Ticket #12146: 0001-Make-the-CONNECT-Host-header-the-same-as-the-Request.patch

File 0001-Make-the-CONNECT-Host-header-the-same-as-the-Request.patch, 1.9 KB (added by dcf, 5 years ago)

Backport of Firefox patch to Tor Browser.

  • netwerk/protocol/http/nsHttpConnection.cpp

    From ab72a96a043e7781d0b8ce439f086218f9d50cd1 Mon Sep 17 00:00:00 2001
    From: David Fifield <david@bamsoftware.com>
    Date: Sat, 31 May 2014 16:59:11 -0700
    Subject: [PATCH] Make the CONNECT Host header the same as the Request-URI.
    It's possible to construct a request where the Host header differs from
    the authority in the URL, for example in an extension with
    nsIHttpChannel and setRequestHeader. MakeConnectString generates a
    host:port string for the CONNECT Request-Line, but peeks into the
    tunneled request in order to copy the Host header to the proxy request.
    Instead, use the same host:port string for Host as is used in the
    Request-URI, to avoid revealing the plaintext of the Host header outside
    of the tunnel.
    Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4.
     netwerk/protocol/http/nsHttpConnection.cpp | 9 +++------
     1 file changed, 3 insertions(+), 6 deletions(-)
    diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp
    index 695f8a5..25ad335 100644
    a b nsHttpConnection::SetupProxyConnect() 
    14661466    request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive"));
    14671467    request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));
    1469     val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host);
    1470     if (val) {
    1471         // all HTTP/1.1 requests must include a Host header (even though it
    1472         // may seem redundant in this case; see bug 82388).
    1473         request.SetHeader(nsHttp::Host, nsDependentCString(val));
    1474     }
     1469    // all HTTP/1.1 requests must include a Host header (even though it
     1470    // may seem redundant in this case; see bug 82388).
     1471    request.SetHeader(nsHttp::Host, buf);
    14761473    val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
    14771474    if (val) {