Fixed chrome proxy via check

This prevents a crash when a token on the via header
is fewer than four characters.

BUG=349020

Review URL: https://codereview.chromium.org/187273002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@255274 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 6 insertions, 1 deletions

diff --git a/net/http/http_response_headers.cc b/net/http/http_response_headers.cc
index f26292a..2d74b38 100644
--- a/net/http/http_response_headers.cc
+++ b/net/http/http_response_headers.cc
@@ -1431,7 +1431,8 @@ bool HttpResponseHeaders::IsChromeProxyResponse() const {
   // space following it are always |kVersionSize| characters. E.g.,
   // 'Via: 1.1 Chrome-Compression-Proxy'
   while (EnumerateHeader(&iter, "via", &value)) {
-    if (!value.compare(kVersionSize, value_len, kChromeProxyViaValue))
+    if (value.size() >= kVersionSize + value_len &&
+        !value.compare(kVersionSize, value_len, kChromeProxyViaValue))
       return true;
   }
 
diff --git a/net/http/http_response_headers_unittest.cc b/net/http/http_response_headers_unittest.cc
index b6211ce..c433e1d 100644
--- a/net/http/http_response_headers_unittest.cc
+++ b/net/http/http_response_headers_unittest.cc
@@ -2056,6 +2056,10 @@ TEST(HttpResponseHeadersTest, IsChromeProxyResponse) {
       false,
     },
     { "HTTP/1.1 200 OK\n"
+      "Via: 1\n",
+      false,
+    },
+    { "HTTP/1.1 200 OK\n"
       "Via: 1.1 Chrome-Compression-Proxy\n",
       true,
     },