summaryrefslogtreecommitdiffstats
path: root/chrome/browser/extensions/api/web_request
diff options
context:
space:
mode:
authorbattre@chromium.org <battre@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-03-12 06:40:12 +0000
committerbattre@chromium.org <battre@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-03-12 06:40:12 +0000
commit21bbb2cea53c40cd2a463756e969a0ce1651fe92 (patch)
tree9eb1c0d7ee1b7f82dcda32e22ac40f674ff3a649 /chrome/browser/extensions/api/web_request
parentb511e28eef3da1363d4c749c29d69516632813b0 (diff)
downloadchromium_src-21bbb2cea53c40cd2a463756e969a0ce1651fe92.zip
chromium_src-21bbb2cea53c40cd2a463756e969a0ce1651fe92.tar.gz
chromium_src-21bbb2cea53c40cd2a463756e969a0ce1651fe92.tar.bz2
Fix handling of incorrect response data of webrequest handlers
An extension would crash if its blocking request handler returned invalid reponses. With this CL, an error message is logged to the console and the request gets canceled. BUG=349139 Review URL: https://codereview.chromium.org/177333005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256455 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/extensions/api/web_request')
-rw-r--r--chrome/browser/extensions/api/web_request/web_request_api.cc63
-rw-r--r--chrome/browser/extensions/api/web_request/web_request_api.h11
-rw-r--r--chrome/browser/extensions/api/web_request/web_request_api_constants.cc1
-rw-r--r--chrome/browser/extensions/api/web_request/web_request_api_constants.h1
4 files changed, 67 insertions, 9 deletions
diff --git a/chrome/browser/extensions/api/web_request/web_request_api.cc b/chrome/browser/extensions/api/web_request/web_request_api.cc
index fd4cd7a..462419d 100644
--- a/chrome/browser/extensions/api/web_request/web_request_api.cc
+++ b/chrome/browser/extensions/api/web_request/web_request_api.cc
@@ -286,8 +286,10 @@ bool FromHeaderDictionary(const base::DictionaryValue* header_value,
}
} else if (header_value->HasKey(keys::kHeaderBinaryValueKey)) {
const base::ListValue* list = NULL;
- if (!header_value->GetList(keys::kHeaderBinaryValueKey, &list) ||
- !helpers::CharListToString(list, value)) {
+ if (!header_value->HasKey(keys::kHeaderBinaryValueKey)) {
+ *value = "";
+ } else if (!header_value->GetList(keys::kHeaderBinaryValueKey, &list) ||
+ !helpers::CharListToString(list, value)) {
return false;
}
}
@@ -2219,6 +2221,23 @@ bool WebRequestAddEventListener::RunImpl() {
return true;
}
+void WebRequestEventHandled::CancelWithError(
+ const std::string& event_name,
+ const std::string& sub_event_name,
+ uint64 request_id,
+ scoped_ptr<ExtensionWebRequestEventRouter::EventResponse> response,
+ const std::string& error) {
+ error_ = error;
+ response->cancel = true;
+ ExtensionWebRequestEventRouter::GetInstance()->OnEventHandled(
+ profile_id(),
+ extension_id(),
+ event_name,
+ sub_event_name,
+ request_id,
+ response.release());
+}
+
bool WebRequestEventHandled::RunImpl() {
std::string event_name;
EXTENSION_FUNCTION_VALIDATE(args_->GetString(0, &event_name));
@@ -2247,7 +2266,11 @@ bool WebRequestEventHandled::RunImpl() {
if (value->HasKey("cancel")) {
// Don't allow cancel mixed with other keys.
