Tighten XMLHttpRequest setRequestHeader value check
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 01:50:41 +0000 (01:50 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 01:50:41 +0000 (01:50 +0000)
https://bugs.webkit.org/show_bug.cgi?id=128593

Patch by Youenn Fablet <youenn.fablet@crf.canon.fr> on 2014-10-20
Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/xmlhttprequest/set-bad-headervalue.html

* platform/network/HTTPParsers.cpp:
(WebCore::isValidHTTPHeaderValue): Updated header values check according RFC 7230.
(WebCore::isValidHTTPToken): Renamed variable name and updated RFC related comment.

LayoutTests:

Added a test originating from w3c-test.org to test header values checking.
Testing headers with non ASCII characters and various control characters.

* http/tests/xmlhttprequest/set-bad-headervalue-expected.txt: Added.
* http/tests/xmlhttprequest/set-bad-headervalue.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@174920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/network/HTTPParsers.cpp

index 6cc539d..1a8252a 100644 (file)
@@ -1,3 +1,16 @@
+2014-10-20  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        Tighten XMLHttpRequest setRequestHeader value check
+        https://bugs.webkit.org/show_bug.cgi?id=128593
+
+        Reviewed by Darin Adler.
+
+        Added a test originating from w3c-test.org to test header values checking.
+        Testing headers with non ASCII characters and various control characters. 
+
+        * http/tests/xmlhttprequest/set-bad-headervalue-expected.txt: Added.
+        * http/tests/xmlhttprequest/set-bad-headervalue.html: Added.
+
 2014-10-20  Brent Fulgham  <bfulgham@apple.com>
 
         [Win] Mark a few tests as no-longer failing.
diff --git a/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt b/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue-expected.txt
new file mode 100644 (file)
index 0000000..eb8ea6a
--- /dev/null
@@ -0,0 +1,14 @@
+
+PASS XMLHttpRequest: setRequestHeader() value argument checks 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 1 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 2 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 3 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 4 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 5 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 6 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 7 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 8 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 9 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 10 
+PASS XMLHttpRequest: setRequestHeader() value argument checks 11 
+
diff --git a/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html b/LayoutTests/http/tests/xmlhttprequest/set-bad-headervalue.html
new file mode 100644 (file)
index 0000000..f39a758
--- /dev/null
@@ -0,0 +1,42 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>XMLHttpRequest: setRequestHeader() value argument checks</title>
+    <script src="/js-test-resources/testharness.js"></script>
+    <script src="/js-test-resources/testharnessreport.js"></script>
+    <!-- Test based on http://w3c-test.org/web-platform-tests/master/XMLHttpRequest/setrequestheader-bogus-value.htm This test should be removed once wpt XMLHttpRequest is imported if both tests are in sync -->
+  </head>
+  <body>
+    <div id="log"></div>
+    <script>
+      function try_value(value, expectError) {
+        test(function() {
+          var client = new XMLHttpRequest()
+          client.open("GET", "...")
+          if (expectError)
+              assert_throws("SyntaxError", function() { client.setRequestHeader("x-test", value) }, ' given value ' + value+', ')
+          else
+              client.setRequestHeader("x-test", value)  
+          })
+      }
+
+      try_value("t\rt", true)
+      try_value("t\nt", true)
+      try_value("テスト", true)
+      try_value("t\bt", true)
+      try_value("t\vt", true)
+      try_value("t\tt", false)
+      try_value("t t", false)
+      try_value(" t", true)
+      try_value("t ", true)
+      try_value("\xd0\xa1", false)
+      try_value("\x7f", true)
+      test(function() {
+        var client = new XMLHttpRequest()
+        client.open("GET", "...")
+        assert_throws({name:'TypeError'}, function() { client.setRequestHeader("x-test") })
+      })
+    </script>
+  </body>
+</html>
index 329ec51..c60d5bf 100644 (file)
@@ -1,3 +1,16 @@
+2014-10-20  Youenn Fablet  <youenn.fablet@crf.canon.fr>
+
+        Tighten XMLHttpRequest setRequestHeader value check
+        https://bugs.webkit.org/show_bug.cgi?id=128593
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/xmlhttprequest/set-bad-headervalue.html
+
+        * platform/network/HTTPParsers.cpp:
+        (WebCore::isValidHTTPHeaderValue): Updated header values check according RFC 7230.
+        (WebCore::isValidHTTPToken): Renamed variable name and updated RFC related comment.
+
 2014-10-20  Michael Saboff  <msaboff@apple.com>
 
         Make post checkin suggested changes to r174847
index 6d1aab2..dd768b3 100644 (file)
@@ -102,21 +102,30 @@ static inline bool skipValue(const String& str, unsigned& pos)
     return pos != start;
 }
 
-bool isValidHTTPHeaderValue(const String& name)
+// See RFC 7230, Section 3.2.3.
+bool isValidHTTPHeaderValue(const String& value)
 {
-    // FIXME: This should really match name against
-    // field-value in section 4.2 of RFC 2616.
-
-    return !name.contains('\r') && !name.contains('\n');
+    UChar c = value[0];
+    if (c == ' ' || c == '\t')
+        return false;
+    c = value[value.length() - 1];
+    if (c == ' ' || c == '\t')
+        return false;
+    for (unsigned i = 0; i < value.length(); ++i) {
+        c = value[i];
+        if (c == 0x7F || c > 0xFF || (c < 0x20 && c != '\t'))
+            return false;
+    }
+    return true;
 }
 
-// See RFC 2616, Section 2.2.
-bool isValidHTTPToken(const String& characters)
+// See RFC 7230, Section 3.2.6.
+bool isValidHTTPToken(const String& value)
 {
-    if (characters.isEmpty())
+    if (value.isEmpty())
         return false;
-    for (unsigned i = 0; i < characters.length(); ++i) {
-        UChar c = characters[i];
+    for (unsigned i = 0; i < value.length(); ++i) {
+        UChar c = value[i];
         if (c <= 0x20 || c >= 0x7F
             || c == '(' || c == ')' || c == '<' || c == '>' || c == '@'
             || c == ',' || c == ';' || c == ':' || c == '\\' || c == '"'