summaryrefslogtreecommitdiffstats
path: root/netwerk
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--netwerk/dns/effective_tld_names.dat22
-rw-r--r--netwerk/protocol/http/Http2Session.cpp21
-rw-r--r--netwerk/protocol/http/nsHttpHandler.cpp7
-rw-r--r--netwerk/protocol/http/nsHttpHandler.h7
-rw-r--r--netwerk/protocol/http/nsHttpTransaction.cpp2
-rw-r--r--netwerk/test/unit/http2_test_common.js16
-rw-r--r--netwerk/test/unit/test_http2.js9
-rw-r--r--netwerk/test/unit/test_http2_with_proxy.js9
8 files changed, 61 insertions, 32 deletions
diff --git a/netwerk/dns/effective_tld_names.dat b/netwerk/dns/effective_tld_names.dat
index c2b813fa68..21df77442b 100644
--- a/netwerk/dns/effective_tld_names.dat
+++ b/netwerk/dns/effective_tld_names.dat
@@ -6710,7 +6710,7 @@ org.zw
// newGTLDs
-// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-03-06T15:14:58Z
+// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2024-03-28T15:13:37Z
// This list is auto-generated, don't edit it manually.
// aaa : American Automobile Association, Inc.
// https://www.iana.org/domains/root/db/aaa.html
@@ -6988,10 +6988,6 @@ auto
// https://www.iana.org/domains/root/db/autos.html
autos
-// avianca : Avianca Inc.
-// https://www.iana.org/domains/root/db/avianca.html
-avianca
-
// aws : AWS Registry LLC
// https://www.iana.org/domains/root/db/aws.html
aws
@@ -13480,6 +13476,10 @@ whitesnow.jp
zombie.jp
heteml.net
+// GoDaddy Registry : https://registry.godaddy
+// Submitted by Rohan Durrant <tldns@registry.godaddy>
+graphic.design
+
// GOV.UK Platform as a Service : https://www.cloud.service.gov.uk/
// Submitted by Tom Whitwell <gov-uk-paas-support@digital.cabinet-office.gov.uk>
cloudapps.digital
@@ -13737,7 +13737,7 @@ biz.at
info.at
// info.cx : http://info.cx
-// Submitted by Jacob Slater <whois@igloo.to>
+// Submitted by June Slater <whois@igloo.to>
info.cx
// Interlegis : http://www.interlegis.leg.br
@@ -13786,6 +13786,10 @@ iopsys.se
// Submitted by Matthew Hardeman <mhardeman@ipifony.com>
ipifony.net
+// ir.md : https://nic.ir.md
+// Submitted by Ali Soizi <info@nic.ir.md>
+ir.md
+
// IServ GmbH : https://iserv.de
// Submitted by Mario Hoberg <info@iserv.de>
iservschule.de
@@ -14141,7 +14145,7 @@ co.pl
// Managed by Corporate Domains
// Microsoft Azure : https://home.azure
*.azurecontainer.io
-*.cloudapp.azure.com
+cloudapp.azure.com
azure-api.net
azureedge.net
azurefd.net
@@ -14255,6 +14259,10 @@ nh-serv.co.uk
// Submitted by Jeff Wheelhouse <support@nearlyfreespeech.net>
nfshost.com
+// NFT.Storage : https://nft.storage/
+// Submitted by Vasco Santos <vasco.santos@protocol.ai> or <support@nft.storage>
+ipfs.nftstorage.link
+
// Noop : https://noop.app
// Submitted by Nathaniel Schweinberg <noop@rearc.io>
*.developer.app
diff --git a/netwerk/protocol/http/Http2Session.cpp b/netwerk/protocol/http/Http2Session.cpp
index d2236ab3ad..3f9757b419 100644
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -1416,6 +1416,13 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) {
return self->SessionError(PROTOCOL_ERROR);
}
+ uint32_t frameSize = self->mInputFrameDataSize - paddingControlBytes -
+ priorityLen - paddingLength;
+ if (self->mAggregatedHeaderSize + frameSize >
+ StaticPrefs::network_http_max_response_header_size()) {
+ LOG(("Http2Session %p header exceeds the limit\n", self));
+ return self->SessionError(PROTOCOL_ERROR);
+ }
if (!self->mInputFrameDataStream) {
// Cannot find stream. We can continue the session, but we need to
// uncompress the header block to maintain the correct compression context
@@ -1432,8 +1439,7 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) {
self->mDecompressBuffer.Append(
&self->mInputFrameBuffer[kFrameHeaderBytes + paddingControlBytes +
priorityLen],
- self->mInputFrameDataSize - paddingControlBytes - priorityLen -
- paddingLength);
+ frameSize);
if (self->mInputFrameFlags & kFlag_END_HEADERS) {
rv = self->UncompressAndDiscard(false);
@@ -1463,21 +1469,16 @@ nsresult Http2Session::RecvHeaders(Http2Session* self) {
self->mDecompressBuffer.Append(
&self->mInputFrameBuffer[kFrameHeaderBytes + paddingControlBytes +
priorityLen],
- self->mInputFrameDataSize - paddingControlBytes - priorityLen -
- paddingLength);
+ frameSize);
self->mInputFrameDataStream->UpdateTransportReadEvents(
self->mInputFrameDataSize);
self->mLastDataReadEpoch = self->mLastReadEpoch;
if (!isContinuation) {
- self->mAggregatedHeaderSize = self->mInputFrameDataSize -
