Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler, a=ritu DONTBUILD
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sun, 06 Mar 2016 16:02:52 -0800
changeset 323365 ff51ee15fa46de9a0ed027244f848c9a132628aa
parent 323364 86409dd59088ff71bcf9fd5a4bf0013dbd244220
child 323366 aaa3cdd45ed3a3b00da3fb4ed5024055d3d955c1
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler, ritu
bugs1253958
milestone47.0a2
Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=dkeeler, a=ritu DONTBUILD MozReview-Commit-ID: Kyc7JzxVEo0
security/manager/tools/genHPKPStaticPins.js
security/manager/tools/getHSTSPreloadList.js
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -361,16 +361,21 @@ function downloadAndParseChromePins(file
     // HSTS entry only
     if (!entry.pins) {
       return;
     }
     let pinsetName = cData.substitute_pinsets[entry.pins];
     if (!pinsetName) {
       pinsetName = entry.pins;
     }
+
+    // We trim the entry name here to avoid breaking hostname comparisons in the
+    // HPKP implementation.
+    entry.name = entry.name.trim();
+
     let isProductionDomain =
       (cData.production_domains.indexOf(entry.name) != -1);
     let isProductionPinset =
       (cData.production_pinsets.indexOf(pinsetName) != -1);
     let excludeDomain =
       (cData.exclude_domains.indexOf(entry.name) != -1);
     let isTestMode = !isProductionPinset && !isProductionDomain;
     if (entry.pins && !excludeDomain && chromeImportedPinsets[entry.pins]) {
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -92,19 +92,22 @@ function download() {
 function getHosts(rawdata) {
   var hosts = [];
 
   if (!rawdata || !rawdata.entries) {
     throw new Error("ERROR: source data not formatted correctly: 'entries' " +
                     "not found");
   }
 
-  for (entry of rawdata.entries) {
+  for (let entry of rawdata.entries) {
     if (entry.mode && entry.mode == "force-https") {
       if (entry.name) {
+        // We trim the entry name here to avoid malformed URI exceptions when we
+        // later try to connect to the domain.
+        entry.name = entry.name.trim();
         entry.retries = MAX_RETRIES;
         entry.originalIncludeSubdomains = entry.include_subdomains;
         hosts.push(entry);
       } else {
         throw new Error("ERROR: entry not formatted correctly: no name found");
       }
     }
   }