Fix dictionary domain check problem.

net/base/sdch_manager.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/sdch_manager.h"
 
 #include "base/base64.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "crypto/sha2.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/url_request/url_request_http_job.h"
 
+namespace {
+
+void StripTrailingDot(GURL* gurl) {
+  std::string host(gurl->host());
+
+  if (host.empty())
+    return;
+
+  if (*host.rbegin() != '.')
+    return;
+
+  host.resize(host.size() - 1);
+
+  GURL::Replacements replacements;
+  replacements.SetHostStr(host);
+  *gurl = gurl->ReplaceComponents(replacements);
+  return;
+}
+
+}  // namespace
+
 namespace net {
 
 //------------------------------------------------------------------------------
 // static
 
 // Adjust SDCH limits downwards for mobile.
 #if defined(OS_ANDROID) || defined(OS_IOS)
 // static
 const size_t SdchManager::kMaxDictionaryCount = 1;
 const size_t SdchManager::kMaxDictionarySize = 500 * 1000;
@@ skipping 517 matching lines @@
         if (port >= 0)
           ports.insert(port);
       }
     }
 
     if (line_end >= header_end)
       break;
     line_start = line_end + 1;
   }
 
-  if (!IsInSupportedDomain(dictionary_url))
+  // Narrow fix for http://crbug.com/389451.
+  GURL dictionary_url_normalized(dictionary_url);
+  StripTrailingDot(&dictionary_url_normalized);
+
+  if (!IsInSupportedDomain(dictionary_url_normalized))
     return;
 
-  if (!Dictionary::CanSet(domain, path, ports, dictionary_url))
+  if (!Dictionary::CanSet(domain, path, ports, dictionary_url_normalized))
     return;
 
   // TODO(jar): Remove these hacks to preclude a DOS attack involving piles of
   // useless dictionaries.  We should probably have a cache eviction plan,
   // instead of just blocking additions.  For now, with the spec in flux, it
   // is probably not worth doing eviction handling.
   if (kMaxDictionarySize < dictionary_text.size()) {
     SdchErrorRecovery(DICTIONARY_IS_TOO_LARGE);
     return;
   }
   if (kMaxDictionaryCount <= dictionaries_.size()) {
     SdchErrorRecovery(DICTIONARY_COUNT_EXCEEDED);
     return;
   }
 
   UMA_HISTOGRAM_COUNTS("Sdch3.Dictionary size loaded", dictionary_text.size());
   DVLOG(1) << "Loaded dictionary with client hash " << client_hash
            << " and server hash " << server_hash;
   Dictionary* dictionary =
       new Dictionary(dictionary_text, header_end + 2, client_hash,
-                     dictionary_url, domain, path, expiration, ports);
+                     dictionary_url_normalized, domain,
+                     path, expiration, ports);
   dictionaries_[server_hash] = dictionary;
   return;
 }
 
 // static
 void SdchManager::UrlSafeBase64Encode(const std::string& input,
                                       std::string* output) {
   // Since this is only done during a dictionary load, and hashes are only 8
   // characters, we just do the simple fixup, rather than rewriting the encoder.
   base::Base64Encode(input, output);
   std::replace(output->begin(), output->end(), '+', '-');
   std::replace(output->begin(), output->end(), '/', '_');
 }
 
 }  // namespace net