- paddingControlBytes - priorityLen -
- paddingLength;
+ self->mAggregatedHeaderSize = frameSize;
} else {
- self->mAggregatedHeaderSize += self->mInputFrameDataSize -
- paddingControlBytes - priorityLen -
- paddingLength;
+ self->mAggregatedHeaderSize += frameSize;
}
if (!endHeadersFlag) { // more are coming - don't process yet
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
index e20e0fa400..3fc3b7fa1b 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -1440,13 +1440,6 @@ void nsHttpHandler::PrefsChanged(const char* pref) {
}
}
- if (PREF_CHANGED(HTTP_PREF("max_response_header_size"))) {
- rv = Preferences::GetInt(HTTP_PREF("max_response_header_size"), &val);
- if (NS_SUCCEEDED(rv)) {
- mMaxHttpResponseHeaderSize = val;
- }
- }
-
if (PREF_CHANGED(HTTP_PREF("throttle.enable"))) {
rv = Preferences::GetBool(HTTP_PREF("throttle.enable"), &mThrottleEnabled);
if (NS_SUCCEEDED(rv) && mConnMgr) {
diff --git a/netwerk/protocol/http/nsHttpHandler.h b/netwerk/protocol/http/nsHttpHandler.h
index cf745347ee..ba0b3114e6 100644
--- a/netwerk/protocol/http/nsHttpHandler.h
+++ b/netwerk/protocol/http/nsHttpHandler.h
@@ -447,10 +447,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
return (uint16_t)mHttp3MaxBlockedStreams;
}
- uint32_t MaxHttpResponseHeaderSize() const {
- return mMaxHttpResponseHeaderSize;
- }
-
const nsCString& Http3QlogDir();
float FocusedWindowTransactionRatio() const {
@@ -730,9 +726,6 @@ class nsHttpHandler final : public nsIHttpProtocolHandler,
nsCString mHttp3QlogDir;
- // The max size (in bytes) for received Http response header.
- uint32_t mMaxHttpResponseHeaderSize{393216};
-
// The ratio for dispatching transactions from the focused window.
float mFocusedWindowTransactionRatio{0.9f};
diff --git a/netwerk/protocol/http/nsHttpTransaction.cpp b/netwerk/protocol/http/nsHttpTransaction.cpp
index fcfbdb6503..32fa0fef39 100644
--- a/netwerk/protocol/http/nsHttpTransaction.cpp
+++ b/netwerk/protocol/http/nsHttpTransaction.cpp
@@ -2477,7 +2477,7 @@ nsresult nsHttpTransaction::ProcessData(char* buf, uint32_t count,
mCurrentHttpResponseHeaderSize += bytesConsumed;
if (mCurrentHttpResponseHeaderSize >
- gHttpHandler->MaxHttpResponseHeaderSize()) {
+ StaticPrefs::network_http_max_response_header_size()) {
LOG(("nsHttpTransaction %p The response header exceeds the limit.\n",
this));
return NS_ERROR_FILE_TOO_BIG;
diff --git a/netwerk/test/unit/http2_test_common.js b/netwerk/test/unit/http2_test_common.js
index 341aa191da..163890e1a7 100644
--- a/netwerk/test/unit/http2_test_common.js
+++ b/netwerk/test/unit/http2_test_common.js
@@ -1151,6 +1151,22 @@ async function test_http2_continuations(loadGroup, serverPort) {
});
}
+async function test_http2_continuations_over_max_response_limit(
+ loadGroup,
+ serverPort
+) {
+ var chan = makeHTTPChannel(
+ `https://localhost:${serverPort}/hugecontinuedheaders?size=385`
+ );
+ chan.loadGroup = loadGroup;
+ return new Promise(resolve => {
+ var listener = new Http2CheckListener();
+ listener.finish = resolve;
+ listener.shouldSucceed = false;
+ chan.asyncOpen(listener);
+ });
+}
+
function Http2IllegalHpackValidationListener() {}
Http2IllegalHpackValidationListener.prototype = new Http2CheckListener();
diff --git a/netwerk/test/unit/test_http2.js b/netwerk/test/unit/test_http2.js
index 1324527db6..a7e305e118 100644
--- a/netwerk/test/unit/test_http2.js
+++ b/netwerk/test/unit/test_http2.js
@@ -477,3 +477,12 @@ add_task(async function do_test_http2_push_userContext3() {
);
Assert.equal(httpProxyConnectResponseCode, -1);
});
+
+add_task(async function do_test_http2_continuations_over_max_response_limit() {
+ const { httpProxyConnectResponseCode } =
+ await test_http2_continuations_over_max_response_limit(
+ loadGroup,
+ serverPort
+ );
+ Assert.equal(httpProxyConnectResponseCode, -1);
+});
diff --git a/netwerk/test/unit/test_http2_with_proxy.js b/netwerk/test/unit/test_http2_with_proxy.js
index 858a0da570..dcc913f039 100644
--- a/netwerk/test/unit/test_http2_with_proxy.js
+++ b/netwerk/test/unit/test_http2_with_proxy.js
@@ -423,3 +423,12 @@ add_task(async function do_test_http2_push_userContext3() {
);
Assert.equal(httpProxyConnectResponseCode, 200);
});
+
+add_task(async function do_test_http2_continuations_over_max_response_limit() {
+ const { httpProxyConnectResponseCode } =
+ await test_http2_continuations_over_max_response_limit(
+ loadGroup,
+ serverPort
+ );
+ Assert.equal(httpProxyConnectResponseCode, 200);
+});