Issue 491123004: Make sure that HttpRequestHeaders contains valid key-value pairs.

Issue 491123004: Make sure that HttpRequestHeaders contains valid key-value pairs. (Closed)

Created:
6 years, 4 months ago by robwu

Modified:
6 years, 3 months ago

Reviewers:
jam, mmenke

CC:
chromium-reviews, benjhayden+dwatch_chromium.org, chromium-apps-reviews_chromium.org, cbentzel+watch_chromium.org, extensions-reviews_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Make sure that HttpRequestHeaders contains valid key-value pairs. Tracked down all uses of SetHeader() and SetHeaderIfMissing() and added input validation where necessary (using the new IsValidHeader{Name,Value} methods in http_util, moved from web_request_api_helpers). After that, I added a DCHECK which serves as documentation to the users of http_request_headers: The input must not contain illegal characters. BUG=390458 Committed: https://crrev.com/7aad4986b5ab03e70d7390e99f3f2e9da6b521ae Cr-Commit-Position: refs/heads/master@{#291761}

Patch Set 1 : #

Total comments: 2

Patch Set 2 : edit comment #

Created: 6 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+87 lines, -31 lines)			Patch
M	chrome/browser/extensions/api/declarative_webrequest/webrequest_action.cc	View		5 chunks	+8 lines, -7 lines	0 comments	Download
M	chrome/browser/extensions/api/downloads/downloads_api.h	View		1 chunk	+3 lines, -1 line	0 comments	Download
M	chrome/browser/extensions/api/downloads/downloads_api.cc	View		2 chunks	+12 lines, -2 lines	0 comments	Download
M	chrome/browser/extensions/api/downloads/downloads_api_browsertest.cc	View		2 chunks	+30 lines, -1 line	0 comments	Download
M	chrome/browser/extensions/api/web_request/web_request_api.cc	View		3 chunks	+3 lines, -2 lines	0 comments	Download
M	chrome/browser/extensions/api/web_request/web_request_api_helpers.h	View		1 chunk	+0 lines, -5 lines	0 comments	Download
M	chrome/browser/extensions/api/web_request/web_request_api_helpers.cc	View		1 chunk	+0 lines, -11 lines	0 comments	Download
M	chrome/common/chrome_content_client.cc	View		2 chunks	+7 lines, -2 lines	0 comments	Download
M	net/http/http_request_headers.cc	View		2 chunks	+4 lines, -0 lines	0 comments	Download
M	net/http/http_util.h	View	1	1 chunk	+7 lines, -0 lines	0 comments	Download
M	net/http/http_util.cc	View		1 chunk	+13 lines, -0 lines	0 comments	Download

Messages

Total messages: 10 (0 generated)

Expand Messages | Collapse Messages

robwu

mmenke: Could you review my changes to net? Jam: As a part of this CL ...

6 years, 4 months ago (2014-08-24 10:30:15 UTC) #1

mmenke

https://codereview.chromium.org/491123004/diff/120001/net/http/http_util.h File net/http/http_util.h (right): https://codereview.chromium.org/491123004/diff/120001/net/http/http_util.h#newcode81 net/http/http_util.h:81: // Returns true if |value| is a valid HTTP ...

6 years, 4 months ago (2014-08-25 16:32:44 UTC) #3

robwu

6 years, 4 months ago (2014-08-25 18:58:29 UTC) #4

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/rob@robwu.nl/491123004/140001

6 years, 4 months ago (2014-08-25 19:23:36 UTC) #7

commit-bot: I haz the power

FYI, CQ is re-trying this CL (attempt #1). The failing builders are: win_chromium_rel_swarming on tryserver.chromium.win ...

6 years, 4 months ago (2014-08-25 20:21:52 UTC) #8

commit-bot: I haz the power

Committed patchset #2 (140001) as ba2161d37bd6f18f609046561309c582d4219e73

6 years, 4 months ago (2014-08-25 21:13:32 UTC) #9

commit-bot: I haz the power

6 years, 3 months ago (2014-09-10 02:37:34 UTC) #10

Message was sent while issue was closed.

Patchset 2 (id:??) landed as
https://crrev.com/7aad4986b5ab03e70d7390e99f3f2e9da6b521ae
Cr-Commit-Position: refs/heads/master@{#291761}

Expand Messages | Collapse Messages