зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1453318 - Disallow responses when a response header value contains 0x00; r=kershaw,sunil,necko-reviewers
Differential Revision: https://phabricator.services.mozilla.com/D185160
This commit is contained in:
Родитель
c3d6f0e8dc
Коммит
f46b175360
|
@ -126,6 +126,7 @@ DOM4_MSG_DEF(NotSupportedError, "The media resource indicated by the src attribu
|
|||
|
||||
DOM4_MSG_DEF(SyntaxError, "The URI is malformed.", NS_ERROR_DOM_MALFORMED_URI)
|
||||
DOM4_MSG_DEF(SyntaxError, "Invalid header name.", NS_ERROR_DOM_INVALID_HEADER_NAME)
|
||||
DOM4_MSG_DEF(SyntaxError, "Invalid header value.", NS_ERROR_DOM_INVALID_HEADER_VALUE)
|
||||
|
||||
/* XMLHttpRequest errors. */
|
||||
DOM4_MSG_DEF(InvalidStateError, "XMLHttpRequest has an invalid context.", NS_ERROR_DOM_INVALID_STATE_XHR_HAS_INVALID_CONTEXT)
|
||||
|
|
|
@ -12643,6 +12643,12 @@
|
|||
value: 5
|
||||
mirror: always
|
||||
|
||||
# If true, requests will be canceled if any of the response headers values has a NUL character
|
||||
- name: network.http.reject_NULs_in_response_header_values
|
||||
type: RelaxedAtomicBool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# If true, remove the resumption token when 0RTT failed.
|
||||
- name: network.http.remove_resumption_token_when_early_data_failed
|
||||
type: RelaxedAtomicBool
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
// HttpLog.h should generally be included first
|
||||
#include "HttpLog.h"
|
||||
|
||||
#include "mozilla/StaticPrefs_network.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#include "nsHttpResponseHead.h"
|
||||
#include "nsIHttpHeaderVisitor.h"
|
||||
|
@ -594,6 +595,14 @@ nsresult nsHttpResponseHead::ParseHeaderLine_locked(
|
|||
line, &hdr, &headerNameOriginal, &val))) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// reject the header if there are 0x00 bytes in the value.
|
||||
// (see https://github.com/httpwg/http-core/issues/215 for details).
|
||||
if (StaticPrefs::network_http_reject_NULs_in_response_header_values() &&
|
||||
val.FindChar('\0') >= 0) {
|
||||
return NS_ERROR_DOM_INVALID_HEADER_VALUE;
|
||||
}
|
||||
|
||||
nsresult rv;
|
||||
if (originalFromNetHeaders) {
|
||||
rv = mHeaders.SetHeaderFromNet(hdr, headerNameOriginal, val, true);
|
||||
|
|
|
@ -14,33 +14,6 @@
|
|||
[Cookie with %x7f in name is rejected (DOM).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x0 in name is rejected or modified (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x1 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x2 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x3 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x4 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x5 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x6 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x7 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x8 in name is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x9 in name is accepted (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -210,13 +210,25 @@
|
|||
expected: FAIL
|
||||
|
||||
[Set a nameless cookie (that has an = in its value)]
|
||||
expected: FAIL
|
||||
expected:
|
||||
if (os == "mac") and not debug: FAIL
|
||||
if os == "android": FAIL
|
||||
[FAIL, PASS]
|
||||
|
||||
[Set a nameless cookie (that has multiple ='s in its value)]
|
||||
expected: FAIL
|
||||
expected:
|
||||
if (os == "mac") and not debug: FAIL
|
||||
if os == "android": FAIL
|
||||
[FAIL, PASS]
|
||||
|
||||
[Set a nameless cookie]
|
||||
expected: FAIL
|
||||
expected:
|
||||
if (os == "mac") and not debug: FAIL
|
||||
if os == "android": FAIL
|
||||
[FAIL, PASS]
|
||||
|
||||
[Set valueless cookie to its name with empty value]
|
||||
expected: FAIL
|
||||
expected:
|
||||
if (os == "mac") and not debug: FAIL
|
||||
if os == "android": FAIL
|
||||
[FAIL, PASS]
|
||||
|
|
|
@ -8,36 +8,6 @@
|
|||
[Cookie with %xd in value is rejected (DOM).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x0 in name is rejected or modified (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x1 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x2 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x3 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x4 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x5 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x6 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x7 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x8 in value is rejected (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %x9 in value is accepted (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
[Cookie with %xa in name is rejected or modified (HTTP).]
|
||||
expected: FAIL
|
||||
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
[header-value-null-byte.any.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Ensure fetch() rejects null bytes in headers]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[header-value-null-byte.any.worker.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Ensure fetch() rejects null bytes in headers]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[header-value-null-byte.any.serviceworker.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Ensure fetch() rejects null bytes in headers]
|
||||
expected: FAIL
|
||||
|
||||
|
||||
[header-value-null-byte.any.sharedworker.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [TIMEOUT, OK]
|
||||
[Ensure fetch() rejects null bytes in headers]
|
||||
expected: FAIL
|
|
@ -1,11 +1,5 @@
|
|||
[resources-with-0x00-in-header.window.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Expect network error for image with 0x00 in a header]
|
||||
expected: FAIL
|
||||
|
||||
[Expect network error for frame navigation to resource with 0x00 in a header]
|
||||
expected: FAIL
|
||||
|
||||
[Expect network error for script with 0x00 in a header]
|
||||
expected: FAIL
|
||||
|
|
|
@ -1,14 +1,3 @@
|
|||
[headers-normalize-response.htm]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[Header value: hello\\0world]
|
||||
expected: FAIL
|
||||
|
||||
[Header value: \\0hello world]
|
||||
expected: FAIL
|
||||
|
||||
[Header value: \\0]
|
||||
expected: FAIL
|
||||
|
||||
[Header value: hello world\\0]
|
||||
expected: FAIL
|
||||
|
|
|
@ -752,6 +752,8 @@ with modules["DOM"]:
|
|||
# https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
|
||||
errors["NS_ERROR_DOM_COOP_FAILED"] = FAILURE(1041)
|
||||
|
||||
errors["NS_ERROR_DOM_INVALID_HEADER_VALUE"] = FAILURE(1042)
|
||||
|
||||
# May be used to indicate when e.g. setting a property value didn't
|
||||
# actually change the value, like for obj.foo = "bar"; obj.foo = "bar";
|
||||
# the second assignment throws NS_SUCCESS_DOM_NO_OPERATION.
|
||||
|
|
Загрузка…
Ссылка в новой задаче