diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-29 19:06:53 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-05-29 19:06:53 +0000 |
| commit | 9c18dbcb79e5f700c453d1ac01fb6d8768e4844a (patch) | |
| tree | e5bf49e38f2eeea560ae20be86912f63ca6a4a22 /net/http/http_stream_parser.cc | |
| parent | 0154c2bee5ee8c46a43c469bb94bc32a419485f7 (diff) | |
| download | chromium_src-9c18dbcb79e5f700c453d1ac01fb6d8768e4844a.zip chromium_src-9c18dbcb79e5f700c453d1ac01fb6d8768e4844a.tar.gz chromium_src-9c18dbcb79e5f700c453d1ac01fb6d8768e4844a.tar.bz2 | |
net: don't process truncated headers on HTTPS connections.
This change causes us to not process any headers unless they are correctly
terminated with a \r\n\r\n sequence.
BUG=244260
Review URL: https://chromiumcodereview.appspot.com/15688012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@202927 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_stream_parser.cc')
| -rw-r--r-- | net/http/http_stream_parser.cc | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/net/http/http_stream_parser.cc b/net/http/http_stream_parser.cc index 3c64ee6..7b195e7 100644 --- a/net/http/http_stream_parser.cc +++ b/net/http/http_stream_parser.cc @@ -541,26 +541,31 @@ int HttpStreamParser::DoReadHeadersComplete(int result) { if (result == ERR_CONNECTION_CLOSED) { // The connection closed before we detected the end of the headers. - // parse things as well as we can and let the caller decide what to do. if (read_buf_->offset() == 0) { // The connection was closed before any data was sent. Likely an error // rather than empty HTTP/0.9 response. io_state_ = STATE_DONE; return ERR_EMPTY_RESPONSE; + } else if (request_->url.SchemeIs("https")) { + // The connection was closed in the middle of the headers. For HTTPS we + // don't parse partial headers. Return a different error code so that we + // know that we shouldn't attempt to retry the request. + io_state_ = STATE_DONE; + return ERR_HEADERS_TRUNCATED; + } + // Parse things as well as we can and let the caller decide what to do. + int end_offset; + if (response_header_start_offset_ >= 0) { + io_state_ = STATE_READ_BODY_COMPLETE; + end_offset = read_buf_->offset(); } else { - int end_offset; - if (response_header_start_offset_ >= 0) { - io_state_ = STATE_READ_BODY_COMPLETE; - end_offset = read_buf_->offset(); - } else { - io_state_ = STATE_BODY_PENDING; - end_offset = 0; - } - int rv = DoParseResponseHeaders(end_offset); - if (rv < 0) - return rv; - return result; + io_state_ = STATE_BODY_PENDING; + end_offset = 0; } + int rv = DoParseResponseHeaders(end_offset); + if (rv < 0) + return rv; + return result; } read_buf_->set_offset(read_buf_->offset() + result); |