diff options
| author | ricea@chromium.org <ricea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-22 14:02:43 +0000 |
|---|---|---|
| committer | ricea@chromium.org <ricea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-22 14:02:43 +0000 |
| commit | 53deacb6a25d2498b976e709485d10f400eb3109 (patch) | |
| tree | de32cda79765f9099f63eb375b65f094de0543c6 /net/websockets | |
| parent | 40bd0e2dbb489669dedd5eaab25f1dee629e9b09 (diff) | |
| download | chromium_src-53deacb6a25d2498b976e709485d10f400eb3109.zip chromium_src-53deacb6a25d2498b976e709485d10f400eb3109.tar.gz chromium_src-53deacb6a25d2498b976e709485d10f400eb3109.tar.bz2 | |
WebSocketChannel should ensure the scheme is "ws" or "wss" before
attempting to perform a connection. Make it so.
BUG=320574
TEST=net_unittests, chrome
Review URL: https://codereview.chromium.org/72043003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@236763 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/websockets')
| -rw-r--r-- | net/websockets/websocket_channel.cc | 10 | ||||
| -rw-r--r-- | net/websockets/websocket_channel_test.cc | 11 |
2 files changed, 20 insertions, 1 deletions
diff --git a/net/websockets/websocket_channel.cc b/net/websockets/websocket_channel.cc index e05d2ed..4ff91e5 100644 --- a/net/websockets/websocket_channel.cc +++ b/net/websockets/websocket_channel.cc @@ -15,6 +15,7 @@ #include "net/base/big_endian.h" #include "net/base/io_buffer.h" #include "net/base/net_log.h" +#include "net/http/http_util.h" #include "net/websockets/websocket_errors.h" #include "net/websockets/websocket_event_interface.h" #include "net/websockets/websocket_frame.h" @@ -193,7 +194,7 @@ void WebSocketChannel::SendFrame(bool fin, AllowUnused(FailChannel(SEND_GOING_AWAY, kWebSocketMuxErrorSendQuotaViolation, "Send quota exceeded")); - // |this| is deleted here. + // |this| has been deleted. return; } if (!WebSocketFrameHeader::IsKnownDataOpCode(op_code)) { @@ -269,6 +270,13 @@ void WebSocketChannel::SendAddChannelRequestWithSuppliedCreator( const GURL& origin, const WebSocketStreamCreator& creator) { DCHECK_EQ(FRESHLY_CONSTRUCTED, state_); + if (!socket_url.SchemeIsWSOrWSS()) { + // TODO(ricea): Kill the renderer (this error should have been caught by + // Javascript). + AllowUnused(event_interface_->OnAddChannelResponse(true, "")); + // |this| is deleted here. + return; + } socket_url_ = socket_url; scoped_ptr<WebSocketStream::ConnectDelegate> connect_delegate( new ConnectDelegate(this)); diff --git a/net/websockets/websocket_channel_test.cc b/net/websockets/websocket_channel_test.cc index 9bdfa71..1bef0d4 100644 --- a/net/websockets/websocket_channel_test.cc +++ b/net/websockets/websocket_channel_test.cc @@ -727,6 +727,11 @@ class WebSocketChannelTest : public ::testing::Test { // A struct containing the data that will be used to connect the channel. // Grouped for readability. struct ConnectData { + ConnectData() : + socket_url("ws://ws/"), + origin("http://ws/") + {} + // URLRequestContext object. URLRequestContext url_request_context; @@ -1152,6 +1157,12 @@ TEST_F(WebSocketChannelEventInterfaceTest, ConnectFailureReported) { kWebSocketErrorNoStatusReceived); } +TEST_F(WebSocketChannelEventInterfaceTest, NonWebSocketSchemeRejected) { + EXPECT_CALL(*event_interface_, OnAddChannelResponse(true, "")); + connect_data_.socket_url = GURL("http://www.google.com/"); + CreateChannelAndConnect(); +} + TEST_F(WebSocketChannelEventInterfaceTest, ProtocolPassed) { EXPECT_CALL(*event_interface_, OnAddChannelResponse(false, "Bob")); EXPECT_CALL(*event_interface_, OnFlowControl(_)); |