Fix for bug 9608. adding check that tokenized header is valid.

Review URL: http://codereview.chromium.org/60008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13050 0039d316-1c4b-4281-b951-d872f2087c98
jiongle1 · Apr 2, 2009 · ce3bd9e · ce3bd9e
1 parent dbf6380
commit ce3bd9e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/net/http/http_auth.cc b/net/http/http_auth.cc
@@ -55,8 +55,12 @@ void HttpAuth::CreateAuthHandler(const std::string& challenge,
                                  scoped_refptr<HttpAuthHandler>* handler) {
   // Find the right auth handler for the challenge's scheme.
   ChallengeTokenizer props(challenge.begin(), challenge.end());
-  scoped_refptr<HttpAuthHandler> tmp_handler;
+  if (!props.valid()) {
+    *handler = NULL;
+    return;
+  }
 
+  scoped_refptr<HttpAuthHandler> tmp_handler;
   if (LowerCaseEqualsASCII(props.scheme(), "basic")) {
     tmp_handler = new HttpAuthHandlerBasic();
   } else if (LowerCaseEqualsASCII(props.scheme(), "digest")) {

diff --git a/net/http/http_auth_unittest.cc b/net/http/http_auth_unittest.cc
@@ -39,6 +39,13 @@ TEST(HttpAuthTest, ChooseBestChallenge) {
 
       // Pick Digset over Basic
       "DigestRealm",
+    },
+    {
+      "Y: Digest realm=\"X\", nonce=\"aaaaaaaaaa\"\n"
+      "www-authenticate:\n",
+
+      // Handle null header value.
+      "",
     }
   };