QuicSpdyClientStream::OnInitialHeadersComplete() will accept a :status header that contains a leading plus sign. |
|||||
Issue descriptionIs that correct? It uses base::StringToInt() without checking for a leading plus. I expect a leading plus sign is invalid here.
,
Mar 21 2016
zhongyi, can you take a look at this when you have some time?
,
Mar 21 2016
The following change added this code. Internal change: 108694474 https://codereview.chromium.org/1501493003/ https://codereview.chromium.org/1501493003/diff/1/net/tools/quic/quic_spdy_client_stream.cc
,
Mar 22 2016
Sure. Getting hands on this.
,
Mar 22 2016
Both internal and chromium code takes the leading plus as valid, considering it as the positive number. Will fix the leading plus check in the internal first, then merge it to chromium to fix it here.
,
Mar 22 2016
It's possible that the internal version does not have the same issue. I'm not sure.
,
Mar 22 2016
I had tested the internal code, it accepts the leading plus unfortunately :(
,
Mar 24 2016
The bug is fixed in internal code now. We have added strict checking to only acknowledge 3-digit-integer status in the range of [100, 599]. Once the code is merged to chromium, I will give a update here and mark this bug as fixed.
,
Apr 4 2016
Mark this issue as fixed as internal code has been landed to chromium. FYI, QuicSpdyStream::ParseHeaderStatusCode now will do a strict 3-digit status field checking in header. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by eroman@chromium.org
, Mar 21 2016