Add max parsing length for permissions policy parser

Bug: 1106206
Change-Id: Id49eace861305bb57819a34824c06a7583f16518
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2304769Reviewed-by: Ian Clelland <iclelland@chromium.org>
Commit-Queue: Charlie Hu <chenleihu@google.com>
Cr-Commit-Position: refs/heads/master@{#789557}

third_party/blink/renderer/core/feature_policy/feature_policy_parser.cc

@@ -438,6 +438,13 @@ internal::FeaturePolicyNode ParsingContext::ParseFeaturePolicyToIR(
 
 internal::FeaturePolicyNode ParsingContext::ParsePermissionsPolicyToIR(
     const String& policy) {
+  if (policy.length() > MAX_LENGTH_PARSE) {
+    logger_.Error("Permissions policy declaration exceeds size limit(" +
+                  String::Number(policy.length()) + ">" +
+                  String::Number(MAX_LENGTH_PARSE) + ")");
+    return {};
+  }
+
   auto root = net::structured_headers::ParseDictionary(policy.Utf8());
   if (!root) {
     logger_.Error(

third_party/blink/renderer/core/feature_policy/feature_policy_test.cc

@@ -609,7 +609,14 @@ TEST_F(FeaturePolicyParserTest, ParseTooLongPolicy) {
       policy_string.c_str(), origin_a_.get(), origin_b_.get(), logger,
       test_feature_name_map);
   EXPECT_EQ(1UL, logger.GetMessages().size())
-      << "Should fail to parse string with size " << policy_string.size();
+      << "Should fail to parse feature policy string with size "
+      << policy_string.size();
+  FeaturePolicyParser::ParsePermissionsPolicyForTest(
+      policy_string.c_str(), origin_a_.get(), origin_b_.get(), logger,
+      test_feature_name_map);
+  EXPECT_EQ(2UL, logger.GetMessages().size())
+      << "Should fail to parse permissions policy string with size "
+      << policy_string.size();
 }
 
 // Test histogram counting the use of feature policies in header.