Support net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH.

If we encounter multiple Content-Length headers without a
Transfer-Encoding header, then it's a potential response smuggling
attempt.  Return an error.

BUG=56344
TEST=HttpNetworkTransactionTest.MultipleContentLengthHeadersNoTransferEncoding,HttpNetworkTransactionTest.MultipleContentLengthHeadersTransferEncoding

Review URL: http://codereview.chromium.org/3394016

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60317 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 6 deletions

diff --git a/net/http/http_stream_parser.h b/net/http/http_stream_parser.h
index ec84d056..a1dda07 100644
--- a/net/http/http_stream_parser.h
+++ b/net/http/http_stream_parser.h
@@ -111,14 +111,15 @@ class HttpStreamParser {
   int DoReadBody();
   int DoReadBodyComplete(int result);
 
-  // Examines |read_buf_| to find the start and end of the headers. Return
-  // the offset for the end of the headers, or -1 if the complete headers
-  // were not found. If they are are found, parse them with
-  // DoParseResponseHeaders().
+  // Examines |read_buf_| to find the start and end of the headers. If they are
+  // found, parse them with DoParseResponseHeaders().  Return the offset for
+  // the end of the headers, or -1 if the complete headers were not found, or
+  // with a net::Error if we encountered an error during parsing.
   int ParseResponseHeaders();
 
-  // Parse the headers into response_.
-  void DoParseResponseHeaders(int end_of_header_offset);
+  // Parse the headers into response_.  Returns OK on success or a net::Error on
+  // failure.
+  int DoParseResponseHeaders(int end_of_header_offset);
 
   // Examine the parsed headers to try to determine the response body size.
   void CalculateResponseBodySize();