diff options
| author | horo <horo@chromium.org> | 2015-02-12 01:23:14 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-02-12 09:23:38 +0000 |
| commit | ddd29ccffde100ef143d6d6a012d334557972378 (patch) | |
| tree | ba70fdc311ed1d0d38e0c72160ec05f7484611a1 /content/browser/service_worker/service_worker_cache.cc | |
| parent | 90d38eba8f0f79741e85b38a68c08bc879850f20 (diff) | |
| download | chromium_src-ddd29ccffde100ef143d6d6a012d334557972378.zip chromium_src-ddd29ccffde100ef143d6d6a012d334557972378.tar.gz chromium_src-ddd29ccffde100ef143d6d6a012d334557972378.tar.bz2 | |
Check that there is no null character in the headers in the ServiceWorker process.
net::HttpResponseHeaders doesn't allow the null character.
The browser process crashes with assertion failure in CheckDoesNotHaveEmbededNulls.
We should check the existance of null character in blink codes.
https://codereview.chromium.org/900563002
But it is better to check the existance in the ServiceWorker before sending the data to the browser prorcess no to crash the browser process.
So this change adds CHECK() in content/renderer/serviceworker.
This cl also add DCHECK() in ServiceWorkerCache::MatchDidReadMetadata().
BUG=456736,454665
Review URL: https://codereview.chromium.org/911033003
Cr-Commit-Position: refs/heads/master@{#315952}
Diffstat (limited to 'content/browser/service_worker/service_worker_cache.cc')
| -rw-r--r-- | content/browser/service_worker/service_worker_cache.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/content/browser/service_worker/service_worker_cache.cc b/content/browser/service_worker/service_worker_cache.cc index 00c26aa..a597a03 100644 --- a/content/browser/service_worker/service_worker_cache.cc +++ b/content/browser/service_worker/service_worker_cache.cc @@ -665,12 +665,16 @@ void ServiceWorkerCache::MatchDidReadMetadata( for (int i = 0; i < metadata->response().headers_size(); ++i) { const ServiceWorkerCacheHeaderMap header = metadata->response().headers(i); + DCHECK(header.name().find('\0') == std::string::npos); + DCHECK(header.value().find('\0') == std::string::npos); response->headers.insert(std::make_pair(header.name(), header.value())); } ServiceWorkerHeaderMap cached_request_headers; for (int i = 0; i < metadata->request().headers_size(); ++i) { const ServiceWorkerCacheHeaderMap header = metadata->request().headers(i); + DCHECK(header.name().find('\0') == std::string::npos); + DCHECK(header.value().find('\0') == std::string::npos); cached_request_headers[header.name()] = header.value(); } @@ -841,6 +845,8 @@ void ServiceWorkerCache::PutDidCreateEntry(scoped_ptr<PutContext> put_context, put_context->request->headers.begin(); it != put_context->request->headers.end(); ++it) { + DCHECK(it->first.find('\0') == std::string::npos); + DCHECK(it->second.find('\0') == std::string::npos); ServiceWorkerCacheHeaderMap* header_map = request_metadata->add_headers(); header_map->set_name(it->first); header_map->set_value(it->second); @@ -856,6 +862,8 @@ void ServiceWorkerCache::PutDidCreateEntry(scoped_ptr<PutContext> put_context, put_context->response->headers.begin(); it != put_context->response->headers.end(); ++it) { + DCHECK(it->first.find('\0') == std::string::npos); + DCHECK(it->second.find('\0') == std::string::npos); ServiceWorkerCacheHeaderMap* header_map = response_metadata->add_headers(); header_map->set_name(it->first); header_map->set_value(it->second); @@ -1128,6 +1136,8 @@ void ServiceWorkerCache::KeysDidReadMetadata( for (int i = 0; i < metadata->request().headers_size(); ++i) { const ServiceWorkerCacheHeaderMap header = metadata->request().headers(i); + DCHECK(header.name().find('\0') == std::string::npos); + DCHECK(header.value().find('\0') == std::string::npos); req_headers.insert(std::make_pair(header.name(), header.value())); } } else { |