diff options
| author | Shreyas VA <shreyasv@google.com> | 2015-12-28 17:44:59 -0800 |
|---|---|---|
| committer | Shreyas VA <shreyasv@google.com> | 2015-12-29 01:46:21 +0000 |
| commit | af6190a059fd3d000e2a88f575d871f2d925bcbe (patch) | |
| tree | 0788462451166f9880300f627dfbe7bd810765a3 | |
| parent | 627b8e7eca47613a0e2dc2b5af77698d93a60989 (diff) | |
| download | chromium_src-af6190a059fd3d000e2a88f575d871f2d925bcbe.zip chromium_src-af6190a059fd3d000e2a88f575d871f2d925bcbe.tar.gz chromium_src-af6190a059fd3d000e2a88f575d871f2d925bcbe.tar.bz2 | |
Checking for valid header name, value before adding them.
The header name, value are strings obtained from http headers
and indirectly through the WKNavigationDelegate callbacks.
There is no guarantee that these strings contain
valid header names, values. This CL adds a check
for the validity of these string before actually
adding it to |http_headers|.
BUG=570919
Review URL: https://codereview.chromium.org/1546433002
Cr-Commit-Position: refs/heads/master@{#366602}
(cherry picked from commit f24f91a883fa30657ee91cd66888ff8fe0a6c1e0)
Review URL: https://codereview.chromium.org/1556433002 .
Cr-Commit-Position: refs/branch-heads/2564@{#441}
Cr-Branched-From: 1283eca15bd9f772387f75241576cde7bdec7f54-refs/heads/master@{#359700}
| -rw-r--r-- | ios/net/http_response_headers_util.mm | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ios/net/http_response_headers_util.mm b/ios/net/http_response_headers_util.mm index 64d86b5..b9e6a50 100644 --- a/ios/net/http_response_headers_util.mm +++ b/ios/net/http_response_headers_util.mm @@ -7,7 +7,9 @@ #include <Foundation/Foundation.h> #include "base/logging.h" +#include "base/strings/stringprintf.h" #include "base/strings/sys_string_conversions.h" +#include "net/http/http_util.h" namespace { // String format used to create the http status line from the status code and @@ -15,7 +17,7 @@ namespace { NSString* const kHttpStatusLineFormat = @"HTTP %ld %s"; // String format used to pass the header name/value pairs to the // HttpResponseHeaders. -NSString* const kHeaderLineFormat = @"%@: %@"; +const char kHeaderLineFormat[] = "%s: %s"; } namespace net { @@ -34,11 +36,17 @@ scoped_refptr<HttpResponseHeaders> CreateHeadersFromNSHTTPURLResponse( new HttpResponseHeaders(status_line)); // Iterate through |response|'s headers and add them to |http_headers|. [response.allHeaderFields - enumerateKeysAndObjectsUsingBlock:^(NSString* header_name, + enumerateKeysAndObjectsUsingBlock:^(NSString* name, NSString* value, BOOL*) { - NSString* header_line = - [NSString stringWithFormat:kHeaderLineFormat, header_name, value]; - http_headers->AddHeader(base::SysNSStringToUTF8(header_line)); + std::string header_name = base::SysNSStringToUTF8(name); + std::string header_value = base::SysNSStringToUTF8(value); + if (HttpUtil::IsValidHeaderName(header_name) && + HttpUtil::IsValidHeaderValue(header_value)) { + std::string header_line = + base::StringPrintf(kHeaderLineFormat, header_name.c_str(), + header_value.c_str()); + http_headers->AddHeader(header_line); + } }]; return http_headers.Pass(); } |