Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=keeler, a=npotb
authorCykesiopka <cykesiopka.bmo@gmail.com>
Fri, 18 Mar 2016 19:47:54 -0700
changeset 311864 fe549690f10476d5794800fc2cfdb8c11cf01925
parent 311863 ce0f864c5ecd64d451f66a1e1dbb3eacefa4fbba
child 311865 0f4558f9f4ffa6c1d90f5a72e0f7a11051af72a2
push id40
push userphilringnalda@gmail.com
push dateSat, 19 Mar 2016 02:48:09 +0000
treeherdermozilla-esr45@fe549690f104 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, npotb
bugs1253958
milestone45.0.1esrpre
Bug 1253958 - Make getHSTSPreloadList.js and genHPKPStaticPins.js gracefully handle trailing whitespace in URL entries. r=keeler, a=npotb
security/manager/tools/genHPKPStaticPins.js
security/manager/tools/getHSTSPreloadList.js
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -384,16 +384,21 @@ function downloadAndParseChromePins(file
     // HSTS entry only
     if (!entry.pins) {
       return;
     }
     let pinsetName = cData.substitute_pinsets[entry.pins];
     if (!pinsetName) {
       pinsetName = entry.pins;
     }
+
+    // We trim the entry name here to avoid breaking hostname comparisons in the
+    // HPKP implementation.
+    entry.name = entry.name.trim();
+
     let isProductionDomain =
       (cData.production_domains.indexOf(entry.name) != -1);
     let isProductionPinset =
       (cData.production_pinsets.indexOf(pinsetName) != -1);
     let excludeDomain =
       (cData.exclude_domains.indexOf(entry.name) != -1);
     let isTestMode = !isProductionPinset && !isProductionDomain;
     if (entry.pins && !excludeDomain && chromeImportedPinsets[entry.pins]) {
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -99,19 +99,22 @@ function download() {
 
 function getHosts(rawdata) {
   var hosts = [];
 
   if (!rawdata || !rawdata.entries) {
     throw "ERROR: source data not formatted correctly: 'entries' not found";
   }
 
-  for (entry of rawdata.entries) {
+  for (let entry of rawdata.entries) {
     if (entry.mode && entry.mode == "force-https") {
       if (entry.name) {
+        // We trim the entry name here to avoid malformed URI exceptions when we
+        // later try to connect to the domain.
+        entry.name = entry.name.trim();
         entry.retries = MAX_RETRIES;
         entry.originalIncludeSubdomains = entry.include_subdomains;
         hosts.push(entry);
       } else {
         throw "ERROR: entry not formatted correctly: no name found";
       }
     }
   }