RESOLVED FIXED 4312
XMLHttpRequest headers that have two CRLF sequences lead to Obj-C exception 
https://bugs.webkit.org/show_bug.cgi?id=4312
Summary XMLHttpRequest headers that have two CRLF sequences lead to Obj-C exception
Darin Adler
Reported 2005-08-06 20:35:38 PDT
Just need a check for empty lines.
Attachments
just added a check for empty lines in the code that parses headers (2.32 KB, patch)
2005-08-06 20:37 PDT, Darin Adler 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2005-08-06 20:37:48 PDT
Created attachment 3250 [details] just added a check for empty lines in the code that parses headers We could do even more to prohibit CRLF in the XMLHttpRequest API before it gets to this point, but this change is all that's needed to make the bad symptom go away.
John Sullivan
Comment 2 2005-08-08 09:22:04 PDT
Comment on attachment 3250 [details] just added a check for empty lines in the code that parses headers This patch looks fine (checking for [line length] rather than line != nil), plus some formatting changes. Did you notice this bug by inspection, or is there a test case to make it fail? It seems like an obviously correct improvement, but a test case would be nice.
Darin Adler
Comment 3 2005-08-08 09:56:27 PDT
I found this by code inspection after examining a security report about vulnerabilities in other browsers' XMLHttpRequest implementations.
Geoffrey Garen
Comment 4 2005-12-19 09:11:48 PST
Comment on attachment 3250 [details] just added a check for empty lines in the code that parses headers r=sullivan+me
Darin Adler
Comment 5 2006-01-03 10:45:35 PST
<rdar://problem/4376060> Unhandled ObjC exception dealing with malformed xmlhttprequest headers (4312)
Lucas Forschler
Comment 6 2019-02-06 09:03:48 PST
Mass moving XML DOM bugs to the "DOM" Component.
Note You need to log in before you can comment on or make changes to this bug.