diff options
| author | Sergio Giro <sgiro@google.com> | 2016-02-29 19:52:54 +0000 |
|---|---|---|
| committer | Sergio Giro <sgiro@google.com> | 2016-02-29 19:52:54 +0000 |
| commit | 8ef2daccd20f80b439c93af7d7985fb26d1f6b2f (patch) | |
| tree | 5e5e6d3aa97cb6ba44e38ef0dbef96edbc739377 | |
| parent | 0cf52b731ca8287d7874fb5793be59da37fc74fb (diff) | |
| download | okhttp-8ef2daccd20f80b439c93af7d7985fb26d1f6b2f.tar.gz | |
Workaround for request header values with trailing '\r' or '\r\n'
Testing is showing an app that appears to
be setting a request header with a trailing '\r'. This change
strips the '\r' or '\r\n' iff it is at the end of the value.
Bug: 26889631
Change-Id: I3a521a5272ad0c7cf3b018892516ced9e65f46ca
| -rw-r--r-- | okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java | 2 | ||||
| -rw-r--r-- | okhttp/src/main/java/com/squareup/okhttp/Headers.java | 13 |
2 files changed, 11 insertions, 4 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java index a2cfbe0..3c26ae1 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java @@ -182,6 +182,8 @@ public final class RequestTest { // assertForbiddenHeader("\n"); assertForbiddenHeader("a\nb"); assertForbiddenHeader("\nb"); + assertForbiddenHeader("a\rb"); + assertForbiddenHeader("\rb"); // End of Android modification. assertForbiddenHeader("\t"); assertForbiddenHeader("\u001f"); diff --git a/okhttp/src/main/java/com/squareup/okhttp/Headers.java b/okhttp/src/main/java/com/squareup/okhttp/Headers.java index ce38fbf..dad91bf 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/Headers.java +++ b/okhttp/src/main/java/com/squareup/okhttp/Headers.java @@ -290,10 +290,15 @@ public final class Headers { } if (value == null) throw new IllegalArgumentException("value == null"); - // Workaround for applications that set trailing "\n" on header values. - // http://b/26422335. Android used to allow anything except '\0'. - if (value.length() > 0 && value.charAt(value.length() - 1) == '\n') { - value = value.substring(0, value.length() - 1); + // Workaround for applications that set trailing "\r", "\n" or "\r\n" on header values. + // http://b/26422335, http://b/26889631 Android used to allow anything except '\0'. + int valueLen = value.length(); + if (valueLen >= 2 && value.charAt(valueLen - 2) == '\r' && value.charAt(valueLen - 1) == '\n') { + value = value.substring(0, value.length() - 2); + } else if (valueLen > 0 + && (value.charAt(valueLen - 1) == '\n' + || value.charAt(valueLen - 1) == '\r')) { + value = value.substring(0, valueLen - 1); } // End of workaround. |