net/http/proxy_client_socket.cc - Issue 769043003: Sanitize headers in Proxy Authentication Required responses

Side by Side Diff: net/http/proxy_client_socket.cc

Issue 769043003: Sanitize headers in Proxy Authentication Required responses (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix net_unittests Created 6 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/proxy_client_socket.h"	5 #include "net/http/proxy_client_socket.h"

6	6

7 #include "base/metrics/histogram.h"	7 #include "base/metrics/histogram.h"

8 #include "base/strings/stringprintf.h"	8 #include "base/strings/stringprintf.h"

9 #include "net/base/host_port_pair.h"	9 #include "net/base/host_port_pair.h"

10 #include "net/base/net_errors.h"	10 #include "net/base/net_errors.h"

(...skipping 54 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
65 HttpUtil::GetStatusCodesForHistogram());	65 HttpUtil::GetStatusCodesForHistogram());

66 } else {	66 } else {

67 UMA_HISTOGRAM_CUSTOM_ENUMERATION(	67 UMA_HISTOGRAM_CUSTOM_ENUMERATION(

68 "Net.BlockedTunnelResponse.HttpProxy",	68 "Net.BlockedTunnelResponse.HttpProxy",

69 HttpUtil::MapStatusCodeForHistogram(http_status_code),	69 HttpUtil::MapStatusCodeForHistogram(http_status_code),

70 HttpUtil::GetStatusCodesForHistogram());	70 HttpUtil::GetStatusCodesForHistogram());

71 }	71 }

72 }	72 }

73	73

74 // static	74 // static

75 bool ProxyClientSocket::SanitizeProxyRedirect(HttpResponseInfo* response,	75 bool ProxyClientSocket::SanitizeProxyAuth(HttpResponseInfo* response) {

76 const GURL& url) {	76 DCHECK(response && response->headers.get());

	77

	78 const char* kHeaderName = "Proxy-Authenticate";

	79 void* iter = NULL;

	80 std::string auth, ignored;

	81 // Make sure there is one Proxy-Authenticate header...

	82 if (!response->headers->EnumerateHeader(&iter, kHeaderName, &auth))

	83 return false;

	84 // ...but not more than one.
	Ryan Sleevi 2014/12/08 22:04:39 BUG: This is NOT required by the spec. Per RFC 723 BUG: This is NOT required by the spec. Per RFC 7235, Proxy-Authenticate follows the <n><m>#list form (see https://tools.ietf.org/html/rfc7235#section-4.3 ) See also https://tools.ietf.org/html/rfc7230#section-7 and https://tools.ietf.org/html/rfc7230#section-3.2.2 Namely, a sender MAY take a #list and send across multiple headers. And the client MAY coalesce. So the right way to do it is to enumerate all of the header values, join them into a single comma-separated value, and use that as the synthetic Proxy-Authenticate response.
	85 if (response->headers->EnumerateHeader(&iter, kHeaderName, &ignored))

	86 return false;

	87

	88 std::string fake_response_headers = base::StringPrintf(

	89 "HTTP/1.1 407 Proxy Authentication Required\n"

	90 "Proxy-Authenticate: %s\n"

	91 "Content-Length: 0\n"
	Ryan Hamilton 2014/12/08 22:51:59 Looks like the content-length should not be 0, sin Looks like the content-length should not be 0, since there is actually a response body. Deprecated (see juliatuttle) 2014/12/09 15:31:15 The goal was to avoid providing the response body, Show quoted text On 2014/12/08 22:51:59, Ryan Hamilton wrote: > Looks like the content-length should not be 0, since there is actually a > response body. The goal was to avoid providing the response body, since it can contain scripts that would execute as the origin we were trying to CONNECT to. Ryan Hamilton 2014/12/10 19:53:42 Oh! I'm sorry. I misread line 94 to be appending a Show quoted text On 2014/12/09 15:31:15, ttuttle wrote: > On 2014/12/08 22:51:59, Ryan Hamilton wrote: > > Looks like the content-length should not be 0, since there is actually a > > response body. > > The goal was to avoid providing the response body, since it can contain scripts > that would execute as the origin we were trying to CONNECT to. Oh! I'm sorry. I misread line 94 to be appending a response body via auth.c_str() but in re-reading it's obvious that I was confused. Sorry! Deprecated (see juliatuttle) 2014/12/10 20:38:40 I've removed the content-length header entirely, s Show quoted text On 2014/12/10 19:53:42, Ryan Hamilton wrote: > On 2014/12/09 15:31:15, ttuttle wrote: > > On 2014/12/08 22:51:59, Ryan Hamilton wrote: > > > Looks like the content-length should not be 0, since there is actually a > > > response body. > > > > The goal was to avoid providing the response body, since it can contain > scripts > > that would execute as the origin we were trying to CONNECT to. > > Oh! I'm sorry. I misread line 94 to be appending a response body via > auth.c_str() but in re-reading it's obvious that I was confused. Sorry! I've removed the content-length header entirely, since we error out if the caller reads the body anyway.
	92 "Connection: close\n"
	Ryan Hamilton 2014/12/08 22:51:59 I'm not sure that you want to make this connection I'm not sure that you want to make this connection close because that prevents the socket from being reused, which I think you need for Negotiate/NTLM auth. Deprecated (see juliatuttle) 2014/12/09 15:31:15 Sigh, okay. Show quoted text On 2014/12/08 22:51:59, Ryan Hamilton wrote: > I'm not sure that you want to make this connection close because that prevents > the socket from being reused, which I think you need for Negotiate/NTLM auth. Sigh, okay. Deprecated (see juliatuttle) 2014/12/10 20:38:40 I've passed along Connection headers along with th Show quoted text On 2014/12/09 15:31:15, ttuttle wrote: > On 2014/12/08 22:51:59, Ryan Hamilton wrote: > > I'm not sure that you want to make this connection close because that prevents > > the socket from being reused, which I think you need for Negotiate/NTLM auth. > > Sigh, okay. I've passed along Connection headers along with the Proxy-Authenticate ones, so keep-alive (or close, if the proxy wants) should work.
	93 "\n",

