diff options
| author | shreyasv <shreyasv@chromium.org> | 2015-12-22 08:39:00 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-12-22 16:39:58 +0000 |
| commit | f24f91a883fa30657ee91cd66888ff8fe0a6c1e0 (patch) | |
| tree | 2b157f964164f0175979460f5adb395808377f09 /ios/net | |
| parent | f1b57ee2ca2035dd5a272d1cd551bd4d12899f4c (diff) | |
| download | chromium_src-f24f91a883fa30657ee91cd66888ff8fe0a6c1e0.zip chromium_src-f24f91a883fa30657ee91cd66888ff8fe0a6c1e0.tar.gz chromium_src-f24f91a883fa30657ee91cd66888ff8fe0a6c1e0.tar.bz2 | |
Checking for valid header name, value before adding them.
The header name, value are strings obtained from http headers
and indirectly through the WKNavigationDelegate callbacks.
There is no guarantee that these strings contain
valid header names, values. This CL adds a check
for the validity of these string before actually
adding it to |http_headers|.
BUG=570919
Review URL: https://codereview.chromium.org/1546433002
Cr-Commit-Position: refs/heads/master@{#366602}
Diffstat (limited to 'ios/net')
| -rw-r--r-- | ios/net/http_response_headers_util.mm | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ios/net/http_response_headers_util.mm b/ios/net/http_response_headers_util.mm index 5d6f716..8f590ad 100644 --- a/ios/net/http_response_headers_util.mm +++ b/ios/net/http_response_headers_util.mm @@ -7,7 +7,9 @@ #include <Foundation/Foundation.h> #include "base/logging.h" +#include "base/strings/stringprintf.h" #include "base/strings/sys_string_conversions.h" +#include "net/http/http_util.h" namespace { // String format used to create the http status line from the status code and @@ -15,7 +17,7 @@ namespace { NSString* const kHttpStatusLineFormat = @"HTTP %ld %s"; // String format used to pass the header name/value pairs to the // HttpResponseHeaders. -NSString* const kHeaderLineFormat = @"%@: %@"; +const char kHeaderLineFormat[] = "%s: %s"; } namespace net { @@ -34,11 +36,17 @@ scoped_refptr<HttpResponseHeaders> CreateHeadersFromNSHTTPURLResponse( new HttpResponseHeaders(status_line)); // Iterate through |response|'s headers and add them to |http_headers|. [response.allHeaderFields - enumerateKeysAndObjectsUsingBlock:^(NSString* header_name, + enumerateKeysAndObjectsUsingBlock:^(NSString* name, NSString* value, BOOL*) { - NSString* header_line = - [NSString stringWithFormat:kHeaderLineFormat, header_name, value]; - http_headers->AddHeader(base::SysNSStringToUTF8(header_line)); + std::string header_name = base::SysNSStringToUTF8(name); + std::string header_value = base::SysNSStringToUTF8(value); + if (HttpUtil::IsValidHeaderName(header_name) && + HttpUtil::IsValidHeaderValue(header_value)) { + std::string header_line = + base::StringPrintf(kHeaderLineFormat, header_name.c_str(), + header_value.c_str()); + http_headers->AddHeader(header_line); + } }]; return http_headers; } |