/string_util.h"
|
| +#include "net/http/http_util.h"
|
| #include "net/spdy/platform/api/spdy_estimate_memory_usage.h"
|
|
|
| namespace net {
|
| @@ -24,22 +25,29 @@ void HeaderCoalescer::OnHeader(base::StringPiece key, base::StringPiece value) {
|
| return;
|
| }
|
|
|
| - // 32 byte overhead according to RFC 7540 Section 6.5.2.
|
| - header_list_size_ += key.size() + value.size() + 32;
|
| - if (header_list_size_ > kMaxHeaderListSize) {
|
| - error_seen_ = true;
|
| - return;
|
| - }
|
| -
|
| + base::StringPiece key_name = key;
|
| if (key[0] == ':') {
|
| if (regular_header_seen_) {
|
| error_seen_ = true;
|
| return;
|
| }
|
| - } else {
|
| + key_name.remove_prefix(1);
|
| + } else if (!regular_header_seen_) {
|
| regular_header_seen_ = true;
|
| }
|
|
|
| + if (!HttpUtil::IsValidHeaderName(key_name)) {
|
| + error_seen_ = true;
|
| + return;
|
| + }
|
| +
|
| + // 32 byte overhead according to RFC 7540 Section 6.5.2.
|
| + header_list_size_ += key.size() + value.size() + 32;
|
| + if (header_list_size_ > kMaxHeaderListSize) {
|
| + error_seen_ = true;
|
| + return;
|
| + }
|
| +
|
| // End of line delimiter is forbidden according to RFC 7230 Section 3.2.
|
| // Line folding, RFC 7230 Section 3.2.4., is a special case of this.
|
| if (value.find("\r\n") != base::StringPiece::npos) {
|
|
|
Chromium Code Reviews
Issue 2710053002:
HTTP/2 Check header names in HeaderCoalescer (Closed)