	94 auth.c_str());

	95 std::string raw_headers = HttpUtil::AssembleRawHeaders(

	96 fake_response_headers.data(), fake_response_headers.length());

	97 response->headers = new HttpResponseHeaders(raw_headers);

	98 return true;

	99 }

	100

	101 // static

	102 bool ProxyClientSocket::SanitizeProxyRedirect(HttpResponseInfo* response) {

77 DCHECK(response && response->headers.get());	103 DCHECK(response && response->headers.get());

78	104

79 std::string location;	105 std::string location;

80 if (!response->headers->IsRedirect(&location))	106 if (!response->headers->IsRedirect(&location))

81 return false;	107 return false;

82	108

83 // Return minimal headers; set "Content-length: 0" to ignore response body.	109 // Return minimal headers; set "Content-Length: 0" to ignore response body.

84 std::string fake_response_headers =	110 std::string fake_response_headers = base::StringPrintf(

85 base::StringPrintf("HTTP/1.0 302 Found\n"	111 "HTTP/1.1 302 Found\n"
	Ryan Sleevi 2014/12/08 22:04:40 Note: While this may seem trivial, it's going to r Note: While this may seem trivial, it's going to require someone to go back to the HTTP/1.1 spec and ensure our response is a fully conformant 1.1 response. There are difference in requirements for requests (e.g. 1.1 requests MUST have a Host header), and I haven't checked if 1.1 responses have similar requirements. This may be the correct thing to do, but a reviewer needs to vet this is true. Ryan Hamilton 2014/12/08 22:53:48 From my reading, I think there are no required res Show quoted text On 2014/12/08 22:04:40, Ryan Sleevi wrote: > Note: While this may seem trivial, it's going to require someone to go back to > the HTTP/1.1 spec and ensure our response is a fully conformant 1.1 response. > There are difference in requirements for requests (e.g. 1.1 requests MUST have a > Host header), and I haven't checked if 1.1 responses have similar requirements. > > This may be the correct thing to do, but a reviewer needs to vet this is true. From my reading, I think there are no required response headers: Response = Status-Line ; Section 6.1 (( general-header ; Section 4.5 \| response-header ; Section 6.2 \| entity-header ) CRLF) ; Section 7.1 CRLF [ message-body ] ; Section 7.2 Deprecated (see juliatuttle)* 2014/12/09 15:31:15 I can make them both 1.0, but that would break kee Show quoted text On 2014/12/08 22:04:40, Ryan Sleevi wrote: > Note: While this may seem trivial, it's going to require someone to go back to > the HTTP/1.1 spec and ensure our response is a fully conformant 1.1 response. > There are difference in requirements for requests (e.g. 1.1 requests MUST have a > Host header), and I haven't checked if 1.1 responses have similar requirements. > > This may be the correct thing to do, but a reviewer needs to vet this is true. I can make them both 1.0, but that would break keep-alive, which we need for auth. If you want, I can just leave this one 1.0.
86 "Location: %s\n"	112 "Location: %s\n"

87 "Content-length: 0\n"	113 "Content-Length: 0\n"

88 "Connection: close\n"	114 "Connection: close\n"

89 "\n",	115 "\n",

90 location.c_str());	116 location.c_str());

91 std::string raw_headers =	117 std::string raw_headers =

92 HttpUtil::AssembleRawHeaders(fake_response_headers.data(),	118 HttpUtil::AssembleRawHeaders(fake_response_headers.data(),

93 fake_response_headers.length());	119 fake_response_headers.length());

94 response->headers = new HttpResponseHeaders(raw_headers);	120 response->headers = new HttpResponseHeaders(raw_headers);

95	121

96 return true;	122 return true;

97 }	123 }

98	124

99 } // namespace net	125 } // namespace net

OLD	NEW

« net/http/http_proxy_client_socket.cc ('K') | « net/http/proxy_client_socket.h ('k') | net/spdy/spdy_proxy_client_socket.cc » ('j') | net/spdy/spdy_proxy_client_socket.cc » ('J')