From f24f91a883fa30657ee91cd66888ff8fe0a6c1e0 Mon Sep 17 00:00:00 2001
From: shreyasv <shreyasv@chromium.org>
Date: Tue, 22 Dec 2015 08:39:00 -0800
Subject: Checking for valid header name, value before adding them.

The header name, value are strings obtained from http headers
and indirectly through the WKNavigationDelegate callbacks.
There is no guarantee that these strings contain
valid header names, values. This CL adds a check
for the validity of these string before actually
adding it to |http_headers|.

BUG=570919

Review URL: https://codereview.chromium.org/1546433002

Cr-Commit-Position: refs/heads/master@{#366602}
---
 ios/net/http_response_headers_util.mm | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'ios/net')

diff --git a/ios/net/http_response_headers_util.mm b/ios/net/http_response_headers_util.mm
index 5d6f716..8f590ad 100644
--- a/ios/net/http_response_headers_util.mm
+++ b/ios/net/http_response_headers_util.mm
@@ -7,7 +7,9 @@
 #include <Foundation/Foundation.h>
 
 #include "base/logging.h"
+#include "base/strings/stringprintf.h"
 #include "base/strings/sys_string_conversions.h"
+#include "net/http/http_util.h"
 
 namespace {
 // String format used to create the http status line from the status code and
@@ -15,7 +17,7 @@ namespace {
 NSString* const kHttpStatusLineFormat = @"HTTP %ld %s";
 // String format used to pass the header name/value pairs to the
 // HttpResponseHeaders.
-NSString* const kHeaderLineFormat = @"%@: %@";
+const char kHeaderLineFormat[] = "%s: %s";
 }
 
 namespace net {
@@ -34,11 +36,17 @@ scoped_refptr<HttpResponseHeaders> CreateHeadersFromNSHTTPURLResponse(
       new HttpResponseHeaders(status_line));
   // Iterate through |response|'s headers and add them to |http_headers|.
   [response.allHeaderFields
-      enumerateKeysAndObjectsUsingBlock:^(NSString* header_name,
+      enumerateKeysAndObjectsUsingBlock:^(NSString* name,
                                           NSString* value, BOOL*) {
-        NSString* header_line =
-            [NSString stringWithFormat:kHeaderLineFormat, header_name, value];
-        http_headers->AddHeader(base::SysNSStringToUTF8(header_line));
+        std::string header_name = base::SysNSStringToUTF8(name);
+        std::string header_value = base::SysNSStringToUTF8(value);
+        if (HttpUtil::IsValidHeaderName(header_name) &&
+            HttpUtil::IsValidHeaderValue(header_value)) {
+          std::string header_line =
+              base::StringPrintf(kHeaderLineFormat, header_name.c_str(),
+                                 header_value.c_str());
+          http_headers->AddHeader(header_line);
+        }
       }];
   return http_headers;
 }
-- 
cgit v1.1