From 5802d3b4a61adcdb294a55fe8e3ce9f37031e777 Mon Sep 17 00:00:00 2001 From: "darin%meer.net" Date: Wed, 27 Jul 2005 18:13:11 +0000 Subject: [PATCH] landing another tweak to patch for bug 297078 "really check for null byte in header values" r+sr=bzbarsky a=sparky --- netwerk/protocol/http/src/nsHttpChannel.cpp | 5 +++-- netwerk/test/unit/test_http_headers.js | 9 +++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/netwerk/protocol/http/src/nsHttpChannel.cpp b/netwerk/protocol/http/src/nsHttpChannel.cpp index 144352aaa6fc..320aea961d2e 100644 --- a/netwerk/protocol/http/src/nsHttpChannel.cpp +++ b/netwerk/protocol/http/src/nsHttpChannel.cpp @@ -3547,8 +3547,9 @@ nsHttpChannel::SetRequestHeader(const nsACString &header, // permits CTL characters, including CR and LF, in header values provided // they are quoted. However, this can lead to problems if servers do not // interpret quoted strings properly. Disallowing CR and LF here seems - // reasonable and keeps things simple. - if (flatValue.FindCharInSet("\r\n\0") != kNotFound) + // reasonable and keeps things simple. We also disallow a null byte. + if (flatValue.FindCharInSet("\r\n") != kNotFound || + flatValue.Length() != strlen(flatValue.get())) return NS_ERROR_INVALID_ARG; nsHttpAtom atom = nsHttp::ResolveAtom(flatHeader.get()); diff --git a/netwerk/test/unit/test_http_headers.js b/netwerk/test/unit/test_http_headers.js index 54e5644749e1..94ee51e9bece 100644 --- a/netwerk/test/unit/test_http_headers.js +++ b/netwerk/test/unit/test_http_headers.js @@ -49,4 +49,13 @@ function run_test() { } if (!x) do_throw("header name with non-ASCII not rejected"); + + x = false; + try { + chan.setRequestHeader("foopy", "b\u0000az", false); + } catch (e) { + x = true; + } + if (!x) + do_throw("header value with null-byte not rejected"); }