diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:40:47 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:40:47 +0000 |
commit | 46db793222dee55d0b846c6ba99a39e2d969c52a (patch) | |
tree | d95f8ea0fb9c9c4eb9ae55c70faa2bc02a7bcea4 /netwerk | |
parent | Adding upstream version 115.9.1esr. (diff) | |
download | firefox-esr-upstream/115.10.0esr.tar.xz firefox-esr-upstream/115.10.0esr.zip |
Adding upstream version 115.10.0esr.upstream/115.10.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk')
-rw-r--r-- | netwerk/dns/effective_tld_names.dat | 22 | ||||
-rw-r--r-- | netwerk/protocol/http/Http2Session.cpp | 21 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpHandler.cpp | 7 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpHandler.h | 7 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpTransaction.cpp | 2 | ||||
-rw-r--r-- | netwerk/test/unit/http2_test_common.js | 16 | ||||
-rw-r--r-- | netwerk/test/unit/test_http2.js | 9 | ||||
-rw-r--r-- | netwerk/test/unit/test_http2_with_proxy.js | 9 |
8 files changed, 61 insertions, 32 deletions
diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat index c2b813fa68..21df77442b 100644 --- a/netwerk/dns/effective_tld_names.dat +++ b/netwerk/dns/effective_tld_names.dat @@ -6710,7 +6710,7 @@ org.zw // newGTLDs -// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-03-06T15:14:58Z +// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-03-28T15:13:37Z // This list is auto-generated, don't edit it manually. // aaa : American Automobile Association, Inc. // https://www.iana.org/domains/root/db/aaa.html @@ -6988,10 +6988,6 @@ auto // https://www.iana.org/domains/root/db/autos.html autos -// avianca : Avianca Inc. -// https://www.iana.org/domains/root/db/avianca.html -avianca - // aws : AWS Registry LLC // https://www.iana.org/domains/root/db/aws.html aws @@ -13480,6 +13476,10 @@ whitesnow.jp zombie.jp heteml.net +// GoDaddy Registry : https://registry.godaddy +// Submitted by Rohan Durrant <tldns@registry.godaddy> +graphic.design + // GOV.UK Platform as a Service : https://www.cloud.service.gov.uk/ // Submitted by Tom Whitwell <gov-uk-paas-support@digital.cabinet-office.gov.uk> cloudapps.digital @@ -13737,7 +13737,7 @@ biz.at info.at // info.cx : http://info.cx -// Submitted by Jacob Slater <whois@igloo.to> +// Submitted by June Slater <whois@igloo.to> info.cx // Interlegis : http://www.interlegis.leg.br @@ -13786,6 +13786,10 @@ iopsys.se // Submitted by Matthew Hardeman <mhardeman@ipifony.com> ipifony.net +// ir.md : https://nic.ir.md +// Submitted by Ali Soizi <info@nic.ir.md> +ir.md + // IServ GmbH : https://iserv.de // Submitted by Mario Hoberg <info@iserv.de> iservschule.de @@ -14141,7 +14145,7 @@ co.pl // Managed by Corporate Domains // Microsoft Azure : https://home.azure *.azurecontainer.io -*.cloudapp.azure.com +cloudapp.azure.com azure-api.net azureedge.net azurefd.net @@ -14255,6 +14259,10 @@ nh-serv.co.uk // Submitted by Jeff Wheelhouse <support@nearlyfreespeech.net> nfshost.com +// NFT.Storage : https://nft.storage/ +// Submitted by Vasco Santos <vasco.santos@protocol.ai> or <support@nft.storage> +ipfs.nftstorage.link + // Noop : https://noop.app // Submitted by Nathaniel Schweinberg <noop@rearc.io> *.developer.app diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp index d2236ab3ad..3f9757b419 100644 --- a/netwerk/protocol/http/Http2Session.cpp +++ b/netwerk/protocol/http/Http2Session.cpp @@ -1416,6 +1416,13 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) { return self->SessionError(PROTOCOL_ERROR); } + uint32_t frameSize = self->mInputFrameDataSize - paddingControlBytes - + priorityLen - paddingLength; + if (self->mAggregatedHeaderSize + frameSize > + StaticPrefs::network_http_max_response_header_size()) { + LOG(("Http2Session %p header exceeds the limit\n", self)); + return self->SessionError(PROTOCOL_ERROR); + } if (!self->mInputFrameDataStream) { // Cannot find stream. We can continue the session, but we need to // uncompress the header block to maintain the correct compression context @@ -1432,8 +1439,7 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) { self->mDecompressBuffer.Append( &self->mInputFrameBuffer[kFrameHeaderBytes + paddingControlBytes + priorityLen], - self->mInputFrameDataSize - paddingControlBytes - priorityLen - - paddingLength); + frameSize); if (self->mInputFrameFlags & kFlag_END_HEADERS) { rv = self->UncompressAndDiscard(false); @@ -1463,21 +1469,16 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) { self->mDecompressBuffer.Append( &self->mInputFrameBuffer[kFrameHeaderBytes + paddingControlBytes + priorityLen], - self->mInputFrameDataSize - paddingControlBytes - priorityLen - - paddingLength); + frameSize); self->mInputFrameDataStream->UpdateTransportReadEvents( self->mInputFrameDataSize); self->mLastDataReadEpoch = self->mLastReadEpoch; if (!isContinuation) { - self->mAggregatedHeaderSize = self->mInputFrameDataSize - - paddingControlBytes - priorityLen - - paddingLength; + self->mAggregatedHeaderSize = frameSize; } else { - self->mAggregatedHeaderSize += self->mInputFrameDataSize - - paddingControlBytes - priorityLen - - paddingLength; + self->mAggregatedHeaderSize += frameSize; } if (!endHeadersFlag) { // more are coming - don't process yet diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index e20e0fa400..3fc3b7fa1b 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -1440,13 +1440,6 @@ void nsHttpHandler::PrefsChanged(const char* pref) { } } - if (PREF_CHANGED(HTTP_PREF("max_response_header_size"))) { - rv = Preferences::GetInt(HTTP_PREF("max_response_header_size"), &val); - if (NS_SUCCEEDED(rv)) { - mMaxHttpResponseHeaderSize = val; - } - } - if (PREF_CHANGED(HTTP_PREF("throttle.enable"))) { rv = Preferences::GetBool(HTTP_PREF("throttle.enable"), &mThrottleEnabled); if (NS_SUCCEEDED(rv) && mConnMgr) { diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h index cf745347ee..ba0b3114e6 100644 --- a/netwerk/protocol/http/nsHttpHandler.h +++ b/netwerk/protocol/http/nsHttpHandler.h @@ -447,10 +447,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler, return (uint16_t)mHttp3MaxBlockedStreams; } - uint32_t MaxHttpResponseHeaderSize() const { - return mMaxHttpResponseHeaderSize; - } - const nsCString& Http3QlogDir(); float FocusedWindowTransactionRatio() const { @@ -730,9 +726,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler, nsCString mHttp3QlogDir; - // The max size (in bytes) for received Http response header. - uint32_t mMaxHttpResponseHeaderSize{393216}; - // The ratio for dispatching transactions from the focused window. float mFocusedWindowTransactionRatio{0.9f}; diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp index fcfbdb6503..32fa0fef39 100644 --- a/netwerk/protocol/http/nsHttpTransaction.cpp +++ b/netwerk/protocol/http/nsHttpTransaction.cpp @@ -2477,7 +2477,7 @@ nsresult nsHttpTransaction::ProcessData(char* buf, uint32_t count, mCurrentHttpResponseHeaderSize += bytesConsumed; if (mCurrentHttpResponseHeaderSize > - gHttpHandler->MaxHttpResponseHeaderSize()) { + StaticPrefs::network_http_max_response_header_size()) { LOG(("nsHttpTransaction %p The response header exceeds the limit.\n", this)); return NS_ERROR_FILE_TOO_BIG; diff --git a/netwerk/test/unit/http2_test_common.js b/netwerk/test/unit/http2_test_common.js index 341aa191da..163890e1a7 100644 --- a/netwerk/test/unit/http2_test_common.js +++ b/netwerk/test/unit/http2_test_common.js @@ -1151,6 +1151,22 @@ async function test_http2_continuations(loadGroup, serverPort) { }); } +async function test_http2_continuations_over_max_response_limit( + loadGroup, + serverPort +) { + var chan = makeHTTPChannel( + `https://localhost:${serverPort}/hugecontinuedheaders?size=385` + ); + chan.loadGroup = loadGroup; + return new Promise(resolve => { + var listener = new Http2CheckListener(); + listener.finish = resolve; + listener.shouldSucceed = false; + chan.asyncOpen(listener); + }); +} + function Http2IllegalHpackValidationListener() {} Http2IllegalHpackValidationListener.prototype = new Http2CheckListener(); diff --git a/netwerk/test/unit/test_http2.js b/netwerk/test/unit/test_http2.js index 1324527db6..a7e305e118 100644 --- a/netwerk/test/unit/test_http2.js +++ b/netwerk/test/unit/test_http2.js @@ -477,3 +477,12 @@ add_task(async function do_test_http2_push_userContext3() { ); Assert.equal(httpProxyConnectResponseCode, -1); }); + +add_task(async function do_test_http2_continuations_over_max_response_limit() { + const { httpProxyConnectResponseCode } = + await test_http2_continuations_over_max_response_limit( + loadGroup, + serverPort + ); + Assert.equal(httpProxyConnectResponseCode, -1); +}); diff --git a/netwerk/test/unit/test_http2_with_proxy.js b/netwerk/test/unit/test_http2_with_proxy.js index 858a0da570..dcc913f039 100644 --- a/netwerk/test/unit/test_http2_with_proxy.js +++ b/netwerk/test/unit/test_http2_with_proxy.js @@ -423,3 +423,12 @@ add_task(async function do_test_http2_push_userContext3() { ); Assert.equal(httpProxyConnectResponseCode, 200); }); + +add_task(async function do_test_http2_continuations_over_max_response_limit() { + const { httpProxyConnectResponseCode } = + await test_http2_continuations_over_max_response_limit( + loadGroup, + serverPort + ); + Assert.equal(httpProxyConnectResponseCode, 200); +}); |