Index: net/http/http_proxy_client_socket.cc |
diff --git a/net/http/http_proxy_client_socket.cc b/net/http/http_proxy_client_socket.cc |
index 515301cf08c1f1b5c9ebb5451c913d434161d993..a7fd7fc8295ae985321c52284311a672c75f4b71 100644 |
--- a/net/http/http_proxy_client_socket.cc |
+++ b/net/http/http_proxy_client_socket.cc |
@@ -483,25 +483,31 @@ int HttpProxyClientSocket::DoReadHeadersComplete(int result) { |
// sanitize the response. This still allows a rogue HTTPS proxy to |
// redirect an HTTPS site load to a similar-looking site, but no longer |
// allows it to impersonate the site the user requested. |
- if (is_https_proxy_ && SanitizeProxyRedirect(&response_, request_.url)) { |
+ if (!is_https_proxy_ || !SanitizeProxyRedirect(&response_)) { |
+ // We're not using an HTTPS proxy, or we couldn't sanitize the redirect. |
Ryan Sleevi
2014/12/08 22:04:39
nit: "Pronouns in Comments considered harmful" - h
Deprecated (see juliatuttle)
2014/12/09 15:31:15
Done.
|
+ LogBlockedTunnelResponse(); |
+ return ERR_TUNNEL_CONNECTION_FAILED; |
+ } |
+ |
+ { |
bool is_connection_reused = http_stream_parser_->IsConnectionReused(); |
redirect_has_load_timing_info_ = |
transport_->GetLoadTimingInfo( |
is_connection_reused, &redirect_load_timing_info_); |
- transport_.reset(); |
- http_stream_parser_.reset(); |
- return ERR_HTTPS_PROXY_TUNNEL_RESPONSE; |
} |
- |
- // We're not using an HTTPS proxy, or we couldn't sanitize the redirect. |
- LogBlockedTunnelResponse(); |
- return ERR_TUNNEL_CONNECTION_FAILED; |
+ transport_.reset(); |
+ http_stream_parser_.reset(); |
+ return ERR_HTTPS_PROXY_TUNNEL_RESPONSE; |
Ryan Hamilton
2014/12/08 22:51:59
I think you've tried to make use of an early-retur
Deprecated (see juliatuttle)
2014/12/09 15:31:15
What's wrong with the {}s? They're to prevent "jum
Ryan Hamilton
2014/12/10 22:09:21
They look ugly :>
Ryan Hamilton
2014/12/19 21:26:58
ping.
Deprecated (see juliatuttle)
2014/12/19 21:50:46
Done.
|
case 407: // Proxy Authentication Required |
// We need this status code to allow proxy authentication. Our |
// authentication code is smart enough to avoid being tricked by an |
// active network attacker. |
// The next state is intentionally not set as it should be STATE_NONE; |
+ if (!SanitizeProxyAuth(&response_)) { |
+ LogBlockedTunnelResponse(); |
+ return ERR_TUNNEL_CONNECTION_FAILED; |
+ } |
return HandleProxyAuthChallenge(auth_.get(), &response_, net_log_); |
default: |