[Libreoffice-commits] core.git: ucb/source

Stephan Bergmann (via logerrit) logerrit at kemper.freedesktop.org
Fri Apr 3 08:49:18 UTC 2020 

 ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit 50d2a3820283d0b1cba6d924625b2718e2d5d331
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Fri Apr 3 09:40:50 2020 +0200
Commit:     Stephan Bergmann <sbergman at redhat.com>
CommitDate: Fri Apr 3 10:48:42 2020 +0200

    Improve handling of non-ASCII HTTP header field values
    
    ...following up on afad46c4e891359aad7a829e704e627e1039fc33 "crashtesting:
    assert on loading fdo102527-1.html" (and partially reverting it).
    
    Loading that fdo102527-1.html as of today causes LO to send a HTTP GET request
    for <http://aplikasikita.com:80/styles/style.css%E2%80%9D> that is answered by
    
    > HTTP/1.1 301 Moved Permanently
    > Connection: Keep-Alive
    > Date: Fri, 03 Apr 2020 06:59:55 GMT
    > Server: LiteSpeed
    > Location: https://aplikasikita.com/styles/style.css”
    > Vary: User-Agent
    
    (i.e., the "Location" header value containing the three octets %xE2 %x80 %x9D).
    
    Change-Id: I14a3e94013d584e793fad24196f1f01cd411be55
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91610
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx b/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx
index 8ac37f2524c0..68f24f440d94 100644
--- a/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx
+++ b/ucb/source/ucp/webdav-neon/NeonHeadRequest.cxx
@@ -53,8 +53,14 @@ void process_headers( ne_request * req,
 #endif
     while ( ( cursor = ne_response_header_iterate( req, cursor,
                                                    &name, &value ) ) != nullptr ) {
-        OUString aHeaderName(name, strlen(name), RTL_TEXTENCODING_ASCII_US);
-        OUString aHeaderValue(value, strlen(value), RTL_TEXTENCODING_ASCII_US);
+        // The HTTP header `field-name` must be a `token`, which can only contain a subset of ASCII;
+        // assume that Neon will already have rejected any invalid data, so that it is guaranteed
+        // that `name` is ASCII-only:
+        OUString aHeaderName( OUString::createFromAscii( name ) );
+        // The HTTP header `field-value` may contain obsolete (as per RFC 7230) `obs-text` non-ASCII
+        // %x80-FF octets, lets preserve them as individual characters in `aHeaderValue` by treating
+        // `value` as ISO 8859-1:
+        OUString aHeaderValue(value, strlen(value), RTL_TEXTENCODING_ISO_8859_1);
 
         SAL_INFO( "ucb.ucp.webdav", "HEAD - received header: " << aHeaderName << ":" << aHeaderValue);

More information about the Libreoffice-commits mailing list