diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2020-04-03 09:40:50 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2020-04-03 10:48:42 +0200 |
| commit | 50d2a3820283d0b1cba6d924625b2718e2d5d331 (patch) | |
| tree | d02b4cceb376eaa332b8ccab551da63fd1ef3698 /ucb/source/ucp | |
| parent | a4c5e940881520834c19573c5b1119afa1c17744 (diff) | |
Improve handling of non-ASCII HTTP header field values
...following up on afad46c4e891359aad7a829e704e627e1039fc33 "crashtesting:
assert on loading fdo102527-1.html" (and partially reverting it).
Loading that fdo102527-1.html as of today causes LO to send a HTTP GET request
for <http://aplikasikita.com:80/styles/style.css%E2%80%9D> that is answered by
> HTTP/1.1 301 Moved Permanently
> Connection: Keep-Alive
> Date: Fri, 03 Apr 2020 06:59:55 GMT
> Server: LiteSpeed
> Location: https://aplikasikita.com/styles/style.css”
> Vary: User-Agent
(i.e., the "Location" header value containing the three octets %xE2 %x80 %x9D).
Change-Id: I14a3e94013d584e793fad24196f1f01cd411be55
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91610
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'ucb/source/ucp')
| -rw-r--r-- | ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx b/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx index 8ac37f2524c0..68f24f440d94 100644 --- a/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx +++ b/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx @@ -53,8 +53,14 @@ void process_headers( ne_request * req, #endif while ( ( cursor = ne_response_header_iterate( req, cursor, &name, &value ) ) != nullptr ) { - OUString aHeaderName(name, strlen(name), RTL_TEXTENCODING_ASCII_US); - OUString aHeaderValue(value, strlen(value), RTL_TEXTENCODING_ASCII_US); + // The HTTP header `field-name` must be a `token`, which can only contain a subset of ASCII; + // assume that Neon will already have rejected any invalid data, so that it is guaranteed + // that `name` is ASCII-only: + OUString aHeaderName( OUString::createFromAscii( name ) ); + // The HTTP header `field-value` may contain obsolete (as per RFC 7230) `obs-text` non-ASCII + // %x80-FF octets, lets preserve them as individual characters in `aHeaderValue` by treating + // `value` as ISO 8859-1: + OUString aHeaderValue(value, strlen(value), RTL_TEXTENCODING_ISO_8859_1); SAL_INFO( "ucb.ucp.webdav", "HEAD - received header: " << aHeaderName << ":" << aHeaderValue); |