Merge pull request #791 from g4jc/session_supercookie

Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins

10 files changed, 33 insertions, 33 deletions

diff --git a/devtools/client/netmonitor/filter-predicates.js b/devtools/client/netmonitor/filter-predicates.js
index 9c8e49c62..75ee422aa 100644
--- a/devtools/client/netmonitor/filter-predicates.js
+++ b/devtools/client/netmonitor/filter-predicates.js
@@ -72,7 +72,7 @@ function isWS({ requestHeaders, responseHeaders }) {
 
   // Find the 'upgrade' header.
   let upgradeHeader = requestHeaders.headers.find(header => {
-    return (header.name == "Upgrade");
+    return (header.name.toLowerCase() == "upgrade");
   });
 
   // If no header found on request, check response - mainly to get
@@ -81,7 +81,7 @@ function isWS({ requestHeaders, responseHeaders }) {
   if (!upgradeHeader && responseHeaders &&
       Array.isArray(responseHeaders.headers)) {
     upgradeHeader = responseHeaders.headers.find(header => {
-      return (header.name == "Upgrade");
+      return (header.name.toLowerCase() == "upgrade");
     });
   }
 
diff --git a/devtools/client/netmonitor/test/browser_net_copy_headers.js b/devtools/client/netmonitor/test/browser_net_copy_headers.js
index 36ce2fb34..bb582c8e1 100644
--- a/devtools/client/netmonitor/test/browser_net_copy_headers.js
+++ b/devtools/client/netmonitor/test/browser_net_copy_headers.js
@@ -49,12 +49,12 @@ add_task(function* () {
 
   const EXPECTED_RESPONSE_HEADERS = [
     `${httpVersion} ${status} ${statusText}`,
-    "Last-Modified: Sun, 3 May 2015 11:11:11 GMT",
-    "Content-Type: text/html",
-    "Content-Length: 465",
-    "Connection: close",
-    "Server: httpd.js",
-    "Date: Sun, 3 May 2015 11:11:11 GMT"
+    "last-modified: Sun, 3 May 2015 11:11:11 GMT",
+    "content-type: text/html",
+    "content-length: 465",
+    "connection: close",
+    "server: httpd.js",
+    "date: Sun, 3 May 2015 11:11:11 GMT"
   ].join("\n");
 
   yield waitForClipboardPromise(function setup() {
@@ -62,8 +62,8 @@ add_task(function* () {
   }, function validate(result) {
     // Fake the "Last-Modified" and "Date" headers because they will vary:
     result = String(result)
-      .replace(/Last-Modified: [^\n]+ GMT/, "Last-Modified: Sun, 3 May 2015 11:11:11 GMT")
-      .replace(/Date: [^\n]+ GMT/, "Date: Sun, 3 May 2015 11:11:11 GMT");
+      .replace(/last-modified: [^\n]+ GMT/, "last-modified: Sun, 3 May 2015 11:11:11 GMT")
+      .replace(/date: [^\n]+ GMT/, "date: Sun, 3 May 2015 11:11:11 GMT");
     return result === EXPECTED_RESPONSE_HEADERS;
   });
   info("Clipboard contains the currently selected item's response headers.");
diff --git a/devtools/client/netmonitor/test/browser_net_timing-division.js b/devtools/client/netmonitor/test/browser_net_timing-division.js
index 0114ba235..ff2379dc2 100644
--- a/devtools/client/netmonitor/test/browser_net_timing-division.js
+++ b/devtools/client/netmonitor/test/browser_net_timing-division.js
@@ -48,9 +48,9 @@ add_task(function* () {
   let lastRequest = RequestsMenu.getItemAtIndex(1);
 
   info("First request happened at: " +
-    firstRequest.attachment.responseHeaders.headers.find(e => e.name == "Date").value);
+    firstRequest.attachment.responseHeaders.headers.find(e => e.name == "date").value);
   info("Last request happened at: " +
-    lastRequest.attachment.responseHeaders.headers.find(e => e.name == "Date").value);
+    lastRequest.attachment.responseHeaders.headers.find(e => e.name == "date").value);
 
