diff options
author | Bence Béky <bnc@chromium.org> | 2020-08-28 16:49:06 +0000 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2020-09-22 11:55:53 +0000 |
commit | 40cebfb305146ddc44fb0c99b7d93fcdcfdc8bd9 (patch) | |
tree | 3e0def9f116d357384e1e204606476e617b3722a | |
parent | e967bb155a01ded1c191b8eb51921f2057c498a5 (diff) | |
download | qtwebengine-chromium-40cebfb305146ddc44fb0c99b7d93fcdcfdc8bd9.tar.gz |
[Backport] CVE-2020-15959: Insufficient policy enforcement in networking
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2380573:
Elide headers in QuicHttp3Logger.
Use ElideSpdyHeaderBlockForNetLog() for SpdyHeaderBlock, fork it as
ElideQuicHeaderListForNetLog() for QuicHeaderList.
Bug: 1122684
Change-Id: I3f6abe810657bc5ae4655fd7d4fec60825eff38e
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/net/quic/quic_http3_logger.cc | 85 |
1 files changed, 47 insertions, 38 deletions
diff --git a/chromium/net/quic/quic_http3_logger.cc b/chromium/net/quic/quic_http3_logger.cc index 8240046a419..306fb23c000 100644 --- a/chromium/net/quic/quic_http3_logger.cc +++ b/chromium/net/quic/quic_http3_logger.cc @@ -9,10 +9,13 @@ #include <vector> #include "base/metrics/histogram_macros.h" +#include "base/strings/strcat.h" #include "base/strings/string_number_conversions.h" +#include "net/http/http_log_util.h" #include "net/log/net_log_capture_mode.h" #include "net/log/net_log_event_type.h" #include "net/log/net_log_values.h" +#include "net/spdy/spdy_log_util.h" namespace net { @@ -64,22 +67,20 @@ base::Value NetLogThreeIntParams(base::StringPiece name1, return dict; } -base::Value NetLogHeadersToDict(const quic::QuicHeaderList& headers) { - base::Value dict(base::Value::Type::DICTIONARY); - for (auto header : headers) { - dict.SetStringKey(header.first, header.second); - } - return dict; -} - -base::Value NetLogHeadersToDict(const spdy::SpdyHeaderBlock& headers) { - base::Value dict(base::Value::Type::DICTIONARY); - for (auto header : headers) { - dict.SetStringKey(header.first, header.second); +base::ListValue ElideQuicHeaderListForNetLog( + const quic::QuicHeaderList& headers, + NetLogCaptureMode capture_mode) { + base::ListValue headers_list; + for (const auto& header : headers) { + base::StringPiece key = header.first; + base::StringPiece value = header.second; + headers_list.Append(NetLogStringValue( + base::StrCat({key, ": ", + ElideHeaderValueForNetLog(capture_mode, key.as_string(), + value.as_string())}))); } - return dict; + return headers_list; } - } // namespace QuicHttp3Logger::QuicHttp3Logger(const NetLogWithSource& net_log) @@ -235,11 +236,13 @@ void QuicHttp3Logger::OnHeadersDecoded(quic::QuicStreamId stream_id, return; } net_log_.AddEvent( - NetLogEventType::HTTP3_HEADERS_DECODED, [stream_id, &headers] { + NetLogEventType::HTTP3_HEADERS_DECODED, + [stream_id, &headers](NetLogCaptureMode capture_mode) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetKey("stream_id", NetLogNumberValue(static_cast<uint64_t>(stream_id))); - dict.SetKey("headers", NetLogHeadersToDict(headers)); + dict.SetKey("headers", + ElideQuicHeaderListForNetLog(headers, capture_mode)); return dict; }); } @@ -266,16 +269,18 @@ void QuicHttp3Logger::OnPushPromiseDecoded(quic::QuicStreamId stream_id, if (!net_log_.IsCapturing()) { return; } - net_log_.AddEvent(NetLogEventType::HTTP3_PUSH_PROMISE_DECODED, [stream_id, - push_id, - &headers] { - base::Value dict(base::Value::Type::DICTIONARY); - dict.SetKey("stream_id", - NetLogNumberValue(static_cast<uint64_t>(stream_id))); - dict.SetKey("push_id", NetLogNumberValue(static_cast<uint64_t>(push_id))); - dict.SetKey("headers", NetLogHeadersToDict(headers)); - return dict; - }); + net_log_.AddEvent( + NetLogEventType::HTTP3_PUSH_PROMISE_DECODED, + [stream_id, push_id, &headers](NetLogCaptureMode capture_mode) { + base::Value dict(base::Value::Type::DICTIONARY); + dict.SetKey("stream_id", + NetLogNumberValue(static_cast<uint64_t>(stream_id))); + dict.SetKey("push_id", + NetLogNumberValue(static_cast<uint64_t>(push_id))); + dict.SetKey("headers", + ElideQuicHeaderListForNetLog(headers, capture_mode)); + return dict; + }); } void QuicHttp3Logger::OnUnknownFrameReceived( @@ -344,11 +349,13 @@ void QuicHttp3Logger::OnHeadersFrameSent( return; } net_log_.AddEvent( - NetLogEventType::HTTP3_HEADERS_SENT, [stream_id, &header_block] { + NetLogEventType::HTTP3_HEADERS_SENT, + [stream_id, &header_block](NetLogCaptureMode capture_mode) { base::Value dict(base::Value::Type::DICTIONARY); dict.SetKey("stream_id", NetLogNumberValue(static_cast<uint64_t>(stream_id))); - dict.SetKey("headers", NetLogHeadersToDict(header_block)); + dict.SetKey("headers", + ElideSpdyHeaderBlockForNetLog(header_block, capture_mode)); return dict; }); } @@ -360,16 +367,18 @@ void QuicHttp3Logger::OnPushPromiseFrameSent( if (!net_log_.IsCapturing()) { return; } - net_log_.AddEvent(NetLogEventType::HTTP3_PUSH_PROMISE_SENT, [stream_id, - push_id, - &header_block] { - base::Value dict(base::Value::Type::DICTIONARY); - dict.SetKey("stream_id", - NetLogNumberValue(static_cast<uint64_t>(stream_id))); - dict.SetKey("push_id", NetLogNumberValue(static_cast<uint64_t>(push_id))); - dict.SetKey("headers", NetLogHeadersToDict(header_block)); - return dict; - }); + net_log_.AddEvent( + NetLogEventType::HTTP3_PUSH_PROMISE_SENT, + [stream_id, push_id, &header_block](NetLogCaptureMode capture_mode) { + base::Value dict(base::Value::Type::DICTIONARY); + dict.SetKey("stream_id", + NetLogNumberValue(static_cast<uint64_t>(stream_id))); + dict.SetKey("push_id", + NetLogNumberValue(static_cast<uint64_t>(push_id))); + dict.SetKey("headers", + ElideSpdyHeaderBlockForNetLog(header_block, capture_mode)); + return dict; + }); } } // namespace net |