Don't allow null bytes in hosts of host permissions.

BUG=390624 TEST=Load the sample manifest from the bug, comment #9. It should fail to load. Review URL: https://codereview.chromium.org/416263002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285492 0039d316-1c4b-4281-b951-d872f2087c98

Don't allow null bytes in hosts of host permissions.
BUG=390624 TEST=Load the sample manifest from the bug, comment #9. It should fail to load. Review URL: https://codereview.chromium.org/416263002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285492 0039d316-1c4b-4281-b951-d872f2087c98
80d5aa4a · yoz@chromium.org · 93ef5ea0 · 80d5aa4a · 80d5aa4a · 80d5aa4a
Commit 80d5aa4a authored Jul 25, 2014 by yoz@chromium.org
3 changed files
--- a/extensions/common/url_pattern.cc
+++ b/extensions/common/url_pattern.cc
@@ -54,6 +54,7 @@ const char kParseErrorEmptyHost[] = "Host can not be empty.";
 const char kParseErrorInvalidHostWildcard[] = "Invalid host wildcard.";
 const char kParseErrorEmptyPath[] = "Empty path.";
 const char kParseErrorInvalidPort[] = "Invalid port.";
+const char kParseErrorInvalidHost[] = "Invalid host.";

 // Message explaining each URLPattern::ParseResult.
 const char* const kParseResultMessages[] = {
@@ -65,6 +66,7 @@ const char* const kParseResultMessages[] = {
  kParseErrorInvalidHostWildcard,
  kParseErrorEmptyPath,
  kParseErrorInvalidPort,
+  kParseErrorInvalidHost,
 };

 COMPILE_ASSERT(URLPattern::NUM_PARSE_RESULTS == arraysize(kParseResultMessages),
@@ -266,6 +268,10 @@ URLPattern::ParseResult URLPattern::Parse(const std::string& pattern) {
  if (host_.find('*') != std::string::npos)
    return PARSE_ERROR_INVALID_HOST_WILDCARD;

+  // Null characters are not allowed in hosts.
+  if (host_.find('\0') != std::string::npos)
+    return PARSE_ERROR_INVALID_HOST;
+
  return PARSE_SUCCESS;
 }


--- a/extensions/common/url_pattern.h
+++ b/extensions/common/url_pattern.h
@@ -73,6 +73,7 @@ class URLPattern {
    PARSE_ERROR_INVALID_HOST_WILDCARD,
    PARSE_ERROR_EMPTY_PATH,
    PARSE_ERROR_INVALID_PORT,
+    PARSE_ERROR_INVALID_HOST,
    NUM_PARSE_RESULTS
  };


--- a/extensions/common/url_pattern_unittest.cc
+++ b/extensions/common/url_pattern_unittest.cc
@@ -45,6 +45,15 @@ TEST(ExtensionURLPatternTest, ParseInvalid) {
              pattern.Parse(kInvalidPatterns[i].pattern))
        << kInvalidPatterns[i].pattern;
  }
+
+  {
+    // Cannot use a C string, because this contains a null byte.
+    std::string null_host("http://\0www/", 12);
+    URLPattern pattern(URLPattern::SCHEME_ALL);
+    EXPECT_EQ(URLPattern::PARSE_ERROR_INVALID_HOST,
+              pattern.Parse(null_host))
+        << null_host;
+  }
 };

 TEST(ExtensionURLPatternTest, Ports) {