   ok(secDivs.length,
     "There should be at least one division on the seconds time scale.");
diff --git a/devtools/client/shared/AppCacheUtils.jsm b/devtools/client/shared/AppCacheUtils.jsm
index a2beca993..9fd4d0541 100644
--- a/devtools/client/shared/AppCacheUtils.jsm
+++ b/devtools/client/shared/AppCacheUtils.jsm
@@ -86,7 +86,7 @@ AppCacheUtils.prototype = {
   _parseManifest: function ACU__parseManifest(uriInfo) {
     let deferred = defer();
     let manifestName = uriInfo.name;
-    let manifestLastModified = new Date(uriInfo.responseHeaders["Last-Modified"]);
+    let manifestLastModified = new Date(uriInfo.responseHeaders["last-modified"]);
 
     if (uriInfo.charset.toLowerCase() != "utf-8") {
       this._addError(0, "notUTF8", uriInfo.charset);
@@ -158,7 +158,7 @@ AppCacheUtils.prototype = {
           // Check that the resource was not modified after the manifest was last
           // modified. If it was then the manifest file should be refreshed.
           let resourceLastModified =
-            new Date(uriInfo.responseHeaders["Last-Modified"]);
+            new Date(uriInfo.responseHeaders["last-modified"]);
 
           if (manifestLastModified < resourceLastModified) {
             this._addError(parsedUri.line, "fileChangedButNotManifest",
@@ -230,12 +230,12 @@ AppCacheUtils.prototype = {
 
           result.requestHeaders = {};
           request.visitRequestHeaders(function (header, value) {
-            result.requestHeaders[header] = value;
+            result.responseHeaders[header.toLowerCase()] = value;
           });
 
           result.responseHeaders = {};
           request.visitResponseHeaders(function (header, value) {
-            result.responseHeaders[header] = value;
+            result.responseHeaders[header.toLowerCase()] = value;
           });
 
           deferred.resolve(result);
diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js
index 420fe6aa5..6d33ad971 100644
--- a/devtools/client/shared/curl.js
+++ b/devtools/client/shared/curl.js
@@ -81,14 +81,14 @@ const Curl = {
       postDataText = data.postDataText;
       postData.push("--data");
       postData.push(escapeString(utils.writePostDataTextParams(postDataText)));
-      ignoredHeaders.add("Content-Length");
+      ignoredHeaders.add("content-length");
     } else if (multipartRequest) {
       postDataText = data.postDataText;
       postData.push("--data-binary");
       let boundary = utils.getMultipartBoundary(data);
       let text = utils.removeBinaryDataFromMultipartText(postDataText, boundary);
       postData.push(escapeString(text));
-      ignoredHeaders.add("Content-Length");
+      ignoredHeaders.add("content-length");
     }
 
     // Add method.
@@ -125,11 +125,11 @@ const Curl = {
     }
     for (let i = 0; i < headers.length; i++) {
       let header = headers[i];
-      if (header.name === "Accept-Encoding") {
+      if (header.name.toLowerCase() === "accept-encoding") {
         command.push("--compressed");
         continue;
       }
-      if (ignoredHeaders.has(header.name)) {
+      if (ignoredHeaders.has(header.name.toLowerCase())) {
         continue;
       }
       command.push("-H");
diff --git a/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js b/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js
index 4a47074ee..14cde846c 100644
--- a/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js
+++ b/devtools/client/webconsole/net/test/mochitest/browser_net_headers.js
@@ -26,11 +26,11 @@ add_task(function* () {
   // Select "Headers" tab
   let tabBody = yield selectNetInfoTab(hud, netInfoBody, "headers");
   let paramName = tabBody.querySelector(
-    ".netInfoParamName > span[title='Content-Type']");
+    ".netInfoParamName > span[title='content-type']");
 
   // Verify "Content-Type" header (name and value)
   ok(paramName, "Header name must exist");
-  is(paramName.textContent, "Content-Type",
+  is(paramName.textContent, "content-type",
     "The header name must have proper value");
 
   let paramValue = paramName.parentNode.nextSibling;
diff --git a/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js b/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js
index 509749953..da4bdcf12 100644
--- a/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js
+++ b/devtools/client/webconsole/test/browser_webconsole_bug_630733_response_redirect_headers.js
@@ -87,7 +87,7 @@ function getContent() {
 function performTest() {
   function readHeader(name) {
     for (let header of headers) {
-      if (header.name == name) {
+      if (header.name.toLowerCase() == name.toLowerCase()) {
         return header.value;
       }
     }
diff --git a/devtools/shared/webconsole/test/test_network_get.html b/devtools/shared/webconsole/test/test_network_get.html
index 710c9b0d7..c2313be12 100644
--- a/devtools/shared/webconsole/test/test_network_get.html
+++ b/devtools/shared/webconsole/test/test_network_get.html
@@ -196,13 +196,13 @@ function onResponseHeaders(aState, aResponse)
   ok(!!aResponse.rawHeaders, "response rawHeaders available");
 
   checkHeadersOrCookies(aResponse.headers, {
-    "Content-Type": /^application\/(json|octet-stream)$/,
-    "Content-Length": /^\d+$/,
+    "content-type": /^application\/(json|octet-stream)$/,
+    "content-length": /^\d+$/,
   });
 
   checkRawHeaders(aResponse.rawHeaders, {
-    "Content-Type": /^application\/(json|octet-stream)$/,
-    "Content-Length": /^\d+$/,
+    "content-type": /^application\/(json|octet-stream)$/,
+    "content-length": /^\d+$/,
   });
 
   onResponseCookies = onResponseCookies.bind(null, aState);
diff --git a/devtools/shared/webconsole/test/test_network_longstring.html b/devtools/shared/webconsole/test/test_network_longstring.html
index d55136896..9e6ea7771 100644
--- a/devtools/shared/webconsole/test/test_network_longstring.html
+++ b/devtools/shared/webconsole/test/test_network_longstring.html
@@ -212,8 +212,8 @@ function onResponseHeaders(aState, aResponse)
   ok(aResponse.headersSize > 0, "response headersSize > 0");
 
   checkHeadersOrCookies(aResponse.headers, {
-    "Content-Type": /^application\/(json|octet-stream)$/,
-    "Content-Length": /^\d+$/,
+    "content-type": /^application\/(json|octet-stream)$/,
+    "content-length": /^\d+$/,
     "x-very-short": "hello world",
     "x-very-long": {
       "type": "longString",
diff --git a/devtools/shared/webconsole/test/test_network_post.html b/devtools/shared/webconsole/test/test_network_post.html
index d96b9b0b7..a0b8edb64 100644
--- a/devtools/shared/webconsole/test/test_network_post.html
+++ b/devtools/shared/webconsole/test/test_network_post.html
@@ -204,13 +204,13 @@ function onResponseHeaders(aState, aResponse)
   ok(!!aResponse.rawHeaders, "response rawHeaders available");
 
   checkHeadersOrCookies(aResponse.headers, {
-    "Content-Type": /^application\/(json|octet-stream)$/,
-    "Content-Length": /^\d+$/,
+    "content-type": /^application\/(json|octet-stream)$/,
+    "content-length": /^\d+$/,
   });
 
   checkRawHeaders(aResponse.rawHeaders, {
-    "Content-Type": /^application\/(json|octet-stream)$/,
-    "Content-Length": /^\d+$/,
+    "content-type": /^application\/(json|octet-stream)$/,
+    "content-length": /^\d+$/,
   });
 
   onResponseCookies = onResponseCookies.bind(null, aState);