landing another tweak to patch for bug 297078 "really check for null byte in header values" r+sr=bzbarsky a=sparky

2025-01-24 13:52:37 +00:00 · 2005-07-27 18:13:11 +00:00 · 2005-07-27 18:13:11 +00:00 · 5802d3b4a6
commit 5802d3b4a6
parent e521d8605b
2 changed files with 12 additions and 2 deletions
--- a/netwerk/protocol/http/src/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/src/nsHttpChannel.cpp
@ -3547,8 +3547,9 @@ nsHttpChannel::SetRequestHeader(const nsACString &header,
    // permits CTL characters, including CR and LF, in header values provided
    // they are quoted.  However, this can lead to problems if servers do not
    // interpret quoted strings properly.  Disallowing CR and LF here seems
-    // reasonable and keeps things simple.
-    if (flatValue.FindCharInSet("\r\n\0") != kNotFound)
+    // reasonable and keeps things simple.  We also disallow a null byte.
+    if (flatValue.FindCharInSet("\r\n") != kNotFound ||
+        flatValue.Length() != strlen(flatValue.get()))
        return NS_ERROR_INVALID_ARG;

    nsHttpAtom atom = nsHttp::ResolveAtom(flatHeader.get());
--- a/netwerk/test/unit/test_http_headers.js
+++ b/netwerk/test/unit/test_http_headers.js
@ -49,4 +49,13 @@ function run_test() {
  }
  if (!x)
    do_throw("header name with non-ASCII not rejected");
+
+  x = false;
+  try {
+    chan.setRequestHeader("foopy", "b\u0000az", false);
+  } catch (e) {
+    x = true;
+  }
+  if (!x)
+    do_throw("header value with null-byte not rejected");
 }