if (value->HasKey("redirectUrl") || value->HasKey("requestHeaders")) {
- error_ = keys::kInvalidBlockingResponse;
+ CancelWithError(event_name,
+ sub_event_name,
+ request_id,
+ response.Pass(),
+ keys::kInvalidBlockingResponse);
return false;
}
@@ -2262,8 +2285,12 @@ bool WebRequestEventHandled::RunImpl() {
&new_url_str));
response->new_url = GURL(new_url_str);
if (!response->new_url.is_valid()) {
- error_ = ErrorUtils::FormatErrorMessage(
- keys::kInvalidRedirectUrl, new_url_str);
+ CancelWithError(event_name,
+ sub_event_name,
+ request_id,
+ response.Pass(),
+ ErrorUtils::FormatErrorMessage(
+ keys::kInvalidRedirectUrl, new_url_str));
return false;
}
}
@@ -2279,8 +2306,17 @@ bool WebRequestEventHandled::RunImpl() {
std::string value;
EXTENSION_FUNCTION_VALIDATE(
request_headers_value->GetDictionary(i, &header_value));
- EXTENSION_FUNCTION_VALIDATE(
- FromHeaderDictionary(header_value, &name, &value));
+ if (!FromHeaderDictionary(header_value, &name, &value)) {
+ std::string serialized_header;
+ base::JSONWriter::Write(header_value, &serialized_header);
+ CancelWithError(event_name,
+ sub_event_name,
+ request_id,
+ response.Pass(),
+ ErrorUtils::FormatErrorMessage(keys::kInvalidHeader,
+ serialized_header));
+ return false;
+ }
response->request_headers->SetHeader(name, value);
}
}
@@ -2297,8 +2333,17 @@ bool WebRequestEventHandled::RunImpl() {
std::string value;
EXTENSION_FUNCTION_VALIDATE(
response_headers_value->GetDictionary(i, &header_value));
- EXTENSION_FUNCTION_VALIDATE(
- FromHeaderDictionary(header_value, &name, &value));
+ if (!FromHeaderDictionary(header_value, &name, &value)) {
+ std::string serialized_header;
+ base::JSONWriter::Write(header_value, &serialized_header);
+ CancelWithError(event_name,
+ sub_event_name,
+ request_id,
+ response.Pass(),
+ ErrorUtils::FormatErrorMessage(keys::kInvalidHeader,
+ serialized_header));
+ return false;
+ }
response_headers->push_back(helpers::ResponseHeader(name, value));
}
response->response_headers.reset(response_headers.release());
diff --git a/chrome/browser/extensions/api/web_request/web_request_api.h b/chrome/browser/extensions/api/web_request/web_request_api.h
index 6258ae9..9efddb0 100644
--- a/chrome/browser/extensions/api/web_request/web_request_api.h
+++ b/chrome/browser/extensions/api/web_request/web_request_api.h
@@ -486,6 +486,17 @@ class WebRequestEventHandled : public SyncIOThreadExtensionFunction {
protected:
virtual ~WebRequestEventHandled() {}
+ // Cancels and unblocks the network request, and sets error_ such that the
+ // developer console will show the respective error message. Use this function
+ // to handle incorrect requests from the extension that cannot be detected by
+ // the schema validator.
+ void CancelWithError(
+ const std::string& event_name,
+ const std::string& sub_event_name,
+ uint64 request_id,
+ scoped_ptr<ExtensionWebRequestEventRouter::EventResponse> response,
+ const std::string& error);
+
// ExtensionFunction:
virtual bool RunImpl() OVERRIDE;
};
diff --git a/chrome/browser/extensions/api/web_request/web_request_api_constants.cc b/chrome/browser/extensions/api/web_request/web_request_api_constants.cc
index 493a903d..0f5a421 100644
--- a/chrome/browser/extensions/api/web_request/web_request_api_constants.cc
+++ b/chrome/browser/extensions/api/web_request/web_request_api_constants.cc
@@ -72,5 +72,6 @@ const char kBlockingPermissionRequired[] =
const char kHostPermissionsRequired[] =
"You need to request host permissions in the manifest file in order to "
"be notified about requests from the webRequest API.";
+const char kInvalidHeader[] = "Invalid header specification '*'.";
} // namespace extension_web_request_api_constants
diff --git a/chrome/browser/extensions/api/web_request/web_request_api_constants.h b/chrome/browser/extensions/api/web_request/web_request_api_constants.h
index fffa987..05a8302 100644
--- a/chrome/browser/extensions/api/web_request/web_request_api_constants.h
+++ b/chrome/browser/extensions/api/web_request/web_request_api_constants.h
@@ -78,6 +78,7 @@ extern const char kInvalidBlockingResponse[];
extern const char kInvalidRequestFilterUrl[];
extern const char kBlockingPermissionRequired[];
extern const char kHostPermissionsRequired[];
+extern const char kInvalidHeader[];
} // namespace extension_web_request_api_constants
generated by cgit v1.1 at 2025-04-02 03:36:42 +0000