[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser/tor-browser-24.5.0esr-1] Make the CONNECT Host header the same as the Request-URI.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx, tbb-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor-browser/tor-browser-24.5.0esr-1] Make the CONNECT Host header the same as the Request-URI.
From: mikeperry@xxxxxxxxxxxxxx
Date: Thu, 5 Jun 2014 10:20:06 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Jun 2014 06:20:18 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Fifield <david@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit dbbe17313416ab3b17e9d05009026c1c4a37a273
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Sat May 31 16:59:11 2014 -0700

    Make the CONNECT Host header the same as the Request-URI.
    
    It's possible to construct a request where the Host header differs from
    the authority in the URL, for example in an extension with
    nsIHttpChannel and setRequestHeader. MakeConnectString generates a
    host:port string for the CONNECT Request-Line, but peeks into the
    tunneled request in order to copy the Host header to the proxy request.
    
    Instead, use the same host:port string for Host as is used in the
    Request-URI, to avoid revealing the plaintext of the Host header outside
    of the tunnel.
    
    Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4.
---
 netwerk/protocol/http/nsHttpConnection.cpp |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp
index 695f8a5..25ad335 100644
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@@ -1466,12 +1466,9 @@ nsHttpConnection::SetupProxyConnect()
     request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive"));
     request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));
 
-    val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host);
-    if (val) {
-        // all HTTP/1.1 requests must include a Host header (even though it
-        // may seem redundant in this case; see bug 82388).
-        request.SetHeader(nsHttp::Host, nsDependentCString(val));
-    }
+    // all HTTP/1.1 requests must include a Host header (even though it
+    // may seem redundant in this case; see bug 82388).
+    request.SetHeader(nsHttp::Host, buf);
 
     val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
     if (val) {

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbutton/master] Bug #11510: about:tor should not report success if no tor.
Next by Author: [tor-commits] [tor-browser/tor-browser-24.5.0esr-4.x-1] Make the CONNECT Host header the same as the Request-URI.
Previous by thread: [tor-commits] [tor-browser-bundle/maint-3.6] Bug 11630: Make rules.sqlite deterministic.
Next by thread: [tor-commits] [tor-browser/tor-browser-24.5.0esr-4.x-1] Make the CONNECT Host header the same as the Request-URI.
Index(es):
- Author
- Thread