diff -r 000000000000 -r 6474c204b198 netwerk/protocol/http/nsHttpHeaderArray.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/netwerk/protocol/http/nsHttpHeaderArray.cpp Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,220 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* vim:set ts=4 sw=4 sts=4 ci et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// HttpLog.h should generally be included first +#include "HttpLog.h" + +#include "nsHttpHeaderArray.h" +#include "nsURLHelper.h" +#include "nsIHttpHeaderVisitor.h" + +namespace mozilla { +namespace net { + +//----------------------------------------------------------------------------- +// nsHttpHeaderArray +//----------------------------------------------------------------------------- +nsresult +nsHttpHeaderArray::SetHeader(nsHttpAtom header, + const nsACString &value, + bool merge) +{ + nsEntry *entry = nullptr; + int32_t index; + + index = LookupEntry(header, &entry); + + // If an empty value is passed in, then delete the header entry... + // unless we are merging, in which case this function becomes a NOP. + if (value.IsEmpty()) { + if (!merge && entry) + mHeaders.RemoveElementAt(index); + return NS_OK; + } + + if (!entry) { + entry = mHeaders.AppendElement(); // new nsEntry() + if (!entry) + return NS_ERROR_OUT_OF_MEMORY; + entry->header = header; + entry->value = value; + } else if (merge && !IsSingletonHeader(header)) { + MergeHeader(header, entry, value); + } else { + // Replace the existing string with the new value + entry->value = value; + } + + return NS_OK; +} + +nsresult +nsHttpHeaderArray::SetHeaderFromNet(nsHttpAtom header, const nsACString &value) +{ + nsEntry *entry = nullptr; + + LookupEntry(header, &entry); + + if (!entry) { + if (value.IsEmpty()) { + if (!TrackEmptyHeader(header)) { + LOG(("Ignoring Empty Header: %s\n", header.get())); + return NS_OK; // ignore empty headers by default + } + } + entry = mHeaders.AppendElement(); //new nsEntry(header, value); + if (!entry) + return NS_ERROR_OUT_OF_MEMORY; + entry->header = header; + entry->value = value; + } else if (!IsSingletonHeader(header)) { + MergeHeader(header, entry, value); + } else { + // Multiple instances of non-mergeable header received from network + // - ignore if same value + if (!entry->value.Equals(value)) { + if (IsSuspectDuplicateHeader(header)) { + // reply may be corrupt/hacked (ex: CLRF injection attacks) + return NS_ERROR_CORRUPTED_CONTENT; + } // else silently drop value: keep value from 1st header seen + LOG(("Header %s silently dropped as non mergeable header\n", + header.get())); + } + } + + return NS_OK; +} + +void +nsHttpHeaderArray::ClearHeader(nsHttpAtom header) +{ + mHeaders.RemoveElement(header, nsEntry::MatchHeader()); +} + +const char * +nsHttpHeaderArray::PeekHeader(nsHttpAtom header) const +{ + const nsEntry *entry = nullptr; + LookupEntry(header, &entry); + return entry ? entry->value.get() : nullptr; +} + +nsresult +nsHttpHeaderArray::GetHeader(nsHttpAtom header, nsACString &result) const +{ + const nsEntry *entry = nullptr; + LookupEntry(header, &entry); + if (!entry) + return NS_ERROR_NOT_AVAILABLE; + result = entry->value; + return NS_OK; +} + +nsresult +nsHttpHeaderArray::VisitHeaders(nsIHttpHeaderVisitor *visitor) +{ + NS_ENSURE_ARG_POINTER(visitor); + uint32_t i, count = mHeaders.Length(); + for (i = 0; i < count; ++i) { + const nsEntry &entry = mHeaders[i]; + if (NS_FAILED(visitor->VisitHeader(nsDependentCString(entry.header), + entry.value))) + break; + } + return NS_OK; +} + +nsresult +nsHttpHeaderArray::ParseHeaderLine(const char *line, + nsHttpAtom *hdr, + char **val) +{ + // + // BNF from section 4.2 of RFC 2616: + // + // message-header = field-name ":" [ field-value ] + // field-name = token + // field-value = *( field-content | LWS ) + // field-content = + // + + // We skip over mal-formed headers in the hope that we'll still be able to + // do something useful with the response. + + char *p = (char *) strchr(line, ':'); + if (!p) { + LOG(("malformed header [%s]: no colon\n", line)); + return NS_OK; + } + + // make sure we have a valid token for the field-name + if (!nsHttp::IsValidToken(line, p)) { + LOG(("malformed header [%s]: field-name not a token\n", line)); + return NS_OK; + } + + *p = 0; // null terminate field-name + + nsHttpAtom atom = nsHttp::ResolveAtom(line); + if (!atom) { + LOG(("failed to resolve atom [%s]\n", line)); + return NS_OK; + } + + // skip over whitespace + p = net_FindCharNotInSet(++p, HTTP_LWS); + + // trim trailing whitespace - bug 86608 + char *p2 = net_RFindCharNotInSet(p, HTTP_LWS); + + *++p2 = 0; // null terminate header value; if all chars starting at |p| + // consisted of LWS, then p2 would have pointed at |p-1|, so + // the prefix increment is always valid. + + // assign return values + if (hdr) *hdr = atom; + if (val) *val = p; + + // assign response header + return SetHeaderFromNet(atom, nsDependentCString(p, p2 - p)); +} + +void +nsHttpHeaderArray::Flatten(nsACString &buf, bool pruneProxyHeaders) +{ + uint32_t i, count = mHeaders.Length(); + for (i = 0; i < count; ++i) { + const nsEntry &entry = mHeaders[i]; + // prune proxy headers if requested + if (pruneProxyHeaders && ((entry.header == nsHttp::Proxy_Authorization) || + (entry.header == nsHttp::Proxy_Connection))) + continue; + buf.Append(entry.header); + buf.AppendLiteral(": "); + buf.Append(entry.value); + buf.AppendLiteral("\r\n"); + } +} + +const char * +nsHttpHeaderArray::PeekHeaderAt(uint32_t index, nsHttpAtom &header) const +{ + const nsEntry &entry = mHeaders[index]; + + header = entry.header; + return entry.value.get(); +} + +void +nsHttpHeaderArray::Clear() +{ + mHeaders.Clear(); +} + +} // namespace mozilla::net +} // namespace mozilla