Merge pull request #791 from g4jc/session_supercookie

Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
author: Moonchild <mcwerewolf@gmail.com> 2018-09-27 00:59:51 +0200
committer: GitHub <noreply@github.com> 2018-09-27 00:59:51 +0200
commit: b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2 (patch)
tree: 61462bdb3c34813d3cbd32c87628854a48392cea /netwerk/protocol/http/nsHttpRequestHead.cpp
parent: 63875408947b0e5551f41e4de1e0ca44dd970c36 (diff)
parent: c5c9445e3adf6b65c98f6810551d7c3d64133134 (diff)
download: UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar
UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.gz
UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.lz
UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.xz
UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.zip
1 files changed, 21 insertions, 2 deletions
diff --git a/netwerk/protocol/http/nsHttpRequestHead.cpp b/netwerk/protocol/http/nsHttpRequestHead.cpp
index 094a79457..b366a8d54 100644
--- a/netwerk/protocol/http/nsHttpRequestHead.cpp
+++ b/netwerk/protocol/http/nsHttpRequestHead.cpp
@@ -131,6 +131,20 @@ nsHttpRequestHead::Origin(nsACString &aOrigin)
 }
 
 nsresult
+nsHttpRequestHead::SetHeader(const nsACString &h, const nsACString &v,
+                             bool m /*= false*/)
+{
+    ReentrantMonitorAutoEnter mon(mReentrantMonitor);
+
+    if (mInVisitHeaders) {
+        return NS_ERROR_FAILURE;
+    }
+
+    return mHeaders.SetHeader(h, v, m,
+                              nsHttpHeaderArray::eVarietyRequestOverride);
+}
+
+nsresult
 nsHttpRequestHead::SetHeader(nsHttpAtom h, const nsACString &v,
                              bool m /*= false*/)
 {
@@ -158,7 +172,7 @@ nsHttpRequestHead::SetHeader(nsHttpAtom h, const nsACString &v, bool m,
 }
 
 nsresult
-nsHttpRequestHead::SetEmptyHeader(nsHttpAtom h)
+nsHttpRequestHead::SetEmptyHeader(const nsACString &h)
 {
     ReentrantMonitorAutoEnter mon(mReentrantMonitor);
 
@@ -253,6 +267,7 @@ nsHttpRequestHead::ParseHeaderSet(const char *buffer)
 {
     ReentrantMonitorAutoEnter mon(mReentrantMonitor);
     nsHttpAtom hdr;
+    nsAutoCString headerNameOriginal;
     nsAutoCString val;
     while (buffer) {
         const char *eof = strchr(buffer, '\r');
@@ -262,9 +277,13 @@ nsHttpRequestHead::ParseHeaderSet(const char *buffer)
         if (NS_SUCCEEDED(nsHttpHeaderArray::ParseHeaderLine(
             nsDependentCSubstring(buffer, eof - buffer),
             &hdr,
+            &headerNameOriginal,
             &val))) {
 
-            mHeaders.SetHeaderFromNet(hdr, val, false);
+            mHeaders.SetHeaderFromNet(hdr,
+                                      headerNameOriginal,
+                                      val,
+                                      false);
         }
         buffer = eof + 1;
         if (*buffer == '\n') {
author	Moonchild <mcwerewolf@gmail.com>	2018-09-27 00:59:51 +0200
committer	GitHub <noreply@github.com>	2018-09-27 00:59:51 +0200
commit	b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2 (patch)
tree	61462bdb3c34813d3cbd32c87628854a48392cea /netwerk/protocol/http/nsHttpRequestHead.cpp
parent	63875408947b0e5551f41e4de1e0ca44dd970c36 (diff)
parent	c5c9445e3adf6b65c98f6810551d7c3d64133134 (diff)
download	UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.gz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.lz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.xz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.zip