From 1927bd1bd1f31f7fd8c3cd5925a9c779c43f71d1 Mon Sep 17 00:00:00 2001
From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 2 Dec 2011 10:28:57 -0500
Subject: [PATCH] bug 528288 - require spdy compliant headers to be lower case
 and without chunked encodings r=honzab patch 5

---
 netwerk/protocol/http/SpdySession.cpp | 28 ++++++++++++++++++++++++++-
 netwerk/protocol/http/SpdyStream.cpp  |  2 +-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/netwerk/protocol/http/SpdySession.cpp b/netwerk/protocol/http/SpdySession.cpp
index 1d84e7109761..889b0b152483 100644
--- a/netwerk/protocol/http/SpdySession.cpp
+++ b/netwerk/protocol/http/SpdySession.cpp
@@ -511,11 +511,37 @@ SpdySession::ConvertHeaders(nsDependentCSubstring &status,
     PRUint16 valueLen = (nvpair[2 + nameLen] << 8) + nvpair[3 + nameLen];
     if (lastHeaderByte < nvpair + 4 + nameLen + valueLen)
       return NS_ERROR_ILLEGAL_VALUE;
+    
+    // Look for upper case characters in the name. They are illegal.
+    for (char *cPtr = nameString.BeginWriting();
+         cPtr && cPtr < nameString.EndWriting();
+         ++cPtr) {
+      if (*cPtr <= 'Z' && *cPtr >= 'A') {
+        nsCString toLog(nameString);
+
+        LOG(("SpdySession::ConvertHeaders session=%p stream=%p "
+             "upper case response header found. [%s]\n",
+             this, mFrameDataStream, toLog.get()));
+
+        return NS_ERROR_ILLEGAL_VALUE;
+      }
+    }
+
+    // HTTP Chunked responses are not legal over spdy. We do not need
+    // to look for chunked specifically because it is the only HTTP
+    // allowed default encoding and we did not negotiate further encodings
+    // via TE
+    if (nameString.Equals(NS_LITERAL_CSTRING("transfer-encoding"))) {
+      LOG(("SpdySession::ConvertHeaders session=%p stream=%p "
+           "transfer-encoding found. Chunked is invalid and no TE sent.",
+           this, mFrameDataStream));
+
+      return NS_ERROR_ILLEGAL_VALUE;
+    }
 
     if (!nameString.Equals(NS_LITERAL_CSTRING("version")) &&
         !nameString.Equals(NS_LITERAL_CSTRING("status")) &&
         !nameString.Equals(NS_LITERAL_CSTRING("connection")) &&
-        !nameString.Equals(NS_LITERAL_CSTRING("transfer-encoding")) &&
         !nameString.Equals(NS_LITERAL_CSTRING("keep-alive"))) {
       nsDependentCSubstring valueString =
         Substring (reinterpret_cast<const char *>(nvpair) + 4 + nameLen,
diff --git a/netwerk/protocol/http/SpdyStream.cpp b/netwerk/protocol/http/SpdyStream.cpp
index 403de245ef3a..131f1d9a000e 100644
--- a/netwerk/protocol/http/SpdyStream.cpp
+++ b/netwerk/protocol/http/SpdyStream.cpp
@@ -380,7 +380,7 @@ SpdyStream::ParseHttpRequestHeaders(const char *buf,
         name.Equals("scheme") ||
         name.Equals("keep-alive") ||
         name.Equals("accept-encoding") ||
-        name.Equals("TE") ||
+        name.Equals("te") ||
         name.Equals("connection") ||
         name.Equals("proxy-connection") ||
         name.Equals("url"))