[webkit-reviews] review granted: [Bug 201077] [GTK][WPE] webkit_settings_set_user_agent() allows content forbidden in HTTP headers : [Attachment 377718] Patch v3
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 11 01:12:47 PDT 2019
Carlos Garcia Campos <cgarcia at igalia.com> has granted Adrian Perez
<aperez at igalia.com>'s request for review:
Bug 201077: [GTK][WPE] webkit_settings_set_user_agent() allows content
forbidden in HTTP headers
https://bugs.webkit.org/show_bug.cgi?id=201077
Attachment 377718: Patch v3
https://bugs.webkit.org/attachment.cgi?id=377718&action=review
--- Comment #14 from Carlos Garcia Campos <cgarcia at igalia.com> ---
Comment on attachment 377718
--> https://bugs.webkit.org/attachment.cgi?id=377718
Patch v3
View in context: https://bugs.webkit.org/attachment.cgi?id=377718&action=review
LGTM
> Source/WebCore/platform/network/HTTPParsers.cpp:177
> +// See RFC 7230, Section 3.2.6.
> +static inline bool isOctectInFieldContentCharacter(const UChar c)
> +{
> + // obs-text = %x80-FF
> + return (c >= 0x80 && c <= 0xFF);
> +}
> +
> +// See RFC 7230, Section 3.2.6.
> +static bool isCommentTextCharacter(const UChar c)
> +{
> + // ctext = HTAB / SP
> + // / %x21-27 ; '!'-'''
> + // / %x2A-5B ; '*'-'['
> + // / %x5D-7E ; ']'-'~'
> + // / obs-text
> + return (c == '\t' || c == ' '
> + || (c >= 0x21 && c <= 0x27)
> + || (c >= 0x2A && c <= 0x5B)
> + || (c >= 0x5D && c <= 0x7E)
> + || isOctectInFieldContentCharacter(c));
> +}
We have these already in HTTPHeaderField.cpp maybe we can move them to a common
place?
> Source/WebCore/platform/network/HTTPParsers.cpp:246
> +static inline bool skipCharacter(const String& value, unsigned& pos, const
UChar expected)
> +{
> + if (pos < value.length() && value[pos] == expected) {
> + ++pos;
> + return true;
> + }
> + return false;
> +}
Can't this be used by passing a predicate doing the value[pos] == expected
check?
> Source/WebCore/platform/network/HTTPParsers.cpp:275
> +// True is a comment is present, incrementing "pos" to the position after
the comment.
True if
> Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:3048
> + g_return_if_fail(WebCore::isValidUserAgentHeaderValue(userAgentString));
I think we should only validate the given user agent. The standard user agent
is generated by WebKit, it's expected to be valid. We could add an assert in
WebCore::standardUserAgent() before returnig the generated value, though.
More information about the webkit-reviews
mailing list