From c580af37e0bae96b5ef5ae13960742afe22d949e Mon Sep 17 00:00:00 2001
From: yang-g <yangg@google.com>
Date: Thu, 15 Sep 2016 15:28:38 -0700
Subject: Add a check for metadata from auth plugin

---
 .../credentials/plugin/plugin_credentials.c        | 25 ++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

(limited to 'src/core/lib')

diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.c b/src/core/lib/security/credentials/plugin/plugin_credentials.c
index 824ff081dc..905de3723e 100644
--- a/src/core/lib/security/credentials/plugin/plugin_credentials.c
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.c
@@ -37,6 +37,7 @@
 
 #include "src/core/lib/surface/api_trace.h"
 
+#include <grpc/grpc.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
@@ -71,17 +72,33 @@ static void plugin_md_request_metadata_ready(void *request,
           error_details);
   } else {
     size_t i;
+    bool seen_illegal_header = false;
     grpc_credentials_md *md_array = NULL;
-    if (num_md > 0) {
+    for (i = 0; i < num_md; i++) {
+      if (!grpc_header_key_is_legal(md[i].key, strlen(md[i].key))) {
+        gpr_log(GPR_ERROR, "Plugin added invalid metadata key: %s", md[i].key);
+        seen_illegal_header = true;
+        break;
+      } else if (!grpc_is_binary_header(md[i].key, strlen(md[i].key)) &&
+                 !grpc_header_nonbin_value_is_legal(md[i].value,
+                                                    md[i].value_length)) {
+        gpr_log(GPR_ERROR, "Plugin added invalid metadata value.");
+        seen_illegal_header = true;
+        break;
+      }
+    }
+    if (seen_illegal_header) {
+      r->cb(&exec_ctx, r->user_data, NULL, 0, GRPC_CREDENTIALS_ERROR,
+            "Illegal metadata");
+    } else if (num_md > 0) {
       md_array = gpr_malloc(num_md * sizeof(grpc_credentials_md));
       for (i = 0; i < num_md; i++) {
         md_array[i].key = gpr_slice_from_copied_string(md[i].key);
         md_array[i].value =
             gpr_slice_from_copied_buffer(md[i].value, md[i].value_length);
       }
-    }
-    r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK, NULL);
-    if (md_array != NULL) {
+      r->cb(&exec_ctx, r->user_data, md_array, num_md, GRPC_CREDENTIALS_OK,
+            NULL);
       for (i = 0; i < num_md; i++) {
         gpr_slice_unref(md_array[i].key);
         gpr_slice_unref(md_array[i].value);
-- 
cgit v1.2.3