Disallow leading '+' in ParseRetryAfterReader()

Fixed: 596568 Change-Id: I36f4b6c868d8e6cb585cc20c7d3a571cf9d09999 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2347405 Commit-Queue: Eric Orth <ericorth@chromium.org> Commit-Queue: Eric Roman <eroman@chromium.org> Auto-Submit: Eric Orth <ericorth@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#796605}

Disallow leading '+' in ParseRetryAfterReader()
Fixed: 596568 Change-Id: I36f4b6c868d8e6cb585cc20c7d3a571cf9d09999 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2347405 Commit-Queue: Eric Orth <ericorth@chromium.org> Commit-Queue: Eric Roman <eroman@chromium.org> Auto-Submit: Eric Orth <ericorth@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#796605}
aed22775 · Eric Orth · Commit Bot · 4ec2a606 · aed22775 · aed22775
Commit aed22775 authored Aug 10, 2020 by Eric Orth Committed by Commit Bot Aug 10, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 17 deletions

net/http/http_util.cc net/http/http_util.cc +3 -2

net/http/http_util_unittest.cc net/http/http_util_unittest.cc +15 -15

No files found.
--- a/net/http/http_util.cc
+++ b/net/http/http_util.cc
@@ -20,6 +20,7 @@
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "net/base/features.h"
+#include "net/base/parse_number.h"
 #include "net/base/url_util.h"
 namespace net {
@@ -364,11 +365,11 @@ bool HttpUtil::ParseContentRangeHeaderFor206(
 bool HttpUtil::ParseRetryAfterHeader(const std::string& retry_after_string,
                                     base::Time now,
                                     base::TimeDelta* retry_after) {
-  int seconds;
+  uint32_t seconds;
  base::Time time;
  base::TimeDelta interval;
-  if (base::StringToInt(retry_after_string, &seconds)) {
+  if (net::ParseUint32(retry_after_string, &seconds)) {
    interval = base::TimeDelta::FromSeconds(seconds);
  } else if (base::Time::FromUTCString(retry_after_string.c_str(), &time)) {
    interval = time - now;

--- a/net/http/http_util_unittest.cc
+++ b/net/http/http_util_unittest.cc
@@ -1070,21 +1070,21 @@ TEST(HttpUtilTest, ParseRetryAfterHeader) {
    const char* retry_after_string;
    bool expected_return_value;
    base::TimeDelta expected_retry_after;
-  } tests[] = {
+  } tests[] = {{"", false, base::TimeDelta()},
-    { "", false, base::TimeDelta() },
+               {"-3", false, base::TimeDelta()},
-    { "-3", false, base::TimeDelta() },
+               {"-2", false, base::TimeDelta()},
-    { "-2", false, base::TimeDelta() },
+               {"-1", false, base::TimeDelta()},
-    { "-1", false, base::TimeDelta() },
+               {"+0", false, base::TimeDelta()},
-    { "0", true, base::TimeDelta::FromSeconds(0) },
+               {"+1", false, base::TimeDelta()},
-    { "1", true, base::TimeDelta::FromSeconds(1) },
+               {"0", true, base::TimeDelta::FromSeconds(0)},
-    { "2", true, base::TimeDelta::FromSeconds(2) },
+               {"1", true, base::TimeDelta::FromSeconds(1)},
-    { "3", true, base::TimeDelta::FromSeconds(3) },
+               {"2", true, base::TimeDelta::FromSeconds(2)},
-    { "60", true, base::TimeDelta::FromSeconds(60) },
+               {"3", true, base::TimeDelta::FromSeconds(3)},
-    { "3600", true, base::TimeDelta::FromSeconds(3600) },
+               {"60", true, base::TimeDelta::FromSeconds(60)},
-    { "86400", true, base::TimeDelta::FromSeconds(86400) },
+               {"3600", true, base::TimeDelta::FromSeconds(3600)},
-    { "Thu, 1 Jan 2015 12:34:56 GMT", true, later - now },
+               {"86400", true, base::TimeDelta::FromSeconds(86400)},
-    { "Mon, 1 Jan 1900 12:34:56 GMT", false, base::TimeDelta() }
+               {"Thu, 1 Jan 2015 12:34:56 GMT", true, later - now},
-  };
+               {"Mon, 1 Jan 1900 12:34:56 GMT", false, base::TimeDelta()}};
  for (size_t i = 0; i < base::size(tests); ++i) {
    base::TimeDelta retry